From yashodhan.barve at gmail.com Tue Jul 1 00:44:12 2008 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Tue Jul 1 00:44:19 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: References: <48469ABC.6010208@gmail.com> Message-ID: <48696FCC.3010508@gmail.com> Henry Kwan wrote: > Yashodhan Barve gmail.com> writes: > >> I was thinking of having a common mailbox in exchange to which users >> would move SPAM & HAM and then I would POP it and feed it to sa-learn. >> >> So what is a good approach that works? and how do I automate it? > > Hi, > > What did you end up doing? > > I'm trying to figure out how to do the same thing on my Exchange 2007 setup. > I've setup a public folder that my users can dump ham/spam into but I'm not sure > what the next step is. How do I enable that public folder for IMAP so I can run > some of the scripts that everyone mentions whenever I google? Or alternative, > how I convert all of the .msg's into a format that sa-learn can use? > > Thanks. > > The client had a Exchange 2003 setup. So I took the advice offered by the list members and ended up creating public folders ham/spam and the pull the email via imap. You will have to enable IMAP4 for Exchnage 2007 (look in services) then you should be able to do the same. I have a test exchange 2007 setup. I will try it on that and post an update if anything different needs to be done. regards, yashodhan From marcel-ml at irc-addicts.de Tue Jul 1 01:45:34 2008 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue Jul 1 01:46:18 2008 Subject: Question regarding sendmail Message-ID: Hi there, currently i am receiving the following line within my maillog: alias database /etc/aliases.db out of date I just deleted aliases.db and rebuild it. Still the same. I am running sendmail 8.13.4 with MailScanner and milter-gris and milter-null from Snertsoft.. Any ideas around here? Would be glad to get some help. Thanks in advance Greetings Marcel From marcel-ml at irc-addicts.de Tue Jul 1 01:55:03 2008 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue Jul 1 01:55:50 2008 Subject: Forget my last mail Message-ID: Gosh, it is way to late to do something.. :( Sorry for the stupid question.. and good night.. Marcel From alex at rtpty.com Tue Jul 1 01:58:14 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 1 01:58:41 2008 Subject: Question regarding sendmail In-Reply-To: References: Message-ID: Don't feed the list Nazis... That's an MTA issue... Seriously, your /etc/aliases is what that file is created from. That file may have a weird date. Your system itself might also have a weird date. Check those and see. Sent from my iPhone On Jun 30, 2008, at 7:45 PM, Marcel Blenkers wrote: > Hi there, > > currently i am receiving the following line within my maillog: > > alias database /etc/aliases.db out of date > > I just deleted aliases.db and rebuild it. > > Still the same. > > I am running sendmail 8.13.4 with MailScanner and milter-gris and > milter-null from Snertsoft.. > > Any ideas around here? > > Would be glad to get some help. > > Thanks in advance > > Greetings > > Marcel > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 1 09:10:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 1 09:11:15 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: References: Message-ID: <4869E662.4000806@ecs.soton.ac.uk> Jonas Akrouh Larsen wrote: > > Hi all (Jules) > > For some time i have been wondering if what I want to do is possible > with MailScanner. > > I use the mailwatch database for white and blacklisting. > > For those not using mailwatch this means I set > > Is Definitely Not Spam = &SQLWhitelist > > Is Definitely Spam = &SQLBlacklist > > Which makes mailscanner do a lookup to check if a mail is white or > blacklisted. > > Now what has always wondered me is why both white and blacklisted mail > are STILL processed through spamassin regardless of their status. > That should only happen if you have asked to always get a SpamAssassin report. > > My logic is: If something is blacklisted I do not want to waste > resources on scanning it, since it won?t be delivered anyway. > > The reverse can be true for some locations I guess, ie. Not wanting to > scan white listed mails. > > At the very least I think it would make sense to make it an option, so > those with plenty of resources to spare can keep stats etc accurate by > still scanning the mails. > > So my question is: Can I make mailscanner 4.70.7-1 do this, or is it > not possible do save cpu/ram/network in this way with the current code? > > I guess maybe Jules is the best to answer, but I?m sure somebody else > might know as well. > > Best regards > > Jonas A. Larsen > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From henker at evendi.de Tue Jul 1 09:30:19 2008 From: henker at evendi.de (Steffan Henke) Date: Tue Jul 1 09:30:39 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: I am still debugging my SpamAssassin problems - meanwhile I noticed that the only rules that ever increase the score are Botnet and one KAM rule: SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP 2.00) SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, autolearn=disabled, BOTNET 2.00) - the majority of all emails is still not marked at all - which is the reason I disabled autolearning by now: SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, autolearn=disabled) SA itself is working as it always was, spamd is running in combination with spamass-milter. I wonder why still no tests show up in MailScanner however: 10:27:20 [13867] dbg: check: tests= 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST Regards, Steffan From martinh at solidstatelogic.com Tue Jul 1 11:59:25 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 1 11:59:36 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: Message-ID: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> Stefan If you're calling Spamassassin from spamass-milter why are you calling it again from mailScanner?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steffan Henke > Sent: 01 July 2008 09:30 > To: MailScanner discussion > Subject: Re: SpamAssassin 3.2.5 woes > > > I am still debugging my SpamAssassin problems - meanwhile I > noticed that the only rules that ever increase the score are > Botnet and one KAM rule: > > SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP > 2.00) > SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, > autolearn=disabled, BOTNET 2.00) > > - the majority of all emails is still not marked at all - > which is the reason I disabled autolearning by now: > > SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, > autolearn=disabled) > > SA itself is working as it always was, spamd is running in > combination with spamass-milter. > > I wonder why still no tests show up in MailScanner however: > > 10:27:20 [13867] dbg: check: tests= > 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST > > Regards, > > Steffan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Jul 1 12:24:28 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 1 12:24:54 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: <486A13EC.2090108@ecs.soton.ac.uk> Steffan Henke wrote: > > I am still debugging my SpamAssassin problems - meanwhile I noticed > that the only rules that ever increase the score are Botnet and one > KAM rule: > > SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP > 2.00) > SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, > autolearn=disabled, BOTNET 2.00) > > - the majority of all emails is still not marked at all - which is the > reason I disabled autolearning by now: > > SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, > autolearn=disabled) > > SA itself is working as it always was, spamd is running in combination > with spamass-milter. > > I wonder why still no tests show up in MailScanner however: > > 10:27:20 [13867] dbg: check: tests= > 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST This is odd. I use exactly the same MailScanner distribution as the rest of you, and the same SA install as you, and mine are working fine. Can we start collecting evidence to try to discern some commonality between these systems where it's not working please? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue Jul 1 12:35:16 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 1 12:36:55 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> Message-ID: <87D86EE8-4D06-45FD-9529-D0CF10D31635@rtpty.com> Maybe to filter out stuff on a "first pass" before it gets to MS and then more finely or specifically (i.e. Rulesets) later? I've used some unorthodox methods before, depending on needs. I remember using clamavmilter way back when viruses outnumbered spam to ease the load. Sent from my iPhone On Jul 1, 2008, at 5:59 AM, "Martin.Hepworth" wrote: > Stefan > > If you're calling Spamassassin from spamass-milter why are you > calling it again from mailScanner?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Steffan Henke >> Sent: 01 July 2008 09:30 >> To: MailScanner discussion >> Subject: Re: SpamAssassin 3.2.5 woes >> >> >> I am still debugging my SpamAssassin problems - meanwhile I >> noticed that the only rules that ever increase the score are >> Botnet and one KAM rule: >> >> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP >> 2.00) >> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, >> autolearn=disabled, BOTNET 2.00) >> >> - the majority of all emails is still not marked at all - >> which is the reason I disabled autolearning by now: >> >> SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, >> autolearn=disabled) >> >> SA itself is working as it always was, spamd is running in >> combination with spamass-milter. >> >> I wonder why still no tests show up in MailScanner however: >> >> 10:27:20 [13867] dbg: check: tests= >> 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST >> >> Regards, >> >> Steffan >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From henker at evendi.de Tue Jul 1 12:52:38 2008 From: henker at evendi.de (Steffan Henke) Date: Tue Jul 1 12:52:56 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> Message-ID: On Tue, 1 Jul 2008, Martin.Hepworth wrote: > If you're calling Spamassassin from spamass-milter why are you calling it again from mailScanner?? Martin, I use spamass-milter as a first measure. Emails having a rather high score are rejected immediately with a rather simple ruleset. After that, emails that passed the milter are processed by MailScanner. Regards, Steffan From henker at evendi.de Tue Jul 1 13:45:10 2008 From: henker at evendi.de (Steffan Henke) Date: Tue Jul 1 13:45:19 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <486A13EC.2090108@ecs.soton.ac.uk> References: <486A13EC.2090108@ecs.soton.ac.uk> Message-ID: On Tue, 1 Jul 2008, Julian Field wrote: > Can we start collecting evidence to try to discern some commonality between > these systems where it's not working please? Julian the only spamassassin part that shows up as modified is: rpm -qV spamassassin S.5....T c /etc/rc.d/init.d/spamassassin - I usually modify the startup script to use a TMPDIR on /dev/shm. Apart from that, I even ran a diff over /usr/lib/MailScanner between the two systems: diff -qr /usr/lib/MailScanner /backups/MailScanner Files /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm and /backups/MailScanner/MailScanner/CustomFunctions/MailWatch.pm differ - nothing else... Regards, Steffan From alex at rtpty.com Tue Jul 1 13:59:42 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 1 14:00:04 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com> Message-ID: <6DE70561-EFE8-4E96-925D-09B4B8E38FC5@rtpty.com> Told you so! :-) makes sense... Sent from my iPhone On Jul 1, 2008, at 6:52 AM, Steffan Henke wrote: > On Tue, 1 Jul 2008, Martin.Hepworth wrote: > >> If you're calling Spamassassin from spamass-milter why are you >> calling it again from mailScanner?? > > Martin, > > I use spamass-milter as a first measure. Emails having a rather high > score are rejected immediately with a rather simple ruleset. > After that, emails that passed the milter are processed by > MailScanner. > > Regards, > > Steffan > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 1 15:08:24 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 1 15:08:42 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: <486A13EC.2090108@ecs.soton.ac.uk> Message-ID: <486A3A58.5030500@ecs.soton.ac.uk> Steffan Henke wrote: > On Tue, 1 Jul 2008, Julian Field wrote: > > >> Can we start collecting evidence to try to discern some commonality >> between these systems where it's not working please? > > Julian > > the only spamassassin part that shows up as modified is: > > rpm -qV spamassassin > S.5....T c /etc/rc.d/init.d/spamassassin - I usually modify the > startup script to use a TMPDIR on /dev/shm. Just mount /tmp using tmpfs, you don't need to mess with /dev/shm, that's only really there as an example, as far as I'm concerned. Check that whatever user you are running MailScanner as, can actually read all the SpamAssasssin rules. Dodgy permissions somewhere near the top of the /var/lib/spamasssassin(?) tree would break it fairly well. > > Apart from that, I even ran a diff over /usr/lib/MailScanner between > the two systems: > diff -qr /usr/lib/MailScanner /backups/MailScanner > Files /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > and /backups/MailScanner/MailScanner/CustomFunctions/MailWatch.pm differ > > - nothing else... > > Regards, > > Steffan > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jcputter at centerweb.co.za Tue Jul 1 15:47:04 2008 From: jcputter at centerweb.co.za (JC Putter) Date: Tue Jul 1 15:48:20 2008 Subject: New to mailscanner Message-ID: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> Hi Does mailscanner send out an email to users says they have email in they're quarantine ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/07dd206c/attachment.html From prandal at herefordshire.gov.uk Tue Jul 1 16:35:07 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jul 1 16:35:30 2008 Subject: New to mailscanner In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> It can do, but there are a few good reasons why it shouldn't. First off, there's not much point in replacing incoming spam emails by emails from MailScanner. You might as well just deliver it all and let the user decide. Secondly, a lot of the subject lines in spam are deeply offensive to various people, so even telling end users the email subject lines could be troublesome. MailWatch can be configured to send users summary reports of what's been blocked, but see above. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of JC Putter Sent: 01 July 2008 15:47 To: mailscanner@lists.mailscanner.info Subject: New to mailscanner Hi Does mailscanner send out an email to users says they have email in they're quarantine ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/21375081/attachment.html From ssilva at sgvwater.com Tue Jul 1 16:52:40 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jul 1 16:53:07 2008 Subject: Health update In-Reply-To: <48661B72.3030207@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <48625894.9020703@utwente.nl> <48661B72.3030207@ecs.soton.ac.uk> Message-ID: on 6-28-2008 4:07 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-25-2008 7:39 AM Peter Peters spake the following: >>> Glenn Steen wrote on 13-6-2008 23:20: >>> >>>> Same here... Well. Haven't donated any organs (yet), and some of them >>>> are really shoddy... But I do carry my donor card with me at all >>>> times... Who knows when time is up?! >>> >>> My girlfriend does not feel to good about the idea of them cutting into >>> me after I am dead. I am still trying to convince her. >> >> What is she going to do? Have you freeze-dried and prop you up in the >> corner? >> >> Tell her that it is a way for a part of you to live on after your gone. >> >>> >>> At the meantime I donate blood every 3 to 4 months and will start >>> donating blood plasm in a short while. >> >> I had to stop for a while as my blood pressure is too high for their >> liking, but not high enough for the doctor to put me on meds. But here >> is my donor card, and since I will most likely be cremated, my wife >> doesn't have a problem with it. > I don't know if anyone here understands blood pressure figures, but > here's a couple to make you laugh. I normally have very low blood > pressure, and have to live on beta-blockers as well, which lower it > further. > > Up and walking around the house, some paramedics once measured me (and > checked it as they didn't believe it) at 64/45. The last time I had an > endoscopy, it dropped to 65/39. That had them a little worried, to put > it mildly, but I had warned them in advance that this does tend to > happen. I've now had 31 endoscopies, and I know exactly how my body > reacts to them, i.e. not kindly :-) Who reacts to them well? Not the most fun way to spend an afternoon! And they have the gall to tell you to relax! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/d2fc839a/signature.bin From ssilva at sgvwater.com Tue Jul 1 16:54:51 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jul 1 16:55:10 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <486541B0.30200@vanderkooij.org> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> <486541B0.30200@vanderkooij.org> Message-ID: on 6-27-2008 12:38 PM Hugo van der Kooij spake the following: > Scott Silva wrote: > > | I think that Hugo V. was experimenting with setting up a repo for > | mailscanner with a dummy package that had all the requires, but I > | haven't heard any more about it. > | It worked pretty well until rpmforge released an incompatible perl > module. > > The surname is definitely not V. Alphabetically my surname starts with a K. > > Once this whole moving business is done and everything is more or less > in place again I will see if I can setup a more up-to-date repo. Perhaps > even manage to keep it up-to-date. > > Hugo van der Kooij. > Sorry Hugo! Got in a hurry, and fat fingered it. No excuse... Apologies.. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/144b9de7/signature.bin From ssilva at sgvwater.com Tue Jul 1 17:25:16 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jul 1 17:25:49 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: References: <48688627.3080900@alexb.ch> <48688CD0.4000808@vanderkooij.org> Message-ID: on 6-30-2008 4:20 AM Alex Neuman spake the following: > What's the general experience with, say, RPMPAN? > I use cpan2rpm on many packages if I can't find them somewhere else first. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/f54b715d/signature.bin From richard.siddall at elirion.net Tue Jul 1 17:50:27 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Jul 1 17:51:04 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: References: <48688627.3080900@alexb.ch> <48688CD0.4000808@vanderkooij.org> Message-ID: <486A6053.8010203@elirion.net> Scott Silva wrote: > on 6-30-2008 4:20 AM Alex Neuman spake the following: >> What's the general experience with, say, RPMPAN? >> > I use cpan2rpm on many packages if I can't find them somewhere else first. > I use ovid (http://search.cpan.org/~gyepi/Ovid-0.12/) as it will build RPMs of the dependencies. I'm intending to try cpanspec (http://cpanspec.sourceforge.net/) as (according to the author) it checks a repository to see if the RPM already exists before building it. Regards, Richard From dnsadmin at 1bigthink.com Tue Jul 1 18:00:49 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Jul 1 18:01:24 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> <486541B0.30200@vanderkooij.org> Message-ID: <200807011700.m61H0x5S002454@mxt.1bigthink.com> At 11:54 AM 7/1/2008, you wrote: >on 6-27-2008 12:38 PM Hugo van der Kooij spake the following: >>Scott Silva wrote: >>| I think that Hugo V. was experimenting with setting up a repo for >>| mailscanner with a dummy package that had all the requires, but I >>| haven't heard any more about it. >>| It worked pretty well until rpmforge released an incompatible perl module. >>The surname is definitely not V. Alphabetically my surname starts with a K. >>Once this whole moving business is done and everything is more or less >>in place again I will see if I can setup a more up-to-date repo. Perhaps >>even manage to keep it up-to-date. >>Hugo van der Kooij. >Sorry Hugo! Got in a hurry, and fat fingered it. No excuse... > >Apologies.. I was listening in and didn't know that any how.. being the Ugly American that I am.. but I like learning <|;>). -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jcputter at centerweb.co.za Tue Jul 1 19:39:37 2008 From: jcputter at centerweb.co.za (JC Putter) Date: Tue Jul 1 19:40:54 2008 Subject: New to mailscanner References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> Message-ID: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> Hi Again Thank for the quick answer, i have a another question: if you compare mailscanner to amavis-new which is better catching spam? both uses DCC,Razor,Pyzor and Spamassassin? i am busy building a mailgateway with ubuntu, mailscanner and postfix...for the first time Thanks ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Randal, Phil Sent: Tue 2008/07/01 05:35 PM To: MailScanner discussion Subject: RE: New to mailscanner It can do, but there are a few good reasons why it shouldn't. First off, there's not much point in replacing incoming spam emails by emails from MailScanner. You might as well just deliver it all and let the user decide. Secondly, a lot of the subject lines in spam are deeply offensive to various people, so even telling end users the email subject lines could be troublesome. MailWatch can be configured to send users summary reports of what's been blocked, but see above. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of JC Putter Sent: 01 July 2008 15:47 To: mailscanner@lists.mailscanner.info Subject: New to mailscanner Hi Does mailscanner send out an email to users says they have email in they're quarantine ? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 6284 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/111144fa/attachment.bin From ecasarero at gmail.com Tue Jul 1 19:53:23 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Jul 1 19:53:32 2008 Subject: OT: Run MScanner in a virtualized environment. Message-ID: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> Hi guys, i know that it's not recomendable to run MS on virtualized HW because of it's high cpu/io load. However, i'm doing some research because my boss required it. What products do you think that will work best? VMware? Xen? The objective is that it has to be simple and quick to deploy. Also will be useful in case the HW dies, so you quickly can have the emails flowing (may be with delay, but working), until HW gets repaired. We all know that installing MS servers takes a while, so having a pre-installed image will reduce times. Any thoughts? Everything will be appreciated. Eduardo. From drew.marshall at technologytiger.net Tue Jul 1 20:38:21 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Tue Jul 1 20:38:47 2008 Subject: New to mailscanner In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> Message-ID: <3684A5C8-7F40-47DE-A577-475F067125E9@technologytiger.net> On 1 Jul 2008, at 19:39, JC Putter wrote: > Hi Again > > Thank for the quick answer, i have a another question: > > if you compare mailscanner to amavis-new which is better catching > spam? both uses DCC,Razor,Pyzor and Spamassassin? > > i am busy building a mailgateway with ubuntu, mailscanner and > postfix...for the first time The answer to that question is neither. Both actually use SpamAssassin to catch the spam and what ever you can do with SA you can do with both. What you actually want to be comparing is extra features that each of the 'glue' (Glue because MS & Amavis both glue other applications together) processes offer e.g watermarking and look at the pros and cons to the different mail handling techniques i.e. batch over stream. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From J.Ede at birchenallhowden.co.uk Tue Jul 1 20:50:02 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jul 1 20:50:27 2008 Subject: Run MScanner in a virtualized environment. Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566BD5ECF@server02.bhl.local> We had a small scale virtual running mailscaner that happily did for a business of 30ish people and ran for about 3 years and was only retired last week so it is possible but the virtual did struggle and mail was sometimes slow going through it but that didn't really matter in that case. In that case it was a microsoft virtual environment and I think the virtual had just over 500MB to play with. jason -----Original Message----- From: Eduardo Casarero Sent: 01 July 2008 20:26 To: MailScanner discussion Subject: OT: Run MScanner in a virtualized environment. Hi guys, i know that it's not recomendable to run MS on virtualized HW because of it's high cpu/io load. However, i'm doing some research because my boss required it. What products do you think that will work best? VMware? Xen? The objective is that it has to be simple and quick to deploy. Also will be useful in case the HW dies, so you quickly can have the emails flowing (may be with delay, but working), until HW gets repaired. We all know that installing MS servers takes a while, so having a pre-installed image will reduce times. Any thoughts? Everything will be appreciated. Eduardo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Tue Jul 1 21:08:49 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 1 21:09:11 2008 Subject: New to mailscanner In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> Message-ID: <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> Amavis iirc is serial in nature, ms scales better, and is more flexible/configurable. Plus the creator is a swell guy, too! On the downside if you use postfix it can cause swapping. ;-) Sent from my iPhone On Jul 1, 2008, at 1:39 PM, "JC Putter" wrote: > Hi Again > > Thank for the quick answer, i have a another question: > > if you compare mailscanner to amavis-new which is better catching > spam? both uses DCC,Razor,Pyzor and Spamassassin? > > i am busy building a mailgateway with ubuntu, mailscanner and > postfix...for the first time > > Thanks > > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of > Randal, Phil > Sent: Tue 2008/07/01 05:35 PM > To: MailScanner discussion > Subject: RE: New to mailscanner > > > It can do, but there are a few good reasons why it shouldn't. > > First off, there's not much point in replacing incoming spam emails > by emails from MailScanner. You might as well just deliver it all > and let the user decide. > > Secondly, a lot of the subject lines in spam are deeply offensive to > various people, so even telling end users the email subject lines > could be troublesome. > > MailWatch can be configured to send users summary reports of what's > been blocked, but see above. > > Cheers, > > Phil > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info > ] On Behalf Of JC Putter > Sent: 01 July 2008 15:47 > To: mailscanner@lists.mailscanner.info > Subject: New to mailscanner > > > > Hi > > > > Does mailscanner send out an email to users says they have email in > they're quarantine ? > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ajcartmell at fonant.com Tue Jul 1 21:56:23 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Jul 1 21:56:44 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> Message-ID: > Hi guys, i know that it's not recomendable to run MS on virtualized HW > because of it's high cpu/io load. However, i'm doing some research > because my boss required it. I have it running on a high-powered Xen VPS (with 2G RAM available and eight processor cores shared between the VPS instances) and it works fine. Only processing ~800 messages per day so probably not a very useful test though. I'll be moving more mail through it soon, so might get to see how well it works then. My other server, non VPS but with the same memory but only twin processors, manages 10,000 messages per day without much problem. HTH, Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Tue Jul 1 22:07:38 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jul 1 22:07:53 2008 Subject: New to mailscanner In-Reply-To: <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> Message-ID: <486A9C9A.3060103@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Amavis iirc is serial in nature, ms scales better, and is more | flexible/configurable. Plus the creator is a swell guy, too! | | On the downside if you use postfix it can cause swapping. ;-) MS is an equal opportunity program. It eats as much memory with any other MTA. Darn Iphone user ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIapyZBvzDRVjxmYERArkRAJ9Bz8mSBSmIAcwuHd7ifpp4P/ze0ACfZYkw jlY3km64bsrsTuEFS9Sfp1c= =VKbQ -----END PGP SIGNATURE----- From glenn.steen at gmail.com Tue Jul 1 22:20:50 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jul 1 22:21:01 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <48625894.9020703@utwente.nl> <48661B72.3030207@ecs.soton.ac.uk> Message-ID: <223f97700807011420o6147f905idd4d1859df0c05cb@mail.gmail.com> 2008/7/1 Scott Silva : > on 6-28-2008 4:07 AM Julian Field spake the following: >> >> >> Scott Silva wrote: >>> >>> on 6-25-2008 7:39 AM Peter Peters spake the following: >>>> >>>> Glenn Steen wrote on 13-6-2008 23:20: >>>> >>>>> Same here... Well. Haven't donated any organs (yet), and some of them >>>>> are really shoddy... But I do carry my donor card with me at all >>>>> times... Who knows when time is up?! >>>> >>>> My girlfriend does not feel to good about the idea of them cutting into >>>> me after I am dead. I am still trying to convince her. >>> >>> What is she going to do? Have you freeze-dried and prop you up in the >>> corner? >>> >>> Tell her that it is a way for a part of you to live on after your gone. >>> >>>> >>>> At the meantime I donate blood every 3 to 4 months and will start >>>> donating blood plasm in a short while. >>> >>> I had to stop for a while as my blood pressure is too high for their >>> liking, but not high enough for the doctor to put me on meds. But here is my >>> donor card, and since I will most likely be cremated, my wife doesn't have a >>> problem with it. >> >> I don't know if anyone here understands blood pressure figures, but here's >> a couple to make you laugh. I normally have very low blood pressure, and >> have to live on beta-blockers as well, which lower it further. >> >> Up and walking around the house, some paramedics once measured me (and >> checked it as they didn't believe it) at 64/45. The last time I had an >> endoscopy, it dropped to 65/39. That had them a little worried, to put it >> mildly, but I had warned them in advance that this does tend to happen. I've >> now had 31 endoscopies, and I know exactly how my body reacts to them, i.e. >> not kindly :-) > > Who reacts to them well? Not the most fun way to spend an afternoon! And > they have the gall to tell you to relax! > Through the mouth is pure horror,I agree. The other end.... Is simpler to live with. One can actually tell 'em to hold it when it hurts too much... not an option with a hose down your gullet:-). Can't say I react good to them either... then again, as you say Scott.... Who does? Jules, what can one say....? It's a miracle enough oxygene permeates your body! How your brain can function as spectaularly as it does.... is beyond that!!! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at rtpty.com Tue Jul 1 23:02:57 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 1 23:03:18 2008 Subject: New to mailscanner In-Reply-To: <486A9C9A.3060103@vanderkooij.org> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> <486A9C9A.3060103@vanderkooij.org> Message-ID: Yes, but you know how concerned mr. VietseV enema is about those issues! Sent from my iPhone On Jul 1, 2008, at 4:07 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Neuman wrote: > | Amavis iirc is serial in nature, ms scales better, and is more > | flexible/configurable. Plus the creator is a swell guy, too! > | > | On the downside if you use postfix it can cause swapping. ;-) > > MS is an equal opportunity program. It eats as much memory with any > other MTA. > > Darn Iphone user ;-) > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIapyZBvzDRVjxmYERArkRAJ9Bz8mSBSmIAcwuHd7ifpp4P/ze0ACfZYkw > jlY3km64bsrsTuEFS9Sfp1c= > =VKbQ > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sodapopplus at hotmail.com Wed Jul 2 04:53:19 2008 From: sodapopplus at hotmail.com (Matthew B) Date: Wed Jul 2 04:53:30 2008 Subject: Digitally Signed Emails Message-ID: Hello Everyone, I am { Running onLinux sv1mail03.mydomain.com.au 2.6.18-53.1.19.el5 #1 SMP Wed May 7 08:22:53 EDT 2008 x86_64 x86_64 x86_64 GNU/LinuxThis is CentOS release 5 (Final)This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.69.9 } MailScanner and I am scanning all ingress and egress mail (Egress mail passed from an Exchange Server 2007) prior to scanning and delivery. The issue that I have is where some clients are Signing an email with a Digital Certificate (SMIME/SHA1/AES Certificate). When the email is passed through MailScanner it modifies the header and indeed the footer of the email, thus rendering the certificate invalid and throwing an error in the recipients email client. My question is: Is there an easy and simple way of ensuring that MailScanner does not manipulate signed emails? There is with AlterMIME, which is what we were originally using, however MailScanner seemed far more efficient and robust, with this one exception. If you would like any further detail, please let me know.. Cheers, Matt. _________________________________________________________________ Be part of history. Take part in Australia's first e-mail archive with Email Australia. http://emailaustralia.ninemsn.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/8f07b235/attachment-0001.html From hvdkooij at vanderkooij.org Wed Jul 2 08:20:27 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jul 2 08:20:36 2008 Subject: New to mailscanner In-Reply-To: References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> <486A9C9A.3060103@vanderkooij.org> Message-ID: <486B2C3B.3020803@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Yes, but you know how concerned mr. VietseV enema is about those issues! Wietse may be as Dutch as I am but. But that does not make him right all the time. ;-) Do you recall the debate between Linus and Tannenbaum? Being too principal can get you nowhere. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIayw4BvzDRVjxmYERAiOrAKCJ0y5ELLUYg+CgLGZ/vAEDzk28HwCfWyzy +wS8VNVG9qw4xM2xq6xxsJE= =V/kT -----END PGP SIGNATURE----- From arjan at anymore.nl Wed Jul 2 08:31:55 2008 From: arjan at anymore.nl (Arjan Schrijver) Date: Wed Jul 2 08:32:05 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> Message-ID: <486B2EEB.8020502@anymore.nl> Anthony Cartmell wrote: >> Hi guys, i know that it's not recomendable to run MS on virtualized HW >> because of it's high cpu/io load. However, i'm doing some research >> because my boss required it. > > I have it running on a high-powered Xen VPS (with 2G RAM available and > eight processor cores shared between the VPS instances) and it works > fine. Only processing ~800 messages per day so probably not a very > useful test though. I'll be moving more mail through it soon, so might > get to see how well it works then. My other server, non VPS but with > the same memory but only twin processors, manages 10,000 messages per > day without much problem. > Running OpenVZ here (no performance impact), on 4 virtual MailScanner servers. They each process about 40.000 messages a day, through both SpamAssassin and ClamAV. The hardware consists of four servers with 4x2GHz cores and 2GB RAM. Each server runs one container. The performance is exactly the same as when the same servers were running MailScanner natively (not virtualized). But this is of course only possible with OpenVZ or Virtuozzo, because it doesn't virtualize the complete hardware but only the kernel. Kind regards, Arjan From henker at evendi.de Wed Jul 2 09:16:43 2008 From: henker at evendi.de (Steffan Henke) Date: Wed Jul 2 09:16:56 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <486A3A58.5030500@ecs.soton.ac.uk> References: <486A13EC.2090108@ecs.soton.ac.uk> <486A3A58.5030500@ecs.soton.ac.uk> Message-ID: On Tue, 1 Jul 2008, Julian Field wrote: > Check that whatever user you are running MailScanner as, can actually read > all the SpamAssasssin rules. Dodgy permissions somewhere near the top of the > /var/lib/spamasssassin(?) tree would break it fairly well. Jules, thank you for your suggestions - however, MS runs as root. Since *some* rules (atm KAM.cf and Botnet.cf) are triggered, I assume, everything is accessible from MailScanner. When the textcat plugin is enabled, I see a couple of errors in the logs: textcat: languages filename not defined Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/TextCat.pm line 413 - but I don't think this is actually related to my problems. Disabling textcat made no real difference so far. Regards, Steffan From vpdose at kirchenweg.de Wed Jul 2 09:17:03 2008 From: vpdose at kirchenweg.de (Volker Dose) Date: Wed Jul 2 09:17:32 2008 Subject: Somtimes Spam-Mail are not recognized Message-ID: Hello, I run a linux mail-relay with Mailscanner 4.46.2-2 and use mailwatch-1.0.4 as Gui for maintenance. The server is al linux sles9 with postfix and I habe installed spamassassin 3.1.0 The systems runs very well and most of the spam mail is tagged. But today I realized, that somtime spammails get through. When I have a look in mailwatch, I see, that the mail is not tagged and in the section "Spam Report" the "Score" is "rebuilding". In the mail-log I can see, that MailScanner tagged the mail because of one RBL-check, but Spamassassion seems to sleep or? YOu can check your system,if you open the mailwatch-gui, check in "Reports" for "Spam Report contains 'rebuilding'". On my system, there are several mails every day, and it happens always at about 14:00. Yesterday from 14:15 until 14.16, the day before from 14:08 until 14:09 and so on. Has anybody any idea, why SA does not work? With kind regards, Volker Dose From list-mailscanner at linguaphone.com Wed Jul 2 09:36:37 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jul 2 10:01:08 2008 Subject: Somtimes Spam-Mail are not recognized In-Reply-To: References: Message-ID: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk> Go through your mailscanner configuration and configure it to perform the bayes rebuild (rather than spamassassin). Then enable the option to wait while the rebuild is in progress. On Wed, 2008-07-02 at 09:17, Volker Dose wrote: > Hello, > > I run a linux mail-relay with Mailscanner 4.46.2-2 and use mailwatch-1.0.4 > as Gui for maintenance. The server is al linux sles9 with postfix and I > habe installed spamassassin 3.1.0 > > The systems runs very well and most of the spam mail is tagged. > > But today I realized, that somtime spammails get through. When I have a look > in mailwatch, I see, that the mail is not tagged and in the section "Spam > Report" the "Score" is "rebuilding". > > In the mail-log I can see, that MailScanner tagged the mail because of one > RBL-check, but Spamassassion seems to sleep or? > > > > YOu can check your system,if you open the mailwatch-gui, check in "Reports" > for "Spam Report contains 'rebuilding'". On my system, there are several > mails every day, and it happens always at about 14:00. Yesterday from 14:15 > until 14.16, the day before from 14:08 until 14:09 and so on. > > Has anybody any idea, why SA does not work? > With kind regards, > > Volker Dose From telecaadmin at gmail.com Wed Jul 2 10:25:44 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Jul 2 10:28:15 2008 Subject: Somtimes Spam-Mail are not recognized In-Reply-To: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <486B4998.4040906@gmail.com> > Go through your mailscanner configuration and configure it to perform > the bayes rebuild (rather than spamassassin). Then enable the option to > wait while the rebuild is in progress. A quick paste of the config keys for Volker: MailScanner.cf: Wait During Bayes Rebuild = yes spam.assassin.prefs.conf: #bayes_auto_expire 0 Question - I do have the following set. And I get the feeling those defaults are just wrong: MailScanner.cf: Rebuild Bayes Every = 0 spam.assassin.prefs.conf: # FSL Note: we run Bayes expire from a cron job #bayes_auto_expire 0 MUST / SHOULD I set the Rebuild in MS (because there somehow is no cronjob fiddeling around with the bayes autoexpire)? I somehow did not find any conclusive information on that topic. Cheers, Ronny From henker at evendi.de Wed Jul 2 10:51:42 2008 From: henker at evendi.de (Steffan Henke) Date: Wed Jul 2 10:51:51 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: <486A13EC.2090108@ecs.soton.ac.uk> <486A3A58.5030500@ecs.soton.ac.uk> Message-ID: Looks like my system is working again as it was with SA 3.2.5... In the end, there was still an old process that never died. Upon killing the process Jun26 0:00 sendmail: sm-scanner and restarting MS, everything is OK again... Have a great day everybody and thank you for your suggestions ! /me updating MailScanner now :) Steffan From vpdose at kirchenweg.de Wed Jul 2 11:17:07 2008 From: vpdose at kirchenweg.de (Volker Dose) Date: Wed Jul 2 11:17:25 2008 Subject: Somtimes Spam-Mail are not recognized References: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk> <486B4998.4040906@gmail.com> Message-ID: Thank you very much - that sound very reasonable. I have changed the setting an wait, if it works now better. With kind regards, Volker Dose Ronny T. Lampert wrote: >> Go through your mailscanner configuration and configure it to perform >> the bayes rebuild (rather than spamassassin). Then enable the option to >> wait while the rebuild is in progress. > > A quick paste of the config keys for Volker: > > MailScanner.cf: > Wait During Bayes Rebuild = yes > > spam.assassin.prefs.conf: > #bayes_auto_expire 0 > > > Question - I do have the following set. And I get the feeling those > defaults are just wrong: > > > MailScanner.cf: > Rebuild Bayes Every = 0 > > spam.assassin.prefs.conf: > # FSL Note: we run Bayes expire from a cron job > #bayes_auto_expire 0 > > > MUST / SHOULD I set the Rebuild in MS (because there somehow is no > cronjob fiddeling around with the bayes autoexpire)? > I somehow did not find any conclusive information on that topic. > > > Cheers, > Ronny From kte at nexis.be Wed Jul 2 11:24:27 2008 From: kte at nexis.be (kte@nexis.be) Date: Wed Jul 2 11:24:38 2008 Subject: Milter-ahead configuration problem I still have the same problem Message-ID: Hallo How do I configure the milter-ahead on sendmail, because I always go looks like a local recipient, skipping Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 4 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 3 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 euid=501 egid =501 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright 2004, 200 5 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, 2005 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB 4.2.52: (January 7, 2007) Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like a local recipient, skipping [root@mail ~]# more /etc/mail/mailertable nexis.be esmtp:[mailserver.nexis.be] [root@mail ~]# more /etc/mail/access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY nexis.be RELAY mx record refers to our real mailserver where can I disable that he says it looks like a local recipient?? sendmail.mc FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl FEATURE(`greet_pause',6500)dnl sinclude(`/etc/mail/dnsbl.mc')dnl sinclude(`/etc/mail/milter-ahead.mc')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock' )dnl define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl milter-ahead.cf -m -c 86400 -f /etc/mail/sendmail.cf unix:/var/run/milter/milter-ahead.socket Koen Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/ffecfc93/attachment.html From alex at rtpty.com Wed Jul 2 13:03:05 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jul 2 13:03:21 2008 Subject: Digitally Signed Emails In-Reply-To: References: Message-ID: Find a characteristic which only exists on signed e-mails. Create a custom function that returns "no" for signed e-mails, then use Scan Messages = &MyCustomFunctionThatScansForSignedEmails ... or whatever you called it. I'm just "talking out of my rear" on this one, since I've never done this myself, but if I follow the logic so far, this is what would need to be done, right? On Jul 1, 2008, at 10:53 PM, Matthew B wrote: > My question is: Is there an easy and simple way of ensuring that > MailScanner does not manipulate signed emails? From alex at rtpty.com Wed Jul 2 13:10:35 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jul 2 13:10:47 2008 Subject: New to mailscanner In-Reply-To: <486B2C3B.3020803@vanderkooij.org> References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal> <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk> <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal> <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com> <486A9C9A.3060103@vanderkooij.org> <486B2C3B.3020803@vanderkooij.org> Message-ID: <48A8D6C5-E08A-4135-934C-5C35E1DF7501@rtpty.com> He's the exception. We are the rule. Regards, Alex Neuman *van der Hans* ... ;-) On Jul 2, 2008, at 2:20 AM, Hugo van der Kooij wrote: > Wietse may be as Dutch as I am but. But that does not make him right > all > the time. ;-) From jra at baylink.com Wed Jul 2 13:58:05 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jul 2 13:58:24 2008 Subject: use_bayes not working In-Reply-To: <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com> References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org> <48622231.70704@marcsnet.com> <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com> Message-ID: <20080702125805.GB26290@cgi.jachomes.com> On Thu, Jun 26, 2008 at 05:57:27AM +1000, Marc Lucke wrote: > First thing I tried when spamassassin broke. > > Marc Lucke marcsnet.com> writes: > > > >> > >> spamassassin broke completely. sa-learn didn't work. Perhaps there's a > >> Perl version / rpm version conflict? > >> > > > > Perhaps you can try installing MS and SA again? Then perhaps run a debug > > session to see what outputs at that point? > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > That's exactly what your posting looked like when it got to me, Marc. If you could, to make reader's lives a bit easier, could you 1) Find the HTML mail knob on your mailer, and turn it off (expita.com/nomime.html) 2) Not top post 3) Trim your quotes to exclude the list trailer and such? It makes your postings much easier to follow, and will probably increase your chances of getting your problem solved. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From jonas at vrt.dk Wed Jul 2 14:51:45 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Wed Jul 2 14:52:02 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: <4869E662.4000806@ecs.soton.ac.uk> References: <4869E662.4000806@ecs.soton.ac.uk> Message-ID: <00bc01c8dc4a$c44bc610$4ce35230$@dk> >> Now what has always wondered me is why both white and blacklisted mail >> are STILL processed through spamassin regardless of their status. >> >That should only happen if you have asked to always get a SpamAssassin >report. If you mean the spamassassin report that's inserted into mail headers so you can see which checks was run and what score was given, then I do indeed always get that. Do you mean that if I change Always Include SpamAssassin Report = yes to no, then a hit on the whitelist/blacklist will mean MS skips the SA check? From jra at baylink.com Wed Jul 2 14:56:28 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jul 2 14:56:38 2008 Subject: filename.rules.conf - .bmp In-Reply-To: References: <20080627183953.GK22330@cgi.jachomes.com> Message-ID: <20080702135628.GC26290@cgi.jachomes.com> On Fri, Jun 27, 2008 at 12:27:34PM -0800, Kevin Miller wrote: > Jay R. Ashworth wrote: > > My boss has just nattered at me because he tried to send along to a > > third party a .bmp file sent to *him* by his attorney. > > > > Brushing aside for the moment all the obvious questions like "why > > would > > an attorney be sending out a .bmp file?", we're left with "if > > MailScanner is intercepting this filetype on the way *out* of our > > mail system, why isn't it intercepting it on the way *in*, too?" > > > > Is that really direction sensitive? > > I don't think it normally cares, but you can configure direction > specific rule sets. Maybe your predecessor got it backwards or > whitelisted it for inbound? Possibly, I guess. I'm going to look around a little further... once I get done blowing in 600 feet of fiber to replace the 300 feet of -5e that's running across the neighbor's roof to our other building... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From jra at baylink.com Wed Jul 2 15:29:08 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jul 2 15:29:18 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: <48688627.3080900@alexb.ch> References: <48688627.3080900@alexb.ch> Message-ID: <20080702142908.GD26290@cgi.jachomes.com> On Mon, Jun 30, 2008 at 09:07:19AM +0200, Alex Broens wrote: > On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum > upgrade" MailScanner refused to start due to > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > a "cpan upgrade IO" fixed it BUT as others have stated, if we start > seeing frequent module version issues, Julian's "easy & safe" package > becomes questionable. > > comments? Ah... dependency hell. My favorite solution to this problem was the makedeps/testdeps approach I saw in one of my favorite packages, but I don't remember which one it was... While I'm babbling on, though, I'd like to see some more commentary concerning on-machine upgrades, and specifically, what effort there has been made to make backing out such updates easier if they fail without having to have a second machine. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From dyioulos at firstbhph.com Wed Jul 2 16:04:38 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jul 2 16:05:06 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" Message-ID: <200807021104.40057.dyioulos@firstbhph.com> Hi all. I hope it's OK to ask this here of you bright people, as come up with no answer despite a mythic search: I recntly got a smart phone, primarily so that I could manage my network in an emergency if away from the office and a computer. (As an aside, using the mobile versions of OpenVPN, VNC, and Putty, among others, I'm able to do so quite nicely). As another peice, I'd like to connect to our Sendmail MTA (used in conjuction with MailScanner, MailWatch, Spamassassin, clamav, Synonym) for emailing purposes. I've tried a few different MUA's, and can receive mail, but am unable to send it. The error at the seerver is: Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA I feel I should know how to configure my mail system to accept mail from this source, but I don't. Any help would be appreciated. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jul 2 16:20:16 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 2 16:20:42 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: <00bc01c8dc4a$c44bc610$4ce35230$@dk> References: <4869E662.4000806@ecs.soton.ac.uk> <00bc01c8dc4a$c44bc610$4ce35230$@dk> Message-ID: on 7-2-2008 6:51 AM Jonas Akrouh Larsen spake the following: >>> Now what has always wondered me is why both white and blacklisted mail >>> are STILL processed through spamassin regardless of their status. >>> >> That should only happen if you have asked to always get a SpamAssassin >> report. > > If you mean the spamassassin report that's inserted into mail headers so you > can see which checks was run and what score was given, then I do indeed > always get that. > > Do you mean that if I change Always Include SpamAssassin Report = yes > to no, then a hit on the whitelist/blacklist will mean MS skips the SA > check? > > > Yes that should help. When you have "Always Include SpamAssassin Report = yes" then you always have to run a message through spamassassin to get that report. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/026805a5/signature.bin From alex at rtpty.com Wed Jul 2 17:05:03 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jul 2 17:05:29 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com> References: <200807021104.40057.dyioulos@firstbhph.com> Message-ID: Could be several issues. Have you tried setting up a port other than 25 and enabling authentication? Sent from my iPhone On Jul 2, 2008, at 10:04 AM, Dimitri Yioulos wrote: > Hi all. > > I hope it's OK to ask this here of you bright people, as come up > with no > answer despite a mythic search: > > I recntly got a smart phone, primarily so that I could manage my > network in an > emergency if away from the office and a computer. (As an aside, > using the > mobile versions of OpenVPN, VNC, and Putty, among others, I'm able > to do so > quite nicely). As another peice, I'd like to connect to our Sendmail > MTA > (used in conjuction with MailScanner, MailWatch, Spamassassin, clamav, > Synonym) for emailing purposes. I've tried a few different MUA's, > and can > receive mail, but am unable to send it. The error at the seerver is: > > Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: > 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/ > VRFY/ETRN > during connection to MTA > > I feel I should know how to configure my mail system to accept mail > from this > source, but I don't. Any help would be appreciated. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 2 18:17:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 2 18:17:52 2008 Subject: New feature -- antiword support Message-ID: <486BB82A.30306@ecs.soton.ac.uk> Hi folks! I felt a bit bored at home this afternoon, supposedly having a day off... So I added support for the "antiword" program. Basically what MailScanner can now do is find *.doc files attached to your email messages, convert them to plain text (with a bit of *highlighting* like that) and add the text as new attachments to the messages. This means that when someone mails you a simple Word doc, you don't have to save the attachment, possibly switch OS and computer, and crank up Word just to read a few lines of text. The "ChangeLog" tells you how to use it. Basically install antiword from http://www.winfield.demon.nl/ (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) then set "Add Text Of Doc = yes" to your MailScanner.conf (having run upgrade_MailScanner_conf of course!). And you're away. Have fun, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jul 2 18:19:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 2 18:19:23 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <48625894.9020703@utwente.nl> <48661B72.3030207@ecs.soton.ac.uk> Message-ID: <486BB889.2030602@ecs.soton.ac.uk> Glenn Steen wrote: > 2008/7/1 Scott Silva : > >> on 6-28-2008 4:07 AM Julian Field spake the following: >> >>> Scott Silva wrote: >>> >>>> on 6-25-2008 7:39 AM Peter Peters spake the following: >>>> >>>>> Glenn Steen wrote on 13-6-2008 23:20: >>>>> >>>>> >>>>>> Same here... Well. Haven't donated any organs (yet), and some of them >>>>>> are really shoddy... But I do carry my donor card with me at all >>>>>> times... Who knows when time is up?! >>>>>> >>>>> My girlfriend does not feel to good about the idea of them cutting into >>>>> me after I am dead. I am still trying to convince her. >>>>> >>>> What is she going to do? Have you freeze-dried and prop you up in the >>>> corner? >>>> >>>> Tell her that it is a way for a part of you to live on after your gone. >>>> >>>> >>>>> At the meantime I donate blood every 3 to 4 months and will start >>>>> donating blood plasm in a short while. >>>>> >>>> I had to stop for a while as my blood pressure is too high for their >>>> liking, but not high enough for the doctor to put me on meds. But here is my >>>> donor card, and since I will most likely be cremated, my wife doesn't have a >>>> problem with it. >>>> >>> I don't know if anyone here understands blood pressure figures, but here's >>> a couple to make you laugh. I normally have very low blood pressure, and >>> have to live on beta-blockers as well, which lower it further. >>> >>> Up and walking around the house, some paramedics once measured me (and >>> checked it as they didn't believe it) at 64/45. The last time I had an >>> endoscopy, it dropped to 65/39. That had them a little worried, to put it >>> mildly, but I had warned them in advance that this does tend to happen. I've >>> now had 31 endoscopies, and I know exactly how my body reacts to them, i.e. >>> not kindly :-) >>> >> Who reacts to them well? Not the most fun way to spend an afternoon! And >> they have the gall to tell you to relax! >> >> > Through the mouth is pure horror,I agree. The other end.... Is simpler > to live with. One can actually tell 'em to hold it when it hurts too > much... not an option with a hose down your gullet:-). > I've had the other version done a couple of times, it's not half as bad. > Can't say I react good to them either... then again, as you say > Scott.... Who does? > Indeed! > Jules, what can one say....? It's a miracle enough oxygene permeates > your body! How your brain can function as spectaularly as it does.... > is beyond that!!! > Aw shucks... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From david at gnsa.us Wed Jul 2 18:23:38 2008 From: david at gnsa.us (David Nalley) Date: Wed Jul 2 18:23:54 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: Busman's Holiday huh? I have often wondered about finding a way to run MCP against the content in Word and Excel files, perhaps antiword can be used for such an endeavour. On Wed, Jul 2, 2008 at 1:17 PM, Julian Field wrote: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached to your > email messages, convert them to plain text (with a bit of *highlighting* > like that) and add the text as new attachments to the messages. > This means that when someone mails you a simple Word doc, you don't have to > save the attachment, possibly switch OS and computer, and crank up Word just > to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having run > upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/32b7a379/attachment.html From ssilva at sgvwater.com Wed Jul 2 18:28:38 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 2 18:28:40 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: on 7-2-2008 10:17 AM Julian Field spake the following: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached to > your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to the > messages. > This means that when someone mails you a simple Word doc, you don't have > to save the attachment, possibly switch OS and computer, and crank up > Word just to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having run > upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > I can't imagine what you might add if you had a week off! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/1433535d/signature.bin From MailScanner at ecs.soton.ac.uk Wed Jul 2 18:38:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 2 18:38:54 2008 Subject: New feature -- antiword support In-Reply-To: References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: <486BBD07.4000109@ecs.soton.ac.uk> David Nalley wrote: > Busman's Holiday huh? > I have often wondered about finding a way to run MCP against the > content in Word and Excel files, perhaps antiword can be used for such > an endeavour. You already can. Read the end of the "Patches" section at http://www.mailscanner.info/mcp.html#patches > > On Wed, Jul 2, 2008 at 1:17 PM, Julian Field > > wrote: > > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day > off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached > to your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to > the messages. > This means that when someone mails you a simple Word doc, you > don't have to save the attachment, possibly switch OS and > computer, and crank up Word just to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install > antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having > run upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Wed Jul 2 18:45:29 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jul 2 18:45:50 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: <10204EF6-22D5-495F-91CC-F089A435A812@rtpty.com> Cool! Sent from my iPhone On Jul 2, 2008, at 12:17 PM, Julian Field wrote: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day > off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached > to your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to the > messages. > This means that when someone mails you a simple Word doc, you don't > have to save the attachment, possibly switch OS and computer, and > crank up Word just to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install antiword > from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having > run upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Wed Jul 2 19:38:33 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jul 2 19:38:44 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day > off... An afternoon off & bored? Don't they have fishing south of Scotland? ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ajcartmell at fonant.com Wed Jul 2 20:10:38 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Jul 2 20:10:52 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: > I felt a bit bored at home this afternoon, supposedly having a day off... Have a few more days off on me :) > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached to > your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to the > messages. Genius! I've been gnashing my teeth at a problem where some people are sending Word documents as e-mail messages that I want to read with a PHP script. If I AntiWord them with MailScanner into text/plain, my script will find them perfectly :) Jules, many thanks for a most useful addition to a most useful tool! :) Cheers! Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Wed Jul 2 20:12:26 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Jul 2 20:12:38 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: > The "ChangeLog" tells you how to use it. Basically install antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having run > upgrade_MailScanner_conf of course!). FWIW "yum install antiword" works on Fedora for me :) Anthony -- www.fonant.com - Quality web sites From rob at kettle.org.uk Wed Jul 2 23:13:59 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Jul 2 23:14:25 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: <486BFDA7.7020004@kettle.org.uk> Julian Field wrote: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached to > your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to the > messages. > This means that when someone mails you a simple Word doc, you don't > have to save the attachment, possibly switch OS and computer, and > crank up Word just to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having run > upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > Hi, if I enable the new feature then MailScanner runs at almost 100% when any email arrives. Nothing gets processed. Disable thus feature and normal processing happens. MailScanner --lint shows no errors. (Centos 5.2 system). Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Wed Jul 2 23:26:58 2008 From: ka at pacific.net (Ken A) Date: Wed Jul 2 23:27:04 2008 Subject: New feature -- antiword support In-Reply-To: <486BFDA7.7020004@kettle.org.uk> References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk> Message-ID: <486C00B2.3020104@pacific.net> Rob Kettle wrote: > Julian Field wrote: >> Hi folks! >> >> I felt a bit bored at home this afternoon, supposedly having a day off... >> >> So I added support for the "antiword" program. >> Basically what MailScanner can now do is find *.doc files attached to >> your email messages, convert them to plain text (with a bit of >> *highlighting* like that) and add the text as new attachments to the >> messages. >> This means that when someone mails you a simple Word doc, you don't >> have to save the attachment, possibly switch OS and computer, and >> crank up Word just to read a few lines of text. >> >> The "ChangeLog" tells you how to use it. Basically install antiword from >> http://www.winfield.demon.nl/ >> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) >> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run >> upgrade_MailScanner_conf of course!). >> >> And you're away. >> >> Have fun, >> >> Jules >> > Hi, > > if I enable the new feature then MailScanner runs at almost 100% when > any email arrives. Nothing gets processed. Disable thus feature and > normal processing happens. > > MailScanner --lint shows no errors. (Centos 5.2 system). > > Rob > Seeing the same thing here. All mail gets passed through SA, then put back in the incoming queue and so on.... Ken -- Ken Anderson Pacific.Net From rob at kettle.org.uk Thu Jul 3 08:02:57 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Thu Jul 3 08:04:00 2008 Subject: New feature -- antiword support In-Reply-To: <486C00B2.3020104@pacific.net> References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk> <486C00B2.3020104@pacific.net> Message-ID: <486C79A1.5050309@kettle.org.uk> Ken A wrote: > Rob Kettle wrote: >> Julian Field wrote: >>> Hi folks! >>> >>> I felt a bit bored at home this afternoon, supposedly having a day >>> off... >>> >>> So I added support for the "antiword" program. >>> Basically what MailScanner can now do is find *.doc files attached >>> to your email messages, convert them to plain text (with a bit of >>> *highlighting* like that) and add the text as new attachments to the >>> messages. >>> This means that when someone mails you a simple Word doc, you don't >>> have to save the attachment, possibly switch OS and computer, and >>> crank up Word just to read a few lines of text. >>> >>> The "ChangeLog" tells you how to use it. Basically install antiword >>> from >>> http://www.winfield.demon.nl/ >>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) >>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having >>> run upgrade_MailScanner_conf of course!). >>> >>> And you're away. >>> >>> Have fun, >>> >>> Jules >>> >> Hi, >> >> if I enable the new feature then MailScanner runs at almost 100% when >> any email arrives. Nothing gets processed. Disable thus feature and >> normal processing happens. >> >> MailScanner --lint shows no errors. (Centos 5.2 system). >> >> Rob >> > > Seeing the same thing here. All mail gets passed through SA, then put > back in the incoming queue and so on.... > Ken > Yup. That pretty much sums up what is happening with mine. Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jul 3 08:40:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 08:40:59 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: <486A13EC.2090108@ecs.soton.ac.uk> <486A3A58.5030500@ecs.soton.ac.uk> Message-ID: <486C8269.6080709@ecs.soton.ac.uk> When I want to shutdown MailScanner and sendmail together, I have to admit that I occasionally resort to service MailScanner stop service sendmail stop The difference being that the MailScanner line stops sendmail listeners etc and won't let them start up any new processes, but leaves existing SMTP connections open. The sendmail line terminates all active connections and kills *all* sendmail processes. Not a very tidy thing to do in my view, which is why I haven't incorporated it into the MailScanner stop script, but occasionally it is necessary. Steffan Henke wrote: > > Looks like my system is working again as it was with SA 3.2.5... > In the end, there was still an old process that never died. > Upon killing the process Jun26 0:00 sendmail: sm-scanner > and restarting MS, everything is OK again... > > Have a great day everybody and thank you for your suggestions ! > > /me updating MailScanner now :) > > Steffan > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jul 3 08:42:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 08:43:11 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: References: <4869E662.4000806@ecs.soton.ac.uk> Message-ID: <486C82EA.9010705@ecs.soton.ac.uk> Jonas Akrouh Larsen wrote: >>> Now what has always wondered me is why both white and blacklisted mail >>> are STILL processed through spamassin regardless of their status. >>> >>> >> That should only happen if you have asked to always get a SpamAssassin >> report. >> > > If you mean the spamassassin report that's inserted into mail headers so you > can see which checks was run and what score was given, then I do indeed > always get that. > > Do you mean that if I change Always Include SpamAssassin Report = yes > to no, then a hit on the whitelist/blacklist will mean MS skips the SA > check? > Correct. You asked to always get a report, so it's giving you one :-) Don't ask it to, and it won't :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jul 3 08:43:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 08:44:24 2008 Subject: New feature -- antiword support In-Reply-To: References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk> <486C00B2.3020104@pacific.net> Message-ID: <486C832E.60102@ecs.soton.ac.uk> Rob Kettle wrote: > > > Ken A wrote: >> Rob Kettle wrote: >>> Julian Field wrote: >>>> Hi folks! >>>> >>>> I felt a bit bored at home this afternoon, supposedly having a day >>>> off... >>>> >>>> So I added support for the "antiword" program. >>>> Basically what MailScanner can now do is find *.doc files attached >>>> to your email messages, convert them to plain text (with a bit of >>>> *highlighting* like that) and add the text as new attachments to >>>> the messages. >>>> This means that when someone mails you a simple Word doc, you don't >>>> have to save the attachment, possibly switch OS and computer, and >>>> crank up Word just to read a few lines of text. >>>> >>>> The "ChangeLog" tells you how to use it. Basically install antiword >>>> from >>>> http://www.winfield.demon.nl/ >>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) >>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having >>>> run upgrade_MailScanner_conf of course!). >>>> >>>> And you're away. >>>> >>>> Have fun, >>>> >>>> Jules >>>> >>> Hi, >>> >>> if I enable the new feature then MailScanner runs at almost 100% >>> when any email arrives. Nothing gets processed. Disable thus feature >>> and normal processing happens. >>> >>> MailScanner --lint shows no errors. (Centos 5.2 system). >>> >>> Rob >>> >> >> Seeing the same thing here. All mail gets passed through SA, then put >> back in the incoming queue and so on.... >> Ken >> > > Yup. That pretty much sums up what is happening with mine. And what happens with a MailScanner --debug ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jul 3 09:00:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 09:00:42 2008 Subject: New feature -- antiword support In-Reply-To: References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk> <486C00B2.3020104@pacific.net> Message-ID: <486C870C.7050903@ecs.soton.ac.uk> Julian Field wrote: > > > Rob Kettle wrote: >> >> >> Ken A wrote: >>> Rob Kettle wrote: >>>> Julian Field wrote: >>>>> Hi folks! >>>>> >>>>> I felt a bit bored at home this afternoon, supposedly having a day >>>>> off... >>>>> >>>>> So I added support for the "antiword" program. >>>>> Basically what MailScanner can now do is find *.doc files attached >>>>> to your email messages, convert them to plain text (with a bit of >>>>> *highlighting* like that) and add the text as new attachments to >>>>> the messages. >>>>> This means that when someone mails you a simple Word doc, you >>>>> don't have to save the attachment, possibly switch OS and >>>>> computer, and crank up Word just to read a few lines of text. >>>>> >>>>> The "ChangeLog" tells you how to use it. Basically install >>>>> antiword from >>>>> http://www.winfield.demon.nl/ >>>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) >>>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having >>>>> run upgrade_MailScanner_conf of course!). >>>>> >>>>> And you're away. >>>>> >>>>> Have fun, >>>>> >>>>> Jules >>>>> >>>> Hi, >>>> >>>> if I enable the new feature then MailScanner runs at almost 100% >>>> when any email arrives. Nothing gets processed. Disable thus >>>> feature and normal processing happens. >>>> >>>> MailScanner --lint shows no errors. (Centos 5.2 system). >>>> >>>> Rob >>>> >>> >>> Seeing the same thing here. All mail gets passed through SA, then >>> put back in the incoming queue and so on.... >>> Ken >>> >> >> Yup. That pretty much sums up what is happening with mine. > And what happens with a > MailScanner --debug > ? > Cockup on my part. I forgot an "svn update" before I built the release. I am just putting up 4.71.2-2 as I type. There's one extra line in /usr/sbin/MailScanner. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at kettle.org.uk Thu Jul 3 09:35:36 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Thu Jul 3 09:36:40 2008 Subject: New feature -- antiword support In-Reply-To: <486C870C.7050903@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk> <486C00B2.3020104@pacific.net> <486C870C.7050903@ecs.soton.ac.uk> Message-ID: <486C8F58.3080809@kettle.org.uk> Julian Field wrote: > > > Julian Field wrote: >> >> >> Rob Kettle wrote: >>> >>> >>> Ken A wrote: >>>> Rob Kettle wrote: >>>>> Julian Field wrote: >>>>>> Hi folks! >>>>>> >>>>>> I felt a bit bored at home this afternoon, supposedly having a >>>>>> day off... >>>>>> >>>>>> So I added support for the "antiword" program. >>>>>> Basically what MailScanner can now do is find *.doc files >>>>>> attached to your email messages, convert them to plain text (with >>>>>> a bit of *highlighting* like that) and add the text as new >>>>>> attachments to the messages. >>>>>> This means that when someone mails you a simple Word doc, you >>>>>> don't have to save the attachment, possibly switch OS and >>>>>> computer, and crank up Word just to read a few lines of text. >>>>>> >>>>>> The "ChangeLog" tells you how to use it. Basically install >>>>>> antiword from >>>>>> http://www.winfield.demon.nl/ >>>>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) >>>>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having >>>>>> run upgrade_MailScanner_conf of course!). >>>>>> >>>>>> And you're away. >>>>>> >>>>>> Have fun, >>>>>> >>>>>> Jules >>>>>> >>>>> Hi, >>>>> >>>>> if I enable the new feature then MailScanner runs at almost 100% >>>>> when any email arrives. Nothing gets processed. Disable thus >>>>> feature and normal processing happens. >>>>> >>>>> MailScanner --lint shows no errors. (Centos 5.2 system). >>>>> >>>>> Rob >>>>> >>>> >>>> Seeing the same thing here. All mail gets passed through SA, then >>>> put back in the incoming queue and so on.... >>>> Ken >>>> >>> >>> Yup. That pretty much sums up what is happening with mine. >> And what happens with a >> MailScanner --debug >> ? >> > Cockup on my part. I forgot an "svn update" before I built the > release. I am just putting up 4.71.2-2 as I type. There's one extra > line in /usr/sbin/MailScanner. > > Jules > Hi, that seems to have fixed the bug. thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Jul 3 10:03:56 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jul 3 10:04:35 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <486C8269.6080709@ecs.soton.ac.uk> References: <486A13EC.2090108@ecs.soton.ac.uk> <486A3A58.5030500@ecs.soton.ac.uk> <486C8269.6080709@ecs.soton.ac.uk> Message-ID: <486C95FC.6020506@nerc.ac.uk> Julian Field wrote: > When I want to shutdown MailScanner and sendmail together, I have to > admit that I occasionally resort to > service MailScanner stop > service sendmail stop or pkill -HUP sendmail -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From hvdkooij at vanderkooij.org Thu Jul 3 11:55:56 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jul 3 11:56:07 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com> References: <200807021104.40057.dyioulos@firstbhph.com> Message-ID: <486CB03C.6080902@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dimitri Yioulos wrote: | Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: | 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/VRFY/ETRN | during connection to MTA | | I feel I should know how to configure my mail system to accept mail from this | source, but I don't. Any help would be appreciated. I suggest you make a packet capture with tcpdump and take a good look at it. Perhaps you can then tell us what the exact SMTP communication is. Because the logs clearly indicates that the darn phone is not sticking to the SMTP standard. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIbLA5BvzDRVjxmYERAhZtAKCP2NgG+q9AHaDjIV3bSSyP0NSJdwCgrxto SacLmXRbac5L9ptRVHwkZqE= =umvP -----END PGP SIGNATURE----- From peter at farrows.org Thu Jul 3 13:35:10 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jul 3 13:35:34 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com> References: <200807021104.40057.dyioulos@firstbhph.com> Message-ID: <486CC77E.7090007@farrows.org> Dimitri Yioulos wrote: > Hi all. > > I hope it's OK to ask this here of you bright people, as come up with no > answer despite a mythic search: > > I recntly got a smart phone, primarily so that I could manage my network in an > emergency if away from the office and a computer. (As an aside, using the > mobile versions of OpenVPN, VNC, and Putty, among others, I'm able to do so > quite nicely). As another peice, I'd like to connect to our Sendmail MTA > (used in conjuction with MailScanner, MailWatch, Spamassassin, clamav, > Synonym) for emailing purposes. I've tried a few different MUA's, and can > receive mail, but am unable to send it. The error at the seerver is: > > Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: > 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/VRFY/ETRN > during connection to MTA > > I feel I should know how to configure my mail system to accept mail from this > source, but I don't. Any help would be appreciated. > > Dimitri > > When Sendmail reports this in the logs, it means that the sending agent disconnected prematurely without sending any (valid) response to the greeting. You can replicate the error by telneting to port 25 on the sendmail machine and then simply disconnecting before even beginning the smtp communication. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From jonas at vrt.dk Thu Jul 3 14:13:44 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Thu Jul 3 14:14:00 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: <486C82EA.9010705@ecs.soton.ac.uk> References: <4869E662.4000806@ecs.soton.ac.uk> <486C82EA.9010705@ecs.soton.ac.uk> Message-ID: <002301c8dd0e$9ef535d0$dcdfa170$@dk> >> Do you mean that if I change Always Include SpamAssassin Report = yes >> to no, then a hit on the whitelist/blacklist will mean MS skips the SA >> check? >> >Correct. >You asked to always get a report, so it's giving you one :-) Don't ask >it to, and it won't :-) > >Jules I guess it makes sense :) I just hadn't considered it. Thanks again, and get better soon. Best regards Jonas A. Larsen From dyioulos at firstbhph.com Thu Jul 3 14:23:25 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jul 3 14:23:50 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" In-Reply-To: <486CC77E.7090007@farrows.org> References: <200807021104.40057.dyioulos@firstbhph.com> <486CC77E.7090007@farrows.org> Message-ID: <200807030923.25416.dyioulos@firstbhph.com> On Thursday 03 July 2008 8:35 am, Peter Farrow wrote: > Dimitri Yioulos wrote: > > Hi all. > > > > I hope it's OK to ask this here of you bright people, as come up with no > > answer despite a mythic search: > > > > I recntly got a smart phone, primarily so that I could manage my network > > in an emergency if away from the office and a computer. (As an aside, > > using the mobile versions of OpenVPN, VNC, and Putty, among others, I'm > > able to do so quite nicely). As another peice, I'd like to connect to our > > Sendmail MTA (used in conjuction with MailScanner, MailWatch, > > Spamassassin, clamav, Synonym) for emailing purposes. I've tried a few > > different MUA's, and can receive mail, but am unable to send it. The > > error at the seerver is: > > > > Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: > > 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > I feel I should know how to configure my mail system to accept mail from > > this source, but I don't. Any help would be appreciated. > > > > Dimitri > > When Sendmail reports this in the logs, it means that the sending agent > disconnected prematurely without sending any (valid) response to the > greeting. > > You can replicate the error by telneting to port 25 on the sendmail > machine and then simply disconnecting before even beginning the smtp > communication. > > P. > > Thanks, Peter. Curious that no matter which MUA I use, I get the same response. Any idea how I would overcome the issue? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pedro.hoffmann at gmail.com Thu Jul 3 14:58:02 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jul 3 14:58:13 2008 Subject: Phishing Links Message-ID: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> When Mailscanner finds some phishing link, it puts a message that this link may be some phishing, but it don't remove the link. Is there a way to remove links that mailscanner thinks is phishing? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080703/af7d2068/attachment.html From peter at farrows.org Thu Jul 3 15:13:12 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jul 3 15:13:36 2008 Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN" In-Reply-To: <200807030923.25416.dyioulos@firstbhph.com> References: <200807021104.40057.dyioulos@firstbhph.com> <486CC77E.7090007@farrows.org> <200807030923.25416.dyioulos@firstbhph.com> Message-ID: <486CDE78.9020402@farrows.org> Dimitri Yioulos wrote: > On Thursday 03 July 2008 8:35 am, Peter Farrow wrote: > >> Dimitri Yioulos wrote: >> >>> Hi all. >>> >>> I hope it's OK to ask this here of you bright people, as come up with no >>> answer despite a mythic search: >>> >>> I recntly got a smart phone, primarily so that I could manage my network >>> in an emergency if away from the office and a computer. (As an aside, >>> using the mobile versions of OpenVPN, VNC, and Putty, among others, I'm >>> able to do so quite nicely). As another peice, I'd like to connect to our >>> Sendmail MTA (used in conjuction with MailScanner, MailWatch, >>> Spamassassin, clamav, Synonym) for emailing purposes. I've tried a few >>> different MUA's, and can receive mail, but am unable to send it. The >>> error at the seerver is: >>> >>> Jul 2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: >>> 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue >>> MAIL/EXPN/VRFY/ETRN during connection to MTA >>> >>> I feel I should know how to configure my mail system to accept mail from >>> this source, but I don't. Any help would be appreciated. >>> >>> Dimitri >>> >> When Sendmail reports this in the logs, it means that the sending agent >> disconnected prematurely without sending any (valid) response to the >> greeting. >> >> You can replicate the error by telneting to port 25 on the sendmail >> machine and then simply disconnecting before even beginning the smtp >> communication. >> >> P. >> >> >> > > Thanks, Peter. Curious that no matter which MUA I use, I get the same > response. Any idea how I would overcome the issue? > > Dimitri > > If you are using greetpause feature or have a reverse lookup for blacklists in your sendmail.mc it mail be causing a delay before your sendmail MTA issues its greeting, this delay may be too long for your MUA causing this to be logged as the MUA disconnects prior to the greeting. P. -- horizontal ruler Peter Farrow Inexcom Logo Inexcom Ltd Office: 08450 949 747 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.inexcom.co.uk Registered in England and Wales, number:05598456 -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From ka at pacific.net Thu Jul 3 15:50:21 2008 From: ka at pacific.net (Ken A) Date: Thu Jul 3 15:50:28 2008 Subject: New feature -- antiword support In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk> References: <486BB82A.30306@ecs.soton.ac.uk> Message-ID: <486CE72D.3090803@pacific.net> Julian Field wrote: > Hi folks! > > I felt a bit bored at home this afternoon, supposedly having a day off... > > So I added support for the "antiword" program. > Basically what MailScanner can now do is find *.doc files attached to > your email messages, convert them to plain text (with a bit of > *highlighting* like that) and add the text as new attachments to the > messages. > This means that when someone mails you a simple Word doc, you don't have > to save the attachment, possibly switch OS and computer, and crank up > Word just to read a few lines of text. > > The "ChangeLog" tells you how to use it. Basically install antiword from > http://www.winfield.demon.nl/ > (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html) > then set "Add Text Of Doc = yes" to your MailScanner.conf (having run > upgrade_MailScanner_conf of course!). > > And you're away. > > Have fun, > > Jules > This is working here now too. Thanks... A nice feature! It got me thinking.. (not always a good thing) When I saw this - # This can also be the filename of a ruleset. Antiword = /usr/bin/antiword -f It would be nice to have a way to associate a file extension with a converter, so that one could say things like: FileExt .doc %rules%/doc.conversion.rules You could do things like convert all bitmaps to jpegs, convert pdfs to text or to images. unzip and attach separately all zipped files (might be a problem here). A customer might like to convert all bitmaps that Aunt Mary sends to jpegs, and resize them to 640x480, and not keep the original bitmap attachments.. (thanks a lot Aunt Mary). I'd like to convert all inline images in spam to 1x1 pixel gifs. :-) Ken -- Ken Anderson Pacific.Net From ssilva at sgvwater.com Thu Jul 3 16:48:47 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 3 16:48:46 2008 Subject: Phishing Links In-Reply-To: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> Message-ID: on 7-3-2008 6:58 AM Pedro Bordin Hoffmann - [M]orpheus spake the following: > When Mailscanner finds some phishing link, it puts a message that this > link may be some phishing, but it don't remove the link. > > Is there a way to remove links that mailscanner thinks is phishing? > > Thanks! > But what if it is wrong? Then you have removed links that might be legitimate. Not all links that "look phishy" are phishing attempts. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080703/c28a9e4c/signature.bin From alex at rtpty.com Thu Jul 3 17:06:13 2008 From: alex at rtpty.com (Alex Neuman) Date: Thu Jul 3 17:06:58 2008 Subject: Phishing Links In-Reply-To: References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> Message-ID: And the corollary is... not all phishing attempts use links that "look phisy". B E A L E R T ! ! ! - The world needs more lerts. On Jul 3, 2008, at 10:48 AM, Scott Silva wrote: > Not all links that "look phishy" are phishing attempts. From mark at msapiro.net Thu Jul 3 17:10:47 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jul 3 17:10:58 2008 Subject: Message body lost when zip file quarantined Message-ID: <486CFA07.2070804@msapiro.net> Let me try this again. On June 30, Mark Sapiro wrote: > MailScanner-4.70.7-1 > > I'm sorry if this is a well known issue or a FAQ. I tried googling the > list archives and didn't see anything that seemed relevant. > > The issue is this: > > MailScanner is scanning a message with an attached .zip archive which > contains a number of .bat and .bat.bak files, other files and even > another zip archive which contains a single .bat file. > > Mailscanner detects all the .bat and .bat.bak files in the zip files, > sends a notice appropriately, and delivers the message with the > attachment removed. All well and good. The problems are: > > 1) not only the original .zip is quarantined, but so also are the > individual .bat, .bat.bak and .zip files extracted from the original > .zip (other files in the .zip with OK names are not). This is not a > major issue, but makes looking in the quarantine difficult as one > doesn't know what files were separately attached and what files were > just in the .zip. > > 2) The more serious issue is the original message body is also removed > from the delivered message, and it is not stored anywhere. So, is there some misconfiguration on my part that is causing the loss of the message body, or is this and the redundant files in quarantine the expected behavior? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Thu Jul 3 17:34:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 17:34:50 2008 Subject: Message body lost when zip file quarantined In-Reply-To: References: Message-ID: <486CFF8A.1070409@ecs.soton.ac.uk> Mark Sapiro wrote: > Let me try this again. > > On June 30, Mark Sapiro wrote: > >> MailScanner-4.70.7-1 >> >> I'm sorry if this is a well known issue or a FAQ. I tried googling the >> list archives and didn't see anything that seemed relevant. >> >> The issue is this: >> >> MailScanner is scanning a message with an attached .zip archive which >> contains a number of .bat and .bat.bak files, other files and even >> another zip archive which contains a single .bat file. >> >> Mailscanner detects all the .bat and .bat.bak files in the zip files, >> sends a notice appropriately, and delivers the message with the >> attachment removed. All well and good. The problems are: >> >> 1) not only the original .zip is quarantined, but so also are the >> individual .bat, .bat.bak and .zip files extracted from the original >> .zip (other files in the .zip with OK names are not). This is not a >> major issue, but makes looking in the quarantine difficult as one >> doesn't know what files were separately attached and what files were >> just in the .zip. >> >> 2) The more serious issue is the original message body is also removed >> from the delivered message, and it is not stored anywhere. > > > So, is there some misconfiguration on my part that is causing the loss > of the message body, or is this and the redundant files in quarantine > the expected behavior? > Number 2 is the one that interests me. Please can you send me a concrete example, preferably lifted straight out of a sendmail queue. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jul 3 21:23:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 21:23:59 2008 Subject: Non-English testers? Message-ID: <486D352F.1040002@ecs.soton.ac.uk> Hi folks, I wonder if a few non-English testers could try out 4.71.2 for me please? I want to see what happens if you set "Add Text Of Doc = yes" and try throwing some Word documents at it that have international characters in the filename. All comments gratefully received. Particularly if you manage to break it, of course. :-) Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Thu Jul 3 21:31:25 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jul 3 21:31:34 2008 Subject: Non-English testers? In-Reply-To: <486D352F.1040002@ecs.soton.ac.uk> References: <486D352F.1040002@ecs.soton.ac.uk> Message-ID: <486D371D.5040701@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | All comments gratefully received. | Particularly if you manage to break it, of course. :-) Breaking it is never a problem. Breaking it in a way to prove you wrong instead of showing my mistake is much harder. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIbTcbBvzDRVjxmYERAkxsAKCuZqw2TyoI+3dIkFfb66MgFfFD/gCeKu2e I1YgO75F8Gp9xUPhEUj2qA0= =JD41 -----END PGP SIGNATURE----- From alex at rtpty.com Thu Jul 3 21:38:24 2008 From: alex at rtpty.com (Alex Neuman) Date: Thu Jul 3 21:39:13 2008 Subject: Non-English testers? In-Reply-To: <486D352F.1040002@ecs.soton.ac.uk> References: <486D352F.1040002@ecs.soton.ac.uk> Message-ID: <0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com> As always, Google is your friend... And so am I! Don't have time to do a quick upgrade right now, so I can give you a tip instead. Search for filetype:doc in Google, and you get stuff like: http://www.aedtss.com/Palomeque.doc http://www.expoartigas.com/seguridad.doc http://www.adolfotaylhardat.net/lasituacionexplosivadevenezuela.doc (in Spanish) You can always rename them so not only content but filenames have Int'l characters in them. One other thing, if somebody here could be so kind to try out Office 2007 documents and/or Word documents with pictures and stuff embedded within which *themselves* have international characters... Well, just to be on the exaggerated safe side, if you catch my drift. On Jul 3, 2008, at 3:23 PM, Julian Field wrote: > Hi folks, > > I wonder if a few non-English testers could try out 4.71.2 for me > please? > I want to see what happens if you set "Add Text Of Doc = yes" and > try throwing some Word documents at it that have international > characters in the filename. > > All comments gratefully received. > Particularly if you manage to break it, of course. :-) > > Thanks! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 3 21:52:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 21:53:23 2008 Subject: Non-English testers? In-Reply-To: References: <486D352F.1040002@ecs.soton.ac.uk> Message-ID: <486D3C1B.9090604@ecs.soton.ac.uk> Alex Neuman wrote: > As always, Google is your friend... And so am I! > > Don't have time to do a quick upgrade right now, so I can give you a > tip instead. Search for filetype:doc in Google, and you get stuff like: > > http://www.aedtss.com/Palomeque.doc > http://www.expoartigas.com/seguridad.doc > http://www.adolfotaylhardat.net/lasituacionexplosivadevenezuela.doc > (in Spanish) > > You can always rename them so not only content but filenames have > Int'l characters in them. > > One other thing, if somebody here could be so kind to try out Office > 2007 documents and/or Word documents with pictures and stuff embedded > within which *themselves* have international characters... Well, just > to be on the exaggerated safe side, if you catch my drift. The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't support them. If anyone has a way of managing to read them, I would be very interested to hear it. Or even just some helpful ideas. > > > On Jul 3, 2008, at 3:23 PM, Julian Field wrote: > >> Hi folks, >> >> I wonder if a few non-English testers could try out 4.71.2 for me >> please? >> I want to see what happens if you set "Add Text Of Doc = yes" and try >> throwing some Word documents at it that have international characters >> in the filename. >> >> All comments gratefully received. >> Particularly if you manage to break it, of course. :-) >> >> Thanks! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Thu Jul 3 22:03:06 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jul 3 22:03:19 2008 Subject: Message body lost when zip file quarantined In-Reply-To: <486CFF8A.1070409@ecs.soton.ac.uk> Message-ID: Julian Field wrote:> > >Mark Sapiro wrote: >>> >>> MailScanner is scanning a message with an attached .zip archive which >>> contains a number of .bat and .bat.bak files, other files and even >>> another zip archive which contains a single .bat file. >>> >>> Mailscanner detects all the .bat and .bat.bak files in the zip files, >>> sends a notice appropriately, and delivers the message with the >>> attachment removed. All well and good. The problems are: >>> >>> 1) not only the original .zip is quarantined, but so also are the >>> individual .bat, .bat.bak and .zip files extracted from the original >>> .zip (other files in the .zip with OK names are not). This is not a >>> major issue, but makes looking in the quarantine difficult as one >>> doesn't know what files were separately attached and what files were >>> just in the .zip. >>> >>> 2) The more serious issue is the original message body is also removed >>> from the delivered message, and it is not stored anywhere. >> >> >> So, is there some misconfiguration on my part that is causing the loss >> of the message body, or is this and the redundant files in quarantine >> the expected behavior? >> >Number 2 is the one that interests me. Please can you send me a concrete >example, preferably lifted straight out of a sendmail queue. I use Postfix, not sendmail. Here's what I have: -The Postfix queue entry. -The raw message received via bcc without passing through MailScanner -The {Filename?} message delivered to the recipient after MailScanner -The notice sent as a result of 'Send Notices = yes' Which of these would you like (and may I send it/them off list)? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Thu Jul 3 22:43:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 3 22:43:50 2008 Subject: Message body lost when zip file quarantined In-Reply-To: References: Message-ID: <486D47F2.6050104@ecs.soton.ac.uk> Mark Sapiro wrote: > Julian Field wrote:> > >> Mark Sapiro wrote: >> >>>> MailScanner is scanning a message with an attached .zip archive which >>>> contains a number of .bat and .bat.bak files, other files and even >>>> another zip archive which contains a single .bat file. >>>> >>>> Mailscanner detects all the .bat and .bat.bak files in the zip files, >>>> sends a notice appropriately, and delivers the message with the >>>> attachment removed. All well and good. The problems are: >>>> >>>> 1) not only the original .zip is quarantined, but so also are the >>>> individual .bat, .bat.bak and .zip files extracted from the original >>>> .zip (other files in the .zip with OK names are not). This is not a >>>> major issue, but makes looking in the quarantine difficult as one >>>> doesn't know what files were separately attached and what files were >>>> just in the .zip. >>>> >>>> 2) The more serious issue is the original message body is also removed >>>> from the delivered message, and it is not stored anywhere. >>>> >>> So, is there some misconfiguration on my part that is causing the loss >>> of the message body, or is this and the redundant files in quarantine >>> the expected behavior? >>> >>> >> Number 2 is the one that interests me. Please can you send me a concrete >> example, preferably lifted straight out of a sendmail queue. >> > > > I use Postfix, not sendmail. > > Here's what I have: > > -The Postfix queue entry. > -The raw message received via bcc without passing through MailScanner > -The {Filename?} message delivered to the recipient after MailScanner > -The notice sent as a result of 'Send Notices = yes' > > Which of these would you like (and may I send it/them off list)? > All of the above please. Send them zipped up to mailscanner@ecs.soton.ac.uk. Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at openenterprise.ca Fri Jul 4 01:00:28 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Fri Jul 4 01:00:45 2008 Subject: Whitelists Still Not Working? Message-ID: <486D681C.4080104@openenterprise.ca> I sure hope someone can help with this. I have tried this list as well as the mailwatch list but have not had anyone respond with any helpful info. I am sure this must be pretty simple for those that know what they are doing. Here are the details. Most recent version of MS and MW running on CentOS 5x Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist And in the "Lists" section of MW, I have many domains listed as domain.com (without the @ or a specific adddress). Below is an example of whats listed in the "Lists" page of MW and it shows clearly that "futureshop.com" is listed. futureshop.com default Delete And here are the headers for a message that just came in and was tagged as SPAM. You can see that the from field is " From: Future Shop Newsletter " so why would this not be whitelisted? Can someone please suggest anything that might help? Received: from serendipity.mountainhosting.ca (serendipity.mountainhosting.ca [66.249.13.171]) by gateway.johnnystork.ca (8.13.8/8.13.8) with ESMTP id m63MMfgf003080 for ; Thu, 3 Jul 2008 15:22:42 -0700 Received: from [127.0.0.1] (helo=mail1536.mkt1336.com) by serendipity.mountainhosting.ca with esmtp (Exim 4.69) (envelope-from ) id 1KEXCK-0007kj-QO for stork@openenterprise.ca; Thu, 03 Jul 2008 15:22:41 -0700 Received: from mail1536.mkt1336.com ([208.85.55.19] helo=mail1536.mkt1336.com) by ASSP.nospam; 3 Jul 2008 15:22:40 -0700 Received: by mail1536.mkt1336.com (PowerMTA(TM) v3.2r17) id hdl8j00f65ge for ; Thu, 3 Jul 2008 18:22:33 -0400 (envelope-from ) Message-ID: <32554889.30563671215123753029.JavaMail.?@mx01.pdkp2> Date: Thu, 3 Jul 2008 18:22:33 -0400 (EDT) From: Future Shop Newsletter Reply-To: newsletter@futureshop.com To: stork@openenterprise.ca Subject: 7 Days of Deals are back! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_7063_5398324.1215123742149" x-mid: 137401 List-Unsubscribe: X-Assp-Delay: not delayed (auto accepted); 3 Jul 2008 15:22:40 -0700 X-Assp-Re-Red: bounce X-Assp-Message-Score: -10 (Home Country Bonus US - SILVERPOP SYSTEMS) X-Assp-Received-SPF: pass - Please see http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a%40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam: 208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19; envelope-from=v-cbilj_bgckiebc_fekkao_fekkao_a@bounce.mkt1336.com; helo=mail1536.mkt1336.com; X-Assp-Message/IP-Score: 5 (DNSBLneutral blackholes.five-ten-sg.com) X-Assp-Received-DNSBL: neutral (blackholes.five-ten-sg.com-> rm02 net bulk ; ) X-Assp-Message/IP-Score: 29 (Bayesian Probability: 1.0000) X-Assp-Spam-Level: **** X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - serendipity.mountainhosting.ca X-AntiAbuse: Original Domain - openenterprise.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - bounce.mkt1336.com X-Source: X-Source-Args: X-Source-Dir: From Kevin_Miller at ci.juneau.ak.us Fri Jul 4 01:22:02 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jul 4 01:22:19 2008 Subject: Whitelists Still Not Working? In-Reply-To: <486D681C.4080104@openenterprise.ca> References: <486D681C.4080104@openenterprise.ca> Message-ID: Johnny Stork wrote: > X-Assp-Received-SPF: pass - Please see > http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a% 40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam: > 208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19; I'm not sure that it's MailScanner/Spamassassin/MailWatch that's doing the neferious deed Johnny. Following the link in the headers it looks like SPF is scrunching the message, but can't explain why. It knows it shouldn't. Do you have the luxury of running SPF on your MTA and turning it off in mailscanner/spamassassin and seeing how that goes? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Jeff.Mills at versacold.com.au Fri Jul 4 02:22:45 2008 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Fri Jul 4 02:22:58 2008 Subject: Bayes Expiry - spam gets through Message-ID: I have an issue with the expiry of the Bayes databases on my servers. Every time an expiry is done, quite a bit of spam is let through. Obviously its removing tokens that are not very old. I have set bayes_expiry_max_db_size to quite a high size to try and help this, but still when it expires, spam gets through. bayes_expiry_max_db_size 4000000 The example spam I have been sent both came through server 2, but this could just be coincidence. Server 1 usually gets more mail because it's the first in DNS. Server 1 Bayes Database Information Number of Spam Messages: 843,399 Number of Ham Messages: 175,621 Number of Tokens: 4,216,073 Oldest Token: Sat, 10 May 2008 07:58:32 +1000 Newest Token: Fri, 04 Jul 2008 11:14:26 +1000 Last Journal Sync: Fri, 04 Jul 2008 11:05:51 +1000 Last Expiry: Fri, 04 Jul 2008 10:58:27 +1000 Last Expiry Reduction Count: 49,773 tokens Server 2 Bayes Database Information Number of Spam Messages: 423,059 Number of Ham Messages: 170,864 Number of Tokens: 2,100,113 Oldest Token: Tue, 06 May 2008 05:34:49 +1000 Newest Token: Fri, 04 Jul 2008 11:17:36 +1000 Last Journal Sync: Fri, 04 Jul 2008 11:05:37 +1000 Last Expiry: Tue, 01 Jul 2008 22:26:32 +1000 Last Expiry Reduction Count: 30,177 token I would have thought that keeping tokens a month old should be enough to catch recent spam due to spammers changing tactics so often. Do others have the same issue when expiring bayes? Is there a known best setup with regards to bayes setup and expiry? From telecaadmin at gmail.com Fri Jul 4 08:52:33 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jul 4 08:55:12 2008 Subject: Bayes Expiry - spam gets through In-Reply-To: References: Message-ID: <486DD6C1.2090000@gmail.com> Hi, > I have an issue with the expiry of the Bayes databases on my servers. > Every time an expiry is done, quite a bit of spam is let through. This looks like a thread called "Somtimes Spam-Mail are not recognized", just days ago (please read for thourough discussion there). Solution is to set the Wait During Bayes Rebuild = yes in MailScanner.cf Cheers, Ronny From a.peacock at chime.ucl.ac.uk Fri Jul 4 08:55:47 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jul 4 08:55:58 2008 Subject: Bayes Expiry - spam gets through In-Reply-To: References: Message-ID: <486DD783.6080702@chime.ucl.ac.uk> Hi, Jeff Mills wrote: > I have an issue with the expiry of the Bayes databases on my servers. > Every time an expiry is done, quite a bit of spam is let through. > Obviously its removing tokens that are not very old. > I have set bayes_expiry_max_db_size to quite a high size to try and help > this, but still when it expires, spam gets through. > > bayes_expiry_max_db_size 4000000 I had a similar issue recently and bumped up by max_db_size to bayes_expiry_max_db_size 5000000 Which has made things a bit better, I also manually train the database a bit more thoroughly now. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From Jeff.Mills at versacold.com.au Fri Jul 4 09:33:02 2008 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Fri Jul 4 09:33:17 2008 Subject: Bayes Expiry - spam gets through In-Reply-To: <486DD6C1.2090000@gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ronny T. Lampert > Sent: Friday, 4 July 2008 5:53 PM > To: MailScanner discussion > Subject: Re: Bayes Expiry - spam gets through > > Hi, > > > I have an issue with the expiry of the Bayes databases on > my servers. > > Every time an expiry is done, quite a bit of spam is let through. > > This looks like a thread called "Somtimes Spam-Mail are not > recognized", just days ago (please read for thourough > discussion there). > > Solution is to set the > > Wait During Bayes Rebuild = yes > > in MailScanner.cf > > Cheers, > Ronny Thanks Ronny, I have that set in MailScanner.conf. Is that not where it should be? Also, if I am using bayes_auto_expire, does MailScanner still wait, or does Wait During Bayes Rebuild = yes only take affect when MailScanner does the expire via Rebuild Bayes Every = xxx? From telecaadmin at gmail.com Fri Jul 4 10:05:30 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jul 4 10:08:13 2008 Subject: Bayes Expiry - spam gets through In-Reply-To: References: Message-ID: <486DE7DA.3020709@gmail.com> > Also, if I am using bayes_auto_expire, does MailScanner still wait, or > does Wait During Bayes Rebuild = yes only take affect when MailScanner > does the expire via Rebuild Bayes Every = xxx? The "Wait During Bayes Rebuild = yes" in MailScanner.cf is where it belongs. You have to disable bayes_auto_expire for spamassassin. Please read the thread here: http://lists.mailscanner.info/pipermail/mailscanner/2008-July/085777.html From MailScanner at ecs.soton.ac.uk Fri Jul 4 10:10:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 4 10:11:36 2008 Subject: Bayes Expiry - spam gets through In-Reply-To: References: Message-ID: <486DE91D.1090801@ecs.soton.ac.uk> Jeff Mills wrote: > > Also, if I am using bayes_auto_expire, does MailScanner still wait, or > does Wait During Bayes Rebuild = yes only take affect when MailScanner > does the expire via Rebuild Bayes Every = xxx? > It should only take effect when MailScanner is doing the rebuild. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wick at bobwickline.com Fri Jul 4 14:53:03 2008 From: wick at bobwickline.com (Bob Wickline) Date: Fri Jul 4 14:53:27 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> Message-ID: <486E2B3F.8070407@bobwickline.com> I have a dozen Solaris zones running MailScanner on a single server and it seems to be doing fine. Key is to have LOTS of memory. The memory signature of MailScanner is fairly large (50MB). Because of that I have cut the max children down to 2 on all of my zones but they are pretty light mail traffic. I haven?t done the rapid-deployment thing since my environment is very static. There?s plenty of documentation on how to deploy zones out there. Eduardo Casarero wrote: > Hi guys, i know that it's not recomendable to run MS on virtualized HW > because of it's high cpu/io load. However, i'm doing some research > because my boss required it. > > What products do you think that will work best? VMware? Xen? The > objective is that it has to be simple and quick to deploy. Also will > be useful in case the HW dies, so you quickly can have the emails > flowing (may be with delay, but working), until HW gets repaired. > > We all know that installing MS servers takes a while, so having a > pre-installed image will reduce times. > > Any thoughts? > > Everything will be appreciated. > > Eduardo. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Fri Jul 4 15:25:36 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jul 4 15:25:46 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <486E2B3F.8070407@bobwickline.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> <486E2B3F.8070407@bobwickline.com> Message-ID: <625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com> On Fri, Jul 4, 2008 at 3:53 PM, Bob Wickline wrote: > I have a dozen Solaris zones running MailScanner on a single server and it > seems to be doing fine. Key is to have LOTS of memory. The memory > signature of MailScanner is fairly large (50MB). Because of that I have cut > the max children down to 2 on all of my zones but they are pretty light mail > traffic. I haven?t done the rapid-deployment thing since my environment is > very static. There?s plenty of documentation on how to deploy zones out > there. Interesting. I'm just curious to know if you use the tar based MailScanner or the Blastwave package or something else? I package MailScanner for the Blastwave project and I'm always interested in feedback about it. http://www.blastwave.org/packages.php/mailscanner -- Simone de Beauvoir - "To catch a husband is an art; to hold him is a job." From wick at bobwickline.com Fri Jul 4 15:31:29 2008 From: wick at bobwickline.com (Bob Wickline) Date: Fri Jul 4 15:31:57 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> <486E2B3F.8070407@bobwickline.com> <625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com> Message-ID: <486E3441.303@bobwickline.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080704/abb9f546/attachment.html From spamlists at coders.co.uk Fri Jul 4 15:32:20 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Fri Jul 4 15:33:42 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <486E2B3F.8070407@bobwickline.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> <486E2B3F.8070407@bobwickline.com> Message-ID: <486E3474.1020804@coders.co.uk> Bob Wickline wrote: > I have a dozen Solaris zones running MailScanner on a single server > and it seems to be doing fine. Key is to have LOTS of memory. The > memory signature of MailScanner is fairly large (50MB). Because of > that I have cut the max children down to 2 on all of my zones but they > are pretty light mail traffic. I haven?t done the rapid-deployment > thing since my environment is very static. There?s plenty of > documentation on how to deploy zones out there. The memory is more from the number of Spamassassin rules that you have - and also if you use ClamAVModule you have those signatures in memory too. This can be reduced by using Clamd as then you only have one set of the Clamd signatures in memory. matt From root at doctor.nl2k.ab.ca Fri Jul 4 22:59:37 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Jul 4 23:45:48 2008 Subject: Slight inconsistency Message-ID: <20080704215937.GA821@doctor.nl2k.ab.ca> Right just implented the latest beta on both machines using antiword support. I have to flush the queue using sendmail and not the headers on one machine is not attaching. What do I need to look for? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Fri Jul 4 23:42:09 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Jul 5 00:04:44 2008 Subject: Some problems thanks to Clamav 0.93.1 Message-ID: <20080704224209.GA3048@doctor.nl2k.ab.ca> I understand Clamav 0.93.2 could be coming. Interesting: I got MailScanner.conf says "Virus Scanners = clamav clamavmodule clamd" Found these virus scanners installed: clamavmodule =========================================================================== Virus and Content Scanning: Starting trap: Illegal number: EXIT /var/spool/MailScanner/incoming/2724/./1/eicar.com: Eicar-Test-Signature FOUND trap: Illegal number: EXIT Virus Scanning: ClamAV found 1 infections ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com Virus Scanning: ClamAVModule found 1 infections Cannot find Socket (/tmp/clamd) Exiting! at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 3461 Virus Scanning: Clamd found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Also in MailScanner.conf for clamav users thanks to Clamav 0.93.2 you need: Monitors for ClamAV Updates = /usr/contrib/share/clamav/*.inc/* /usr/contrib/share/clamav/*.cvd /usr/contrib/share/clamav/*.cld Of course replace contrib with local but .cld is the new extenstion. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Sat Jul 5 02:55:55 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Jul 5 02:58:00 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <486B2EEB.8020502@anymore.nl> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> <486B2EEB.8020502@anymore.nl> Message-ID: Arjan Schrijver wrote: > Anthony Cartmell wrote: >>> Hi guys, i know that it's not recomendable to run MS on virtualized HW >>> because of it's high cpu/io load. However, i'm doing some research >>> because my boss required it. >> >> I have it running on a high-powered Xen VPS (with 2G RAM available and >> eight processor cores shared between the VPS instances) and it works >> fine. Only processing ~800 messages per day so probably not a very >> useful test though. I'll be moving more mail through it soon, so might >> get to see how well it works then. My other server, non VPS but with >> the same memory but only twin processors, manages 10,000 messages per >> day without much problem. >> > Running OpenVZ here (no performance impact), on 4 virtual MailScanner > servers. They each process about 40.000 messages a day, through both > SpamAssassin and ClamAV. The hardware consists of four servers with > 4x2GHz cores and 2GB RAM. Each server runs one container. The > performance is exactly the same as when the same servers were running > MailScanner natively (not virtualized). > But this is of course only possible with OpenVZ or Virtuozzo, because it > doesn't virtualize the complete hardware but only the kernel. I also use OpenVZ, about 40 000 emails/day on that gateway, about 800 000 smtp connects/day (using BarricadeMX). The server is a quad core xeon, and runs this MailScanner system and an asterisk PBX. Ugo From lists at openenterprise.ca Sat Jul 5 03:29:51 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Jul 5 03:30:07 2008 Subject: Whitelists Still Not Working? In-Reply-To: References: <486D681C.4080104@openenterprise.ca> Message-ID: <486EDC9F.3040504@openenterprise.ca> I dont think I have SPF running and had been planning to look into it at some time in the future. Where should/could I check to be sure? Kevin Miller wrote: > Johnny Stork wrote: > >> X-Assp-Received-SPF: pass - Please see >> >> > http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a% > 40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam: > >> 208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19; >> > > I'm not sure that it's MailScanner/Spamassassin/MailWatch that's doing > the neferious deed Johnny. Following the link in the headers it looks > like SPF is scrunching the message, but can't explain why. It knows it > shouldn't. > > Do you have the luxury of running SPF on your MTA and turning it off in > mailscanner/spamassassin and seeing how that goes? > > ...Kevin > From lszabo at ntlworld.com Sat Jul 5 18:25:30 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Sat Jul 5 18:25:47 2008 Subject: perl install error mailscanner can't start Message-ID: <486FAE8A.5020007@ntlworld.com> *Hi folks! I'm trying to install to a friend of mine the mailscanner on fedora 9 but I can't. It is a new install. I upgraded the whole system before I installed the mailscanner. I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a higher package but still does not work. The mailscanner says when I'm trying to start it:* MailScanner: Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. *I had a look the whole install and I saw few compiling errors like this:* # Looks like your test died before it could output anything. Can't locate IO/Lines.pm in @INC (@INC contains: /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib /usr/src/redhat/BUILD/MIME-tools-5.425/blib/arch /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237. Compilation failed in require at t/Smtpsend.t line 7. BEGIN failed--compilation aborted at t/Smtpsend.t line 7. # Looks like your test died before it could output anything. Failed 8/17 test programs. 154/249 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.75716 (%build) Bad exit status from /var/tmp/rpm-tmp.75716 (%build) *I tried to pipe the install.sh script into a file to take a look later what went wrong but it can't be piped cos the external compiler I think. I tried to install it with nodeps switch no fortune. So any idea guys? Julian what do you think what is wrong? Thanks Laszlo * From hvdkooij at vanderkooij.org Sat Jul 5 23:45:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jul 5 23:45:19 2008 Subject: perl install error mailscanner can't start In-Reply-To: <486FAE8A.5020007@ntlworld.com> References: <486FAE8A.5020007@ntlworld.com> Message-ID: <486FF974.1060408@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laszlo Szabo wrote: | | *Hi folks! | | I'm trying to install to a friend of mine the mailscanner on fedora 9 | but I can't. Any good reason to pick a distro that will be obsolete and out of updates in a year? (Not minding the experimental nature of Fedora.) | It is a new install. I upgraded the whole system before I installed the | mailscanner. | I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a | higher package but still does not work. | | The mailscanner says when I'm trying to start it:* | | MailScanner: Can't locate Filesys/Df.pm in @INC (@INC | contains: /usr/lib/MailScanner | /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 | /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi | /usr/local/lib/perl5/site_perl/5.10.0 | /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi | /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . | /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. | BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Could you try to install: perl-Filesys-DiskFree Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIb/lyBvzDRVjxmYERAus9AJ9GfZ3RjF4xcEQkfbiCJECenprkuQCgslHq cnSlLgZQ38yT2S3+bPjxlPU= =MmS3 -----END PGP SIGNATURE----- From lszabo at ntlworld.com Sun Jul 6 06:06:30 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Sun Jul 6 06:06:41 2008 Subject: perl install error mailscanner can't start References: <486FAE8A.5020007@ntlworld.com> <486FF974.1060408@vanderkooij.org> Message-ID: <000801c8df26$0ebcbaa0$c800a8c0@l54421a2ab1cd4> I told him that but no ears at all. I use myself CentOS and no problem at all. I know what you mean the "experimental" fedora thingy. Sometimes I feel some Fedora programmer from M$. :)) I use fedora since born. Actually I started with RedHat 7.0 I have no idea why needs to be put every bloody package from anywhere what they find on the internet. Obvious I can't decide what he use. I need to solve this somehow. Maybe I'll use the spamass-milter but I rather use MailScenner. Laszlo ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner discussion" Sent: Saturday, July 05, 2008 11:45 PM Subject: Re: perl install error mailscanner can't start > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Laszlo Szabo wrote: > | > | *Hi folks! > | > | I'm trying to install to a friend of mine the mailscanner on fedora 9 > | but I can't. > > Any good reason to pick a distro that will be obsolete and out of > updates in a year? (Not minding the experimental nature of Fedora.) > > | It is a new install. I upgraded the whole system before I installed the > | mailscanner. > | I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a > | higher package but still does not work. > | > | The mailscanner says when I'm trying to start it:* > | > | MailScanner: Can't locate Filesys/Df.pm in @INC (@INC > | contains: /usr/lib/MailScanner > | /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 > | /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi > | /usr/local/lib/perl5/site_perl/5.10.0 > | /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi > | /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . > | /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > | BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Could you try to install: perl-Filesys-DiskFree > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIb/lyBvzDRVjxmYERAus9AJ9GfZ3RjF4xcEQkfbiCJECenprkuQCgslHq > cnSlLgZQ38yT2S3+bPjxlPU= > =MmS3 > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jul 6 10:53:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 6 10:53:54 2008 Subject: perl install error mailscanner can't start In-Reply-To: References: Message-ID: <48709609.9050202@ecs.soton.ac.uk> Make sure that IO-stringy installed properly. This needs to be installed before Filesys-Df, and will provide the IO/Lines.pm file which your output says it needs. Laszlo Szabo wrote: > > *Hi folks! > > I'm trying to install to a friend of mine the mailscanner on fedora 9 > but I can't. > > It is a new install. I upgraded the whole system before I installed > the mailscanner. > I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a > higher package but still does not work. > > The mailscanner says when I'm trying to start it:* > > MailScanner: Can't locate Filesys/Df.pm in @INC (@INC > contains: /usr/lib/MailScanner > /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/5.10.0 > /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi > /usr/local/lib/perl5/site_perl/5.10.0 > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > *I had a look the whole install and I saw few compiling errors like > this:* > > # Looks like your test died before it could output anything. > Can't locate IO/Lines.pm in @INC (@INC contains: > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/arch > /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/5.10.0 > /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi > /usr/local/lib/perl5/site_perl/5.10.0 > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0 > /usr/lib/perl5/vendor_perl . > /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/5.10.0 > /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi > /usr/local/lib/perl5/site_perl/5.10.0 > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237. > BEGIN failed--compilation aborted at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237. > Compilation failed in require at t/Smtpsend.t line 7. > BEGIN failed--compilation aborted at t/Smtpsend.t line 7. > # Looks like your test died before it could output anything. > Failed 8/17 test programs. 154/249 subtests failed. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.75716 (%build) > Bad exit status from /var/tmp/rpm-tmp.75716 (%build) > > *I tried to pipe the install.sh script into a file to take a look > later what went wrong but it can't be piped cos the external compiler > I think. > I tried to install it with nodeps switch no fortune. > So any idea guys? > > Julian what do you think what is wrong? > > Thanks > > Laszlo > * > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Sun Jul 6 22:18:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Jul 6 22:18:30 2008 Subject: Whitelists Still Not Working? In-Reply-To: <486D681C.4080104@openenterprise.ca> References: <486D681C.4080104@openenterprise.ca> Message-ID: on 7-3-2008 5:00 PM Johnny Stork spake the following: > I sure hope someone can help with this. I have tried this list as well > as the mailwatch list but have not had anyone respond with any helpful > info. I am sure this must be pretty simple for those that know what they > are doing. Here are the details. > > Most recent version of MS and MW running on CentOS 5x > > Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist > > And in the "Lists" section of MW, I have many domains listed as > domain.com (without the @ or a specific adddress). Below is an example > of whats listed in the "Lists" page of MW and it shows clearly that > "futureshop.com" is listed. > > futureshop.com default Delete > > > > > And here are the headers for a message that just came in and was tagged > as SPAM. You can see that the from field is " From: Future Shop > Newsletter " so why would this not be > whitelisted? > > Can someone please suggest anything that might help? > Are you sure that your sql connection settings are correct in the SQLBlackWhiteList.pm file? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080706/7e46914b/signature.bin From peter at farrows.org Sun Jul 6 22:36:59 2008 From: peter at farrows.org (Peter Farrow) Date: Sun Jul 6 22:37:24 2008 Subject: Whitelists Still Not Working? In-Reply-To: References: <486D681C.4080104@openenterprise.ca> Message-ID: <48713AFB.5020100@farrows.org> Scott Silva wrote: > on 7-3-2008 5:00 PM Johnny Stork spake the following: >> I sure hope someone can help with this. I have tried this list as >> well as the mailwatch list but have not had anyone respond with any >> helpful info. I am sure this must be pretty simple for those that >> know what they are doing. Here are the details. >> >> Most recent version of MS and MW running on CentOS 5x >> >> Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist >> >> And in the "Lists" section of MW, I have many domains listed as >> domain.com (without the @ or a specific adddress). Below is an >> example of whats listed in the "Lists" page of MW and it shows >> clearly that "futureshop.com" is listed. >> >> futureshop.com default Delete >> >> >> >> >> And here are the headers for a message that just came in and was >> tagged as SPAM. You can see that the from field is " From: Future >> Shop Newsletter " so why would this not be >> whitelisted? >> >> Can someone please suggest anything that might help? >> > Are you sure that your sql connection settings are correct in the > SQLBlackWhiteList.pm file? > > Also, you have to create a user called "admin" in mailwatch and set whitelists globally there, once you have created the user "admin" you can then create other domain and email specific users within the mailwatch front end and create whitelists for particular domains and even particular email addresses. Using the supplied user "mailwatch" this never worked for me until I created the "admin" user. Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From indunil75 at gmail.com Mon Jul 7 05:05:24 2008 From: indunil75 at gmail.com (Indunil Jayasooriya) Date: Mon Jul 7 05:05:33 2008 Subject: Maximum Attachment Size Message-ID: <7ed6b0aa0807062105j14e55009x872aeb9680db12d@mail.gmail.com> Hi, I want to setup Maximum Attachment Size. I want to add size limits to attachments. I have gone through below steps. # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. #Maximum Attachment Size = -1 Maximum Attachment Size = %rules-dir%/max.attachment.size.rules my max.attachment.size.rules is like this. [root@osthub MailScanner]# cat rules/max.attachment.size.rules To: *@domain1.com 10M To: *@domain2.com 20M From: user@domain3.com 5M From: *@domain3.com 500K FromOrTo: default 0 Could you Pls let me kmow am I right is setting it up ? -- Thank you Indunil Jayasooriya From lucianog at metline.it Mon Jul 7 09:53:42 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 09:54:10 2008 Subject: MailScanner on FC8 don't pickup emails Message-ID: <2431CD8FBF1244489D1E82BB9F65A969@LUCIANO> Hi, I' ve installed Fedora Core 8 and updated at latest fix, then i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2). Sendmail accepts e-mails, but are not produced by Mailscanner. My MTA is Sendmail 8.14 ( Fedora Core 8 ). It' s a locking problem? Must reinstall with --nodeps? Here 'MailScanner --lint': Trying to setlogsock(unix) Read 824 hostnames from the phishing whitelist Read 3052 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.71.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ClamAV scanner using unrar command /usr/bin/unrar Using locktype = flock MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== Virus and Content Scanning: Starting /var/spool/MailScanner/incoming/9520/./1/eicar.com: Eicar-Test-Signature FOUND /var/spool/MailScanner/incoming/9520/./1.message: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1.message came from Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Filetype Checks: Allowing 1 eicar.com Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -- Here 'MailScanner -v': Running on Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 (Werewolf) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.71.2 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.21 bignum 1.04 Carp 2.005 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 0.19 Math::BigRat 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.78 Test::Simple 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.34 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.815 DB_File 1.14 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17010 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.07 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML Thanks Luciano. -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/9210520c/attachment.html From P.G.M.Peters at utwente.nl Mon Jul 7 09:56:38 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon Jul 7 09:57:01 2008 Subject: Non-English testers? In-Reply-To: <486D3C1B.9090604@ecs.soton.ac.uk> References: <486D352F.1040002@ecs.soton.ac.uk> <486D3C1B.9090604@ecs.soton.ac.uk> Message-ID: <4871DA46.8050906@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote on 3-7-2008 22:52: >> One other thing, if somebody here could be so kind to try out Office >> 2007 documents and/or Word documents with pictures and stuff embedded >> within which *themselves* have international characters... Well, just >> to be on the exaggerated safe side, if you catch my drift. > The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't > support them. If anyone has a way of managing to read them, I would be > very interested to hear it. Or even just some helpful ideas. According to http://www.oooninja.com/2008/01/convert-openxml-docx-etc-in-linux-using.html odfconverter also supports docx. I haven't been able to test it because I don't have access to a docx file. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIcdpFelLo80lrIdIRAvglAKCYBJ0XPQ1+21G8aWNp3Ufma5XeVwCaAlGh ZKs/loX0ox0QnWvoMP+cbRc= =45rn -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Mon Jul 7 10:06:45 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 10:06:57 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: <2431CD8FBF1244489D1E82BB9F65A969@LUCIANO> Message-ID: <185efaccb55a9649993b016868eb0918@solidstatelogic.com> I would have thought you'd need to change the Lock Type to the default (blank) as sendmail 8.14 usually uses posix (unless fedora change this) Also a "MailScanner --debug --debug-sa" output to a pastebin or web page (as they can be large) would be interesting to see? What install instructions have you followed? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Luciano Grego > Sent: 07 July 2008 09:54 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner on FC8 don't pickup emails > > Hi, > I' ve installed Fedora Core 8 and updated at latest fix, then > i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2). > Sendmail accepts e-mails, but are not produced by Mailscanner. > My MTA is Sendmail 8.14 ( Fedora Core 8 ). > It' s a locking problem? > Must reinstall with --nodeps? > > Here 'MailScanner --lint': > > Trying to setlogsock(unix) > Read 824 hostnames from the phishing whitelist Read 3052 > hostnames from the phishing blacklist Checking version numbers... > Version number in MailScanner.conf (4.71.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temporary working directory is > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin > reported no errors. > ClamAV scanner using unrar command /usr/bin/unrar Using > locktype = flock MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > ============================================================== > ============= > Virus and Content Scanning: Starting > /var/spool/MailScanner/incoming/9520/./1/eicar.com: > Eicar-Test-Signature FOUND > > /var/spool/MailScanner/incoming/9520/./1.message: > Eicar-Test-Signature FOUND > > Virus Scanning: ClamAV found 2 infections Infected message > 1.message came from Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses Filename Checks: (1 > eicar.com) Filetype Checks: Allowing 1 eicar.com Other > Checks: Found 1 problems > ============================================================== > ============= > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamavmodule) are not listed > there, you should check that they are installed correctly and > that MailScanner is finding them correctly via its > virus.scanners.conf. > > > -- > > Here 'MailScanner -v': > Running on > Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT > 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 > (Werewolf) This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.71.2 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.21 bignum > 1.04 Carp > 2.005 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 0.19 Math::BigRat > 3.07 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.07 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.19 Scalar::Util > 1.78 Socket > 2.15 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.78 Test::Simple > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.34 Archive::Tar > 0.21 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.815 DB_File > 1.14 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17010 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.07 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.005 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > Thanks > Luciano. > > > > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner > , ed e' > risultato non infetto. > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From lucianog at metline.it Mon Jul 7 10:59:46 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 11:00:05 2008 Subject: MailScanner on FC8 don't pickup emails References: <185efaccb55a9649993b016868eb0918@solidstatelogic.com> Message-ID: <3E67C826329F45E491433A4A01DCFAD6@LUCIANO> ----- Original Message ----- From: "Martin.Hepworth" To: "MailScanner discussion" Sent: Monday, July 07, 2008 11:06 AM Subject: RE: MailScanner on FC8 don't pickup emails >I would have thought you'd need to change the Lock Type to the default >(blank) as sendmail 8.14 usually uses posix (unless fedora change this) > > Also a "MailScanner --debug --debug-sa" output to a pastebin or web page > (as they can be large) would be interesting to see? > > What install instructions have you followed? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Luciano Grego >> Sent: 07 July 2008 09:54 >> To: mailscanner@lists.mailscanner.info >> Subject: MailScanner on FC8 don't pickup emails >> >> Hi, >> I' ve installed Fedora Core 8 and updated at latest fix, then >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2). >> Sendmail accepts e-mails, but are not produced by Mailscanner. >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >> It' s a locking problem? >> Must reinstall with --nodeps? >> >> Here 'MailScanner --lint': >> >> Trying to setlogsock(unix) >> Read 824 hostnames from the phishing whitelist Read 3052 >> hostnames from the phishing blacklist Checking version numbers... >> Version number in MailScanner.conf (4.71.2) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temporary working directory is >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database SpamAssassin >> reported no errors. >> ClamAV scanner using unrar command /usr/bin/unrar Using >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamavmodule >> ============================================================== >> ============= >> Virus and Content Scanning: Starting >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >> Eicar-Test-Signature FOUND >> >> /var/spool/MailScanner/incoming/9520/./1.message: >> Eicar-Test-Signature FOUND >> >> Virus Scanning: ClamAV found 2 infections Infected message >> 1.message came from Infected message 1 came from 10.1.1.1 >> Virus Scanning: Found 2 viruses Filename Checks: (1 >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >> Checks: Found 1 problems >> ============================================================== >> ============= >> Virus Scanner test reports: >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> If any of your virus scanners (clamavmodule) are not listed >> there, you should check that they are installed correctly and >> that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> >> -- >> >> Here 'MailScanner -v': >> Running on >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >> (Werewolf) This is Perl version 5.008008 (5.8.8) >> >> This is MailScanner version 4.71.2 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.21 bignum >> 1.04 Carp >> 2.005 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121_08 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.74 File::Basename >> 2.09 File::Copy >> 2.01 FileHandle >> 1.08 File::Path >> 0.20 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.86 Math::BigInt >> 0.19 Math::BigRat >> 3.07 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.07 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.09 POSIX >> 1.19 Scalar::Util >> 1.78 Socket >> 2.15 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.78 Test::Simple >> 1.86 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.34 Archive::Tar >> 0.21 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.815 DB_File >> 1.14 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17010 Error >> 0.18 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.07 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.005 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.98 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.62 YAML >> >> Thanks >> Luciano. >> >> >> >> >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner >> , ed e' >> risultato non infetto. >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > HI Martin, Lock Type = flock ... for test my ideas ... I've setup this Mailscanner box for my client and i' ve reboot the machine friday at 18:45 with new params. Now i'm checking logs and i see Mailscanner pickup messages from Sunday at 15:00. None first! MailScanner needs more time for starting up? I' ve put Lock Type = now and 'service MailScanner restart'. Thank you. L. -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From martinh at solidstatelogic.com Mon Jul 7 11:08:19 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 11:08:32 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: <3E67C826329F45E491433A4A01DCFAD6@LUCIANO> Message-ID: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Luciano Grego > Sent: 07 July 2008 11:00 > To: MailScanner discussion > Subject: Re: MailScanner on FC8 don't pickup emails > > > ----- Original Message ----- > From: "Martin.Hepworth" > To: "MailScanner discussion" > Sent: Monday, July 07, 2008 11:06 AM > Subject: RE: MailScanner on FC8 don't pickup emails > > > >I would have thought you'd need to change the Lock Type to > the default > >(blank) as sendmail 8.14 usually uses posix (unless fedora > change this) > > > > Also a "MailScanner --debug --debug-sa" output to a > pastebin or web page > > (as they can be large) would be interesting to see? > > > > What install instructions have you followed? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Luciano Grego > >> Sent: 07 July 2008 09:54 > >> To: mailscanner@lists.mailscanner.info > >> Subject: MailScanner on FC8 don't pickup emails > >> > >> Hi, > >> I' ve installed Fedora Core 8 and updated at latest fix, then > >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and > 4.71.2-2). > >> Sendmail accepts e-mails, but are not produced by Mailscanner. > >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). > >> It' s a locking problem? > >> Must reinstall with --nodeps? > >> > >> Here 'MailScanner --lint': > >> > >> Trying to setlogsock(unix) > >> Read 824 hostnames from the phishing whitelist Read 3052 > >> hostnames from the phishing blacklist Checking version numbers... > >> Version number in MailScanner.conf (4.71.2) is correct. > >> > >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. > >> > >> Checking for SpamAssassin errors (if you use it)... > >> SpamAssassin temporary working directory is > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> SpamAssassin temp dir = > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> Using SpamAssassin results cache > >> Connected to SpamAssassin cache database SpamAssassin > >> reported no errors. > >> ClamAV scanner using unrar command /usr/bin/unrar Using > >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" > >> Found these virus scanners installed: clamavmodule > >> ============================================================== > >> ============= > >> Virus and Content Scanning: Starting > >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: > >> Eicar-Test-Signature FOUND > >> > >> /var/spool/MailScanner/incoming/9520/./1.message: > >> Eicar-Test-Signature FOUND > >> > >> Virus Scanning: ClamAV found 2 infections Infected message > >> 1.message came from Infected message 1 came from 10.1.1.1 > >> Virus Scanning: Found 2 viruses Filename Checks: (1 > >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other > >> Checks: Found 1 problems > >> ============================================================== > >> ============= > >> Virus Scanner test reports: > >> ClamAV said "eicar.com contains Eicar-Test-Signature" > >> > >> If any of your virus scanners (clamavmodule) are not listed > >> there, you should check that they are installed correctly and > >> that MailScanner is finding them correctly via its > >> virus.scanners.conf. > >> > >> > >> -- > >> > >> Here 'MailScanner -v': > >> Running on > >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT > >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 > >> (Werewolf) This is Perl version 5.008008 (5.8.8) > >> > >> This is MailScanner version 4.71.2 > >> Module versions are: > >> 1.00 AnyDBM_File > >> 1.20 Archive::Zip > >> 0.21 bignum > >> 1.04 Carp > >> 2.005 Compress::Zlib > >> 1.119 Convert::BinHex > >> 0.17 Convert::TNEF > >> 2.121_08 Data::Dumper > >> 2.27 Date::Parse > >> 1.00 DirHandle > >> 1.05 Fcntl > >> 2.74 File::Basename > >> 2.09 File::Copy > >> 2.01 FileHandle > >> 1.08 File::Path > >> 0.20 File::Temp > >> 0.90 Filesys::Df > >> 1.35 HTML::Entities > >> 3.56 HTML::Parser > >> 2.37 HTML::TokeParser > >> 1.23 IO > >> 1.14 IO::File > >> 1.13 IO::Pipe > >> 2.02 Mail::Header > >> 1.86 Math::BigInt > >> 0.19 Math::BigRat > >> 3.07 MIME::Base64 > >> 5.425 MIME::Decoder > >> 5.425 MIME::Decoder::UU > >> 5.425 MIME::Head > >> 5.425 MIME::Parser > >> 3.07 MIME::QuotedPrint > >> 5.425 MIME::Tools > >> 0.11 Net::CIDR > >> 1.25 Net::IP > >> 0.16 OLE::Storage_Lite > >> 1.04 Pod::Escapes > >> 3.05 Pod::Simple > >> 1.09 POSIX > >> 1.19 Scalar::Util > >> 1.78 Socket > >> 2.15 Storable > >> 1.4 Sys::Hostname::Long > >> 0.18 Sys::Syslog > >> 1.26 Test::Pod > >> 0.78 Test::Simple > >> 1.86 Time::HiRes > >> 1.02 Time::localtime > >> > >> Optional module versions are: > >> 1.34 Archive::Tar > >> 0.21 bignum > >> 1.82 Business::ISBN > >> 1.10 Business::ISBN::Data > >> 1.08 Data::Dump > >> 1.815 DB_File > >> 1.14 DBD::SQLite > >> 1.58 DBI > >> 1.15 Digest > >> 1.01 Digest::HMAC > >> 2.36 Digest::MD5 > >> 2.11 Digest::SHA1 > >> 1.00 Encode::Detect > >> 0.17010 Error > >> 0.18 ExtUtils::CBuilder > >> 2.18 ExtUtils::ParseXS > >> 2.36 Getopt::Long > >> 0.44 Inline > >> 1.08 IO::String > >> 1.07 IO::Zlib > >> 2.21 IP::Country > >> 0.22 Mail::ClamAV > >> 3.002005 Mail::SpamAssassin > >> v2.005 Mail::SPF > >> 1.999001 Mail::SPF::Query > >> 0.2808 Module::Build > >> 0.20 Net::CIDR::Lite > >> 0.63 Net::DNS > >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP > >> 4.004 NetAddr::IP > >> 1.94 Parse::RecDescent > >> missing SAVI > >> 2.64 Test::Harness > >> 0.95 Test::Manifest > >> 1.98 Text::Balanced > >> 1.35 URI > >> 0.7203 version > >> 0.62 YAML > >> > >> Thanks > >> Luciano. > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Il messaggio e' stato analizzato alla ricerca di virus o > > contenuti pericolosi da MailScanner, ed e' > > risultato non infetto. > > > > > > HI Martin, > Lock Type = flock > ... for test my ideas ... > > I've setup this Mailscanner box for my client and > i' ve reboot the machine friday at 18:45 with new params. > Now i'm checking logs and i see Mailscanner pickup messages > from Sunday at > 15:00. None first! > MailScanner needs more time for starting up? > > I' ve put > Lock Type = > now and > 'service MailScanner restart'. > Thank you. > L. > > Hi Anything in the maillog reguarding mailScanner??? Should only take a few seconds to get going. I'd drop to debug and see if you can spot anything. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From lucianog at metline.it Mon Jul 7 11:33:43 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 11:34:29 2008 Subject: MailScanner on FC8 don't pickup emails References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com> Message-ID: <461154D3BC314695B971D5B750769C3D@LUCIANO> Hi, Excuse me for long list ... But ... in debug mode i should see the email passing through MailScanner? I have not answered your question first: What install instructions have you followed? I' ve follow the INSTALL file guide. Untar src file and ./install.sh. -- mail root [ /var/log ] MailScanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(unix) 12:23:04 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 12:23:04 [10417] dbg: logger: adding facilities: all 12:23:04 [10417] dbg: logger: logging level is DBG 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 12:23:04 [10417] dbg: config: score set 0 chosen. 12:23:04 [10417] dbg: util: running in taint mode? no 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 12:23:04 [10417] dbg: ignore: test message to precompile patterns and load modules 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules dir 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 12:23:05 [10417] dbg: conf: finish parsing 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements 'finish_parsing_end', priority 0 12:23:05 [10417] dbg: replacetags: replacing tags 12:23:05 [10417] dbg: replacetags: done replacing tags 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__toks 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__seen 12:23:05 [10417] dbg: bayes: found bayes db version 3 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 12:23:05 [10417] dbg: bayes: untie-ing 12:23:05 [10417] dbg: config: score set 1 chosen. 12:23:05 [10417] dbg: message: main message type: text/plain 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- 12:23:05 [10417] dbg: message: parsing normal part 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements 'check_start', priority 0 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__toks 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__seen 12:23:05 [10417] dbg: bayes: found bayes db version 3 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 12:23:05 [10417] dbg: bayes: untie-ing 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main', priority 0 12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 'extract_metadata', priority 0 12:23:05 [10417] dbg: metadata: X-Relay-Countries: 12:23:05 [10417] dbg: message: no encoding detected 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements 'parsed_metadata', priority 0 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 'parsed_metadata', priority 0 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes 12:23:05 [10417] dbg: dns: dns_available set to yes in config file, skipping test 12:23:05 [10417] dbg: uridnsbl: domains to query: 12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted 12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set ssc-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop 12:23:05 [10417] dbg: dns: checking RBL dob.sibl.support-intelligence.net., set dob 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal 12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted 12:23:05 [10417] dbg: check: running tests for priority: -1000 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org 12:23:05 [10417] dbg: eval: all '*To' addrs: 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -950 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -900 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -400 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: 0 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" 12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " 12:23:05 [10417] dbg: rules: Message-Id: " 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1215426184" 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1215426184.34281@spamassassin_spamd_init> 12:23:05 [10417] dbg: rules: " 12:23:05 [10417] dbg: spf: checking to see if the message has a Received-SPF header that we can use 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check 12:23:05 [10417] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF check 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) 12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: eval: stock info total: 0 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: info: entering helper-app run mode 12:23:06 [10417] dbg: info: leaving helper-app run mode 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 12:23:06 [10417] dbg: razor2: results: spam? 0 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable found 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: running tests for priority: 500 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled head tests 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled body tests 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled uri tests 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled rawbody tests 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled full tests 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: running tests for priority: 1000 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled head tests 12:23:06 [10417] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.mutex 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 30 timeout 12:23:06 [10417] dbg: locker: safe_lock: link to /root/.spamassassin/auto-whitelist.mutex: link ok 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /root/.spamassassin/auto-whitelist 12:23:06 [10417] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865, autolearn score: 2.865, mean: undef, IP: undef 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and unlocking 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking lock 12:23:06 [10417] dbg: locker: safe_unlock: unlocked /root/.spamassassin/auto-whitelist.mutex 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled body tests 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled uri tests 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled rawbody tests 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled full tests 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 12:23:06 [10417] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS 12:23:06 [10417] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID 12:23:06 Building a message batch to scan... ----- Original Message ----- From: "Martin.Hepworth" To: "MailScanner discussion" Sent: Monday, July 07, 2008 12:08 PM Subject: RE: MailScanner on FC8 don't pickup emails > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Luciano Grego >> Sent: 07 July 2008 11:00 >> To: MailScanner discussion >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> >> ----- Original Message ----- >> From: "Martin.Hepworth" >> To: "MailScanner discussion" >> Sent: Monday, July 07, 2008 11:06 AM >> Subject: RE: MailScanner on FC8 don't pickup emails >> >> >> >I would have thought you'd need to change the Lock Type to >> the default >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >> change this) >> > >> > Also a "MailScanner --debug --debug-sa" output to a >> pastebin or web page >> > (as they can be large) would be interesting to see? >> > >> > What install instructions have you followed? >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> Of Luciano Grego >> >> Sent: 07 July 2008 09:54 >> >> To: mailscanner@lists.mailscanner.info >> >> Subject: MailScanner on FC8 don't pickup emails >> >> >> >> Hi, >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >> 4.71.2-2). >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >> >> It' s a locking problem? >> >> Must reinstall with --nodeps? >> >> >> >> Here 'MailScanner --lint': >> >> >> >> Trying to setlogsock(unix) >> >> Read 824 hostnames from the phishing whitelist Read 3052 >> >> hostnames from the phishing blacklist Checking version numbers... >> >> Version number in MailScanner.conf (4.71.2) is correct. >> >> >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> >> >> Checking for SpamAssassin errors (if you use it)... >> >> SpamAssassin temporary working directory is >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> SpamAssassin temp dir = >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> Using SpamAssassin results cache >> >> Connected to SpamAssassin cache database SpamAssassin >> >> reported no errors. >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >> >> Found these virus scanners installed: clamavmodule >> >> ============================================================== >> >> ============= >> >> Virus and Content Scanning: Starting >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >> >> Eicar-Test-Signature FOUND >> >> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >> >> Eicar-Test-Signature FOUND >> >> >> >> Virus Scanning: ClamAV found 2 infections Infected message >> >> 1.message came from Infected message 1 came from 10.1.1.1 >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >> >> Checks: Found 1 problems >> >> ============================================================== >> >> ============= >> >> Virus Scanner test reports: >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> >> >> If any of your virus scanners (clamavmodule) are not listed >> >> there, you should check that they are installed correctly and >> >> that MailScanner is finding them correctly via its >> >> virus.scanners.conf. >> >> >> >> >> >> -- >> >> >> >> Here 'MailScanner -v': >> >> Running on >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >> >> >> >> This is MailScanner version 4.71.2 >> >> Module versions are: >> >> 1.00 AnyDBM_File >> >> 1.20 Archive::Zip >> >> 0.21 bignum >> >> 1.04 Carp >> >> 2.005 Compress::Zlib >> >> 1.119 Convert::BinHex >> >> 0.17 Convert::TNEF >> >> 2.121_08 Data::Dumper >> >> 2.27 Date::Parse >> >> 1.00 DirHandle >> >> 1.05 Fcntl >> >> 2.74 File::Basename >> >> 2.09 File::Copy >> >> 2.01 FileHandle >> >> 1.08 File::Path >> >> 0.20 File::Temp >> >> 0.90 Filesys::Df >> >> 1.35 HTML::Entities >> >> 3.56 HTML::Parser >> >> 2.37 HTML::TokeParser >> >> 1.23 IO >> >> 1.14 IO::File >> >> 1.13 IO::Pipe >> >> 2.02 Mail::Header >> >> 1.86 Math::BigInt >> >> 0.19 Math::BigRat >> >> 3.07 MIME::Base64 >> >> 5.425 MIME::Decoder >> >> 5.425 MIME::Decoder::UU >> >> 5.425 MIME::Head >> >> 5.425 MIME::Parser >> >> 3.07 MIME::QuotedPrint >> >> 5.425 MIME::Tools >> >> 0.11 Net::CIDR >> >> 1.25 Net::IP >> >> 0.16 OLE::Storage_Lite >> >> 1.04 Pod::Escapes >> >> 3.05 Pod::Simple >> >> 1.09 POSIX >> >> 1.19 Scalar::Util >> >> 1.78 Socket >> >> 2.15 Storable >> >> 1.4 Sys::Hostname::Long >> >> 0.18 Sys::Syslog >> >> 1.26 Test::Pod >> >> 0.78 Test::Simple >> >> 1.86 Time::HiRes >> >> 1.02 Time::localtime >> >> >> >> Optional module versions are: >> >> 1.34 Archive::Tar >> >> 0.21 bignum >> >> 1.82 Business::ISBN >> >> 1.10 Business::ISBN::Data >> >> 1.08 Data::Dump >> >> 1.815 DB_File >> >> 1.14 DBD::SQLite >> >> 1.58 DBI >> >> 1.15 Digest >> >> 1.01 Digest::HMAC >> >> 2.36 Digest::MD5 >> >> 2.11 Digest::SHA1 >> >> 1.00 Encode::Detect >> >> 0.17010 Error >> >> 0.18 ExtUtils::CBuilder >> >> 2.18 ExtUtils::ParseXS >> >> 2.36 Getopt::Long >> >> 0.44 Inline >> >> 1.08 IO::String >> >> 1.07 IO::Zlib >> >> 2.21 IP::Country >> >> 0.22 Mail::ClamAV >> >> 3.002005 Mail::SpamAssassin >> >> v2.005 Mail::SPF >> >> 1.999001 Mail::SPF::Query >> >> 0.2808 Module::Build >> >> 0.20 Net::CIDR::Lite >> >> 0.63 Net::DNS >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >> >> 4.004 NetAddr::IP >> >> 1.94 Parse::RecDescent >> >> missing SAVI >> >> 2.64 Test::Harness >> >> 0.95 Test::Manifest >> >> 1.98 Text::Balanced >> >> 1.35 URI >> >> 0.7203 version >> >> 0.62 YAML >> >> >> >> Thanks >> >> Luciano. >> >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > -- >> > Il messaggio e' stato analizzato alla ricerca di virus o >> > contenuti pericolosi da MailScanner, ed e' >> > risultato non infetto. >> > >> > >> >> HI Martin, >> Lock Type = flock >> ... for test my ideas ... >> >> I've setup this Mailscanner box for my client and >> i' ve reboot the machine friday at 18:45 with new params. >> Now i'm checking logs and i see Mailscanner pickup messages >> from Sunday at >> 15:00. None first! >> MailScanner needs more time for starting up? >> >> I' ve put >> Lock Type = >> now and >> 'service MailScanner restart'. >> Thank you. >> L. >> >> > > Hi > > Anything in the maillog reguarding mailScanner??? > > Should only take a few seconds to get going. > > I'd drop to debug and see if you can spot anything. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From J.Ede at birchenallhowden.co.uk Mon Jul 7 11:42:53 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Jul 7 11:44:09 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: <461154D3BC314695B971D5B750769C3D@LUCIANO> References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>, <461154D3BC314695B971D5B750769C3D@LUCIANO> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B8599@server02.bhl.local> Have you configured your MTA to work with MailScanner properly? Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Luciano Grego [lucianog@metline.it] Sent: 07 July 2008 11:33 To: MailScanner discussion Subject: Re: MailScanner on FC8 don't pickup emails Hi, Excuse me for long list ... But ... in debug mode i should see the email passing through MailScanner? I have not answered your question first: What install instructions have you followed? I' ve follow the INSTALL file guide. Untar src file and ./install.sh. -- mail root [ /var/log ] MailScanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(unix) 12:23:04 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 12:23:04 [10417] dbg: logger: adding facilities: all 12:23:04 [10417] dbg: logger: logging level is DBG 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 12:23:04 [10417] dbg: config: score set 0 chosen. 12:23:04 [10417] dbg: util: running in taint mode? no 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 12:23:04 [10417] dbg: ignore: test message to precompile patterns and load modules 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules dir 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered 12:23:04 [10417] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf 12:23:04 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" for included file 12:23:04 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf 12:23:05 [10417] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf 12:23:05 [10417] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" for included file 12:23:05 [10417] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 12:23:05 [10417] dbg: conf: finish parsing 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements 'finish_parsing_end', priority 0 12:23:05 [10417] dbg: replacetags: replacing tags 12:23:05 [10417] dbg: replacetags: done replacing tags 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__toks 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__seen 12:23:05 [10417] dbg: bayes: found bayes db version 3 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 12:23:05 [10417] dbg: bayes: untie-ing 12:23:05 [10417] dbg: config: score set 1 chosen. 12:23:05 [10417] dbg: message: main message type: text/plain 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- 12:23:05 [10417] dbg: message: parsing normal part 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements 'check_start', priority 0 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__toks 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes__seen 12:23:05 [10417] dbg: bayes: found bayes db version 3 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 12:23:05 [10417] dbg: bayes: untie-ing 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main', priority 0 12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 'extract_metadata', priority 0 12:23:05 [10417] dbg: metadata: X-Relay-Countries: 12:23:05 [10417] dbg: message: no encoding detected 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements 'parsed_metadata', priority 0 12:23:05 [10417] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 'parsed_metadata', priority 0 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes 12:23:05 [10417] dbg: dns: dns_available set to yes in config file, skipping test 12:23:05 [10417] dbg: uridnsbl: domains to query: 12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted 12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set ssc-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop 12:23:05 [10417] dbg: dns: checking RBL dob.sibl.support-intelligence.net., set dob 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal 12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted 12:23:05 [10417] dbg: check: running tests for priority: -1000 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org 12:23:05 [10417] dbg: eval: all '*To' addrs: 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -950 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -900 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: -400 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: running body tests; score so far=0 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: running full tests; score so far=0 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 12:23:05 [10417] dbg: rules: compiled meta tests 12:23:05 [10417] dbg: check: running tests for priority: 0 12:23:05 [10417] dbg: rules: running head tests; score so far=0 12:23:05 [10417] dbg: rules: compiled head tests 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" 12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " 12:23:05 [10417] dbg: rules: Message-Id: " 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1215426184" 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1215426184.34281@spamassassin_spamd_init> 12:23:05 [10417] dbg: rules: " 12:23:05 [10417] dbg: spf: checking to see if the message has a Received-SPF header that we can use 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check 12:23:05 [10417] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF check 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) 12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled body tests 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled uri tests 12:23:05 [10417] dbg: eval: stock info total: 0 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled rawbody tests 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 12:23:05 [10417] dbg: rules: compiled full tests 12:23:05 [10417] dbg: info: entering helper-app run mode 12:23:06 [10417] dbg: info: leaving helper-app run mode 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 12:23:06 [10417] dbg: razor2: results: spam? 0 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable found 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: running tests for priority: 500 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled head tests 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled body tests 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled uri tests 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled rawbody tests 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 12:23:06 [10417] dbg: rules: compiled full tests 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: running tests for priority: 1000 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled head tests 12:23:06 [10417] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.mutex 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 30 timeout 12:23:06 [10417] dbg: locker: safe_lock: link to /root/.spamassassin/auto-whitelist.mutex: link ok 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /root/.spamassassin/auto-whitelist 12:23:06 [10417] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865, autolearn score: 2.865, mean: undef, IP: undef 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and unlocking 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking lock 12:23:06 [10417] dbg: locker: safe_unlock: unlocked /root/.spamassassin/auto-whitelist.mutex 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled body tests 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled uri tests 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled rawbody tests 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled full tests 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 12:23:06 [10417] dbg: rules: compiled meta tests 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 12:23:06 [10417] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS 12:23:06 [10417] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID 12:23:06 Building a message batch to scan... ----- Original Message ----- From: "Martin.Hepworth" To: "MailScanner discussion" Sent: Monday, July 07, 2008 12:08 PM Subject: RE: MailScanner on FC8 don't pickup emails > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Luciano Grego >> Sent: 07 July 2008 11:00 >> To: MailScanner discussion >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> >> ----- Original Message ----- >> From: "Martin.Hepworth" >> To: "MailScanner discussion" >> Sent: Monday, July 07, 2008 11:06 AM >> Subject: RE: MailScanner on FC8 don't pickup emails >> >> >> >I would have thought you'd need to change the Lock Type to >> the default >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >> change this) >> > >> > Also a "MailScanner --debug --debug-sa" output to a >> pastebin or web page >> > (as they can be large) would be interesting to see? >> > >> > What install instructions have you followed? >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> Of Luciano Grego >> >> Sent: 07 July 2008 09:54 >> >> To: mailscanner@lists.mailscanner.info >> >> Subject: MailScanner on FC8 don't pickup emails >> >> >> >> Hi, >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >> 4.71.2-2). >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >> >> It' s a locking problem? >> >> Must reinstall with --nodeps? >> >> >> >> Here 'MailScanner --lint': >> >> >> >> Trying to setlogsock(unix) >> >> Read 824 hostnames from the phishing whitelist Read 3052 >> >> hostnames from the phishing blacklist Checking version numbers... >> >> Version number in MailScanner.conf (4.71.2) is correct. >> >> >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> >> >> Checking for SpamAssassin errors (if you use it)... >> >> SpamAssassin temporary working directory is >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> SpamAssassin temp dir = >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> Using SpamAssassin results cache >> >> Connected to SpamAssassin cache database SpamAssassin >> >> reported no errors. >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >> >> Found these virus scanners installed: clamavmodule >> >> ============================================================== >> >> ============= >> >> Virus and Content Scanning: Starting >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >> >> Eicar-Test-Signature FOUND >> >> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >> >> Eicar-Test-Signature FOUND >> >> >> >> Virus Scanning: ClamAV found 2 infections Infected message >> >> 1.message came from Infected message 1 came from 10.1.1.1 >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >> >> Checks: Found 1 problems >> >> ============================================================== >> >> ============= >> >> Virus Scanner test reports: >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> >> >> If any of your virus scanners (clamavmodule) are not listed >> >> there, you should check that they are installed correctly and >> >> that MailScanner is finding them correctly via its >> >> virus.scanners.conf. >> >> >> >> >> >> -- >> >> >> >> Here 'MailScanner -v': >> >> Running on >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >> >> >> >> This is MailScanner version 4.71.2 >> >> Module versions are: >> >> 1.00 AnyDBM_File >> >> 1.20 Archive::Zip >> >> 0.21 bignum >> >> 1.04 Carp >> >> 2.005 Compress::Zlib >> >> 1.119 Convert::BinHex >> >> 0.17 Convert::TNEF >> >> 2.121_08 Data::Dumper >> >> 2.27 Date::Parse >> >> 1.00 DirHandle >> >> 1.05 Fcntl >> >> 2.74 File::Basename >> >> 2.09 File::Copy >> >> 2.01 FileHandle >> >> 1.08 File::Path >> >> 0.20 File::Temp >> >> 0.90 Filesys::Df >> >> 1.35 HTML::Entities >> >> 3.56 HTML::Parser >> >> 2.37 HTML::TokeParser >> >> 1.23 IO >> >> 1.14 IO::File >> >> 1.13 IO::Pipe >> >> 2.02 Mail::Header >> >> 1.86 Math::BigInt >> >> 0.19 Math::BigRat >> >> 3.07 MIME::Base64 >> >> 5.425 MIME::Decoder >> >> 5.425 MIME::Decoder::UU >> >> 5.425 MIME::Head >> >> 5.425 MIME::Parser >> >> 3.07 MIME::QuotedPrint >> >> 5.425 MIME::Tools >> >> 0.11 Net::CIDR >> >> 1.25 Net::IP >> >> 0.16 OLE::Storage_Lite >> >> 1.04 Pod::Escapes >> >> 3.05 Pod::Simple >> >> 1.09 POSIX >> >> 1.19 Scalar::Util >> >> 1.78 Socket >> >> 2.15 Storable >> >> 1.4 Sys::Hostname::Long >> >> 0.18 Sys::Syslog >> >> 1.26 Test::Pod >> >> 0.78 Test::Simple >> >> 1.86 Time::HiRes >> >> 1.02 Time::localtime >> >> >> >> Optional module versions are: >> >> 1.34 Archive::Tar >> >> 0.21 bignum >> >> 1.82 Business::ISBN >> >> 1.10 Business::ISBN::Data >> >> 1.08 Data::Dump >> >> 1.815 DB_File >> >> 1.14 DBD::SQLite >> >> 1.58 DBI >> >> 1.15 Digest >> >> 1.01 Digest::HMAC >> >> 2.36 Digest::MD5 >> >> 2.11 Digest::SHA1 >> >> 1.00 Encode::Detect >> >> 0.17010 Error >> >> 0.18 ExtUtils::CBuilder >> >> 2.18 ExtUtils::ParseXS >> >> 2.36 Getopt::Long >> >> 0.44 Inline >> >> 1.08 IO::String >> >> 1.07 IO::Zlib >> >> 2.21 IP::Country >> >> 0.22 Mail::ClamAV >> >> 3.002005 Mail::SpamAssassin >> >> v2.005 Mail::SPF >> >> 1.999001 Mail::SPF::Query >> >> 0.2808 Module::Build >> >> 0.20 Net::CIDR::Lite >> >> 0.63 Net::DNS >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >> >> 4.004 NetAddr::IP >> >> 1.94 Parse::RecDescent >> >> missing SAVI >> >> 2.64 Test::Harness >> >> 0.95 Test::Manifest >> >> 1.98 Text::Balanced >> >> 1.35 URI >> >> 0.7203 version >> >> 0.62 YAML >> >> >> >> Thanks >> >> Luciano. >> >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > -- >> > Il messaggio e' stato analizzato alla ricerca di virus o >> > contenuti pericolosi da MailScanner, ed e' >> > risultato non infetto. >> > >> > >> >> HI Martin, >> Lock Type = flock >> ... for test my ideas ... >> >> I've setup this Mailscanner box for my client and >> i' ve reboot the machine friday at 18:45 with new params. >> Now i'm checking logs and i see Mailscanner pickup messages >> from Sunday at >> 15:00. None first! >> MailScanner needs more time for starting up? >> >> I' ve put >> Lock Type = >> now and >> 'service MailScanner restart'. >> Thank you. >> L. >> >> > > Hi > > Anything in the maillog reguarding mailScanner??? > > Should only take a few seconds to get going. > > I'd drop to debug and see if you can spot anything. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Jul 7 12:07:22 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 12:07:36 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: <461154D3BC314695B971D5B750769C3D@LUCIANO> Message-ID: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> Luciano You should be using the rpm version for Fedora installs.. http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz Than follow the rpm based install instructions. You need to configure the MailScanner.conf to point at correct locations for the sendmail queues etc. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Luciano Grego > Sent: 07 July 2008 11:34 > To: MailScanner discussion > Subject: Re: MailScanner on FC8 don't pickup emails > > Hi, > Excuse me for long list ... > But ... in debug mode i should see the email passing through > MailScanner? > > I have not answered your question first: What install > instructions have you followed? > I' ve follow the INSTALL file guide. Untar src file and ./install.sh. > > -- > > mail root [ /var/log ] MailScanner --debug --debug-sa In > Debugging mode, not forking... > Trying to setlogsock(unix) > 12:23:04 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > 12:23:04 [10417] dbg: logger: adding facilities: all > 12:23:04 [10417] dbg: logger: logging level is DBG > 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 > 12:23:04 [10417] dbg: config: score set 0 chosen. > 12:23:04 [10417] dbg: util: running in taint mode? no > 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes > 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 > 12:23:04 [10417] dbg: ignore: test message to precompile > patterns and load modules > 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" > for site rules pre files > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/init.pre > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/v310.pre > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/v312.pre > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/v320.pre > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005" for sys rules pre files > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005" for default rules dir > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf > 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" > for site rules dir > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Hashcash > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SPF from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 > from @INC > 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC > 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop > from @INC > 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AWL from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Check from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDetail > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Bayes from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::BodyEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::DNSEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HeaderEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WLBLEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::VBounce > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ImageInfo > from @INC > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def > ault_prefs.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de > fault_prefs.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def > ault_prefs.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv > ance_fee.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad > vance_fee.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv > ance_fee.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod > y_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo > dy_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod > y_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com > pensate.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co > mpensate.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com > pensate.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns > bl_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn > sbl_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns > bl_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr > ugs.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy > nrdns.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak > e_helo_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa > ke_helo_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak > e_helo_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea > d_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he > ad_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea > d_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm > l_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht > ml_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm > l_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima > geinfo.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im > ageinfo.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima > geinfo.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met > a_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me > ta_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met > a_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net > _tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne > t_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net > _tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph > rases.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po > rn.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra > tware.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri > _tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur > i_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri > _tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb > ounce.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba > yes.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac > cessdb.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant > ivirus.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an > tivirus.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant > ivirus.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as > n.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc > c.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk > im.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom > ainkeys.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do > mainkeys.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom > ainkeys.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha > shcash.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py > zor.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra > zor2.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re > place.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp > f.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te > xtcat.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur > ibl.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_de.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_fr.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_it.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_nl.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_pl.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex > t_pt_br.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te > xt_pt_br.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex > t_pt_br.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc > ores.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw > l.cf" for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho > rtcircuit.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh > ortcircuit.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho > rtcircuit.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh > itelist.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_dk.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh > itelist_dk.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_dk.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_dkim.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh > itelist_dkim.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_dkim.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_spf.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh > itelist_spf.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_spf.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_subject.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh > itelist_subject.cf" > for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi > telist_subject.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac > tive.cf" for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re > moved.cf" for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc > ores.cf" for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add > itional.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad > ditional.cf" > for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add > itional.cf > 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: > __MO_OL_C65FA > 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: > __XM_OL_A842E > 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: > __MO_OL_8627E > __MO_OL_F3B05 > 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: > __RATWARE_0_TZ_DATE > 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: > __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 > __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 > __XM_OL_F475E __XM_OL_F6D01 > 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged > duplicates: __MSGID_VGA > 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > HS_SUBJ_NEW_SOFTWARE > 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: > __HAS_MSMAIL_PRI > 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: > __MO_OL_6554A > 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: > __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B > __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 > __XM_OL_F3B05 __XM_OL_FF5C8 > 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: > __MO_OL_B30D1 __MO_OL_CF0C0 > 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: > KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 > KAM_STOCKTIP6 > 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: > __MO_OL_4F240 > __MO_OL_ADFF7 > 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: > __MO_OL_BC7E6 > 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: > __MO_OL_4EEDB __MO_OL_7533E > 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: > __MO_OL_B4B40 > 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: > __HAS_ANY_URI > 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: > __XM_OL_EF20B > 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: > BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER > DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 > FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE > OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX > URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS > URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED > XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY > YOUR_CRD_RATING > 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: > __MO_OL_A842E > 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: > __MO_OL_FF5C8 > 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: > __MO_OL_F6D01 > 12:23:05 [10417] dbg: conf: finish parsing > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) > implements 'finish_parsing_end', priority 0 > 12:23:05 [10417] dbg: replacetags: replacing tags > 12:23:05 [10417] dbg: replacetags: done replacing tags > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__toks > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__seen > 12:23:05 [10417] dbg: bayes: found bayes db version 3 > 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 > 12:23:05 [10417] dbg: bayes: not available for scanning, only > 1 spam(s) in bayes DB < 200 > 12:23:05 [10417] dbg: bayes: untie-ing > 12:23:05 [10417] dbg: config: score set 1 chosen. > 12:23:05 [10417] dbg: message: main message type: text/plain > 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- > 12:23:05 [10417] dbg: message: parsing normal part > 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) > implements 'check_start', priority 0 > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__toks > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__seen > 12:23:05 [10417] dbg: bayes: found bayes db version 3 > 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 > 12:23:05 [10417] dbg: bayes: not available for scanning, only > 1 spam(s) in bayes DB < 200 > 12:23:05 [10417] dbg: bayes: untie-ing > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements > 'check_main', priority 0 > 12:23:05 [10417] dbg: conf: trusted_networks are not > configured; it is recommended that you configure > trusted_networks manually > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) > implements 'extract_metadata', priority 0 > 12:23:05 [10417] dbg: metadata: X-Relay-Countries: > 12:23:05 [10417] dbg: message: no encoding detected > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) > implements 'parsed_metadata', priority 0 > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) > implements 'parsed_metadata', priority 0 > 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes > 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 > 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, > LocalAddr: 0.0.0.0 > 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is > 110592 bytes > 12:23:05 [10417] dbg: dns: dns_available set to yes in config > file, skipping test > 12:23:05 [10417] dbg: uridnsbl: domains to query: > 12:23:05 [10417] dbg: dns: checking RBL > sa-other.bondedsender.org., set bsp-untrusted > 12:23:05 [10417] dbg: dns: checking RBL > plus.bondedsender.org., set ssc-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl > 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop > 12:23:05 [10417] dbg: dns: checking RBL > dob.sibl.support-intelligence.net., > set dob > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., > set zen-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set > sorbs-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., > set zen-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set > dnswl-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL > sa-accredit.habeas.com., set habeas-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set > dsbl-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL > sa-trusted.bondedsender.org., set bsp-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen > 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set > iadb-firsttrusted > 12:23:05 [10417] dbg: check: running tests for priority: -1000 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: eval: all '*From' addrs: > ignore@compiling.spamassassin.taint.org > 12:23:05 [10417] dbg: eval: all '*To' addrs: > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -950 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -900 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -400 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: 0 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF > ======> got hit: > "UNSET" > 12:23:05 [10417] dbg: rules: ran header rule > __MSOE_MID_WRONG_CASE ======> got hit: " > 12:23:05 [10417] dbg: rules: Message-Id: " > 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE > ======> got hit: > "UNSET" > 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST > ======> got > hit: "@spamassassin_spamd_init>" > 12:23:05 [10417] dbg: rules: ran header rule > __MSGID_OK_DIGITS ======> got > hit: "1215426184" > 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID > ======> got hit: > "<" > 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID > ======> got hit: > "<1215426184.34281@spamassassin_spamd_init> > 12:23:05 [10417] dbg: rules: " > 12:23:05 [10417] dbg: spf: checking to see if the message has > a Received-SPF header that we can use > 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks > 12:23:05 [10417] dbg: spf: no suitable relay for spf use > found, skipping SPF-helo check > 12:23:05 [10417] dbg: spf: already checked for Received-SPF > headers, proceeding with DNS based checks > 12:23:05 [10417] dbg: spf: no suitable relay for spf use > found, skipping SPF check > 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> > got hit (1) > 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already > checked spf and didn't get pass, skipping whitelist check > 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID > ======> got hit > (1) > 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS > ======> got hit > (1) > 12:23:05 [10417] dbg: spf: whitelist_from_spf: already > checked spf and didn't get pass, skipping whitelist check > 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY > ======> got hit: > "I" > 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: eval: stock info total: 0 > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY > ======> got hit: > "need" > 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: info: entering helper-app run mode > 12:23:06 [10417] dbg: info: leaving helper-app run mode > 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 > 12:23:06 [10417] dbg: razor2: results: spam? 0 > 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 > 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 > 12:23:06 [10417] dbg: util: current PATH is: > /sbin:/bin:/usr/sbin:/usr/bin > 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor > executable found > 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor > 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: running tests for priority: 500 > 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries > 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled head tests > 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled body tests > 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled uri tests > 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled rawbody tests > 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled full tests > 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has > undefined dependency 'DCC_CHECK' > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: running tests for priority: 1000 > 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled head tests > 12:23:06 [10417] dbg: locker: safe_lock: created > /root/.spamassassin/auto-whitelist.mutex > 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock > on /root/.spamassassin/auto-whitelist with 30 timeout > 12:23:06 [10417] dbg: locker: safe_lock: link to > /root/.spamassassin/auto-whitelist.mutex: link ok > 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of > type DB_File R/W in /root/.spamassassin/auto-whitelist > 12:23:06 [10417] dbg: auto-whitelist: db-based > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: > 2.865, autolearn score: 2.865, mean: undef, IP: undef > 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing > and unlocking > 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file > locked, breaking lock > 12:23:06 [10417] dbg: locker: safe_unlock: unlocked > /root/.spamassassin/auto-whitelist.mutex > 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 > 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled body tests > 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled uri tests > 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled rawbody tests > 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled full tests > 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 > 12:23:06 [10417] dbg: check: > tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED > ,NO_RELAYS > 12:23:06 [10417] dbg: check: > subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O > K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV > D_BODY,__UNUSABLE_MSGID > 12:23:06 Building a message batch to scan... > > > > ----- Original Message ----- > From: "Martin.Hepworth" > To: "MailScanner discussion" > Sent: Monday, July 07, 2008 12:08 PM > Subject: RE: MailScanner on FC8 don't pickup emails > > > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Luciano Grego > >> Sent: 07 July 2008 11:00 > >> To: MailScanner discussion > >> Subject: Re: MailScanner on FC8 don't pickup emails > >> > >> > >> ----- Original Message ----- > >> From: "Martin.Hepworth" > >> To: "MailScanner discussion" > >> Sent: Monday, July 07, 2008 11:06 AM > >> Subject: RE: MailScanner on FC8 don't pickup emails > >> > >> > >> >I would have thought you'd need to change the Lock Type to > >> the default > >> >(blank) as sendmail 8.14 usually uses posix (unless fedora > >> change this) > >> > > >> > Also a "MailScanner --debug --debug-sa" output to a > >> pastebin or web page > >> > (as they can be large) would be interesting to see? > >> > > >> > What install instructions have you followed? > >> > > >> > -- > >> > Martin Hepworth > >> > Snr Systems Administrator > >> > Solid State Logic > >> > Tel: +44 (0)1865 842300 > >> > > >> >> -----Original Message----- > >> >> From: mailscanner-bounces@lists.mailscanner.info > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> >> Of Luciano Grego > >> >> Sent: 07 July 2008 09:54 > >> >> To: mailscanner@lists.mailscanner.info > >> >> Subject: MailScanner on FC8 don't pickup emails > >> >> > >> >> Hi, > >> >> I' ve installed Fedora Core 8 and updated at latest fix, then > >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and > >> 4.71.2-2). > >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. > >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). > >> >> It' s a locking problem? > >> >> Must reinstall with --nodeps? > >> >> > >> >> Here 'MailScanner --lint': > >> >> > >> >> Trying to setlogsock(unix) > >> >> Read 824 hostnames from the phishing whitelist Read 3052 > >> >> hostnames from the phishing blacklist Checking version > numbers... > >> >> Version number in MailScanner.conf (4.71.2) is correct. > >> >> > >> >> Your envelope_sender_header in spam.assassin.prefs.conf > is correct. > >> >> > >> >> Checking for SpamAssassin errors (if you use it)... > >> >> SpamAssassin temporary working directory is > >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> >> SpamAssassin temp dir = > >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> >> Using SpamAssassin results cache > >> >> Connected to SpamAssassin cache database SpamAssassin > >> >> reported no errors. > >> >> ClamAV scanner using unrar command /usr/bin/unrar Using > >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" > >> >> Found these virus scanners installed: clamavmodule > >> >> ============================================================== > >> >> ============= > >> >> Virus and Content Scanning: Starting > >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: > >> >> Eicar-Test-Signature FOUND > >> >> > >> >> /var/spool/MailScanner/incoming/9520/./1.message: > >> >> Eicar-Test-Signature FOUND > >> >> > >> >> Virus Scanning: ClamAV found 2 infections Infected message > >> >> 1.message came from Infected message 1 came from 10.1.1.1 > >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 > >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other > >> >> Checks: Found 1 problems > >> >> ============================================================== > >> >> ============= > >> >> Virus Scanner test reports: > >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" > >> >> > >> >> If any of your virus scanners (clamavmodule) are not listed > >> >> there, you should check that they are installed correctly and > >> >> that MailScanner is finding them correctly via its > >> >> virus.scanners.conf. > >> >> > >> >> > >> >> -- > >> >> > >> >> Here 'MailScanner -v': > >> >> Running on > >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT > >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 > >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) > >> >> > >> >> This is MailScanner version 4.71.2 > >> >> Module versions are: > >> >> 1.00 AnyDBM_File > >> >> 1.20 Archive::Zip > >> >> 0.21 bignum > >> >> 1.04 Carp > >> >> 2.005 Compress::Zlib > >> >> 1.119 Convert::BinHex > >> >> 0.17 Convert::TNEF > >> >> 2.121_08 Data::Dumper > >> >> 2.27 Date::Parse > >> >> 1.00 DirHandle > >> >> 1.05 Fcntl > >> >> 2.74 File::Basename > >> >> 2.09 File::Copy > >> >> 2.01 FileHandle > >> >> 1.08 File::Path > >> >> 0.20 File::Temp > >> >> 0.90 Filesys::Df > >> >> 1.35 HTML::Entities > >> >> 3.56 HTML::Parser > >> >> 2.37 HTML::TokeParser > >> >> 1.23 IO > >> >> 1.14 IO::File > >> >> 1.13 IO::Pipe > >> >> 2.02 Mail::Header > >> >> 1.86 Math::BigInt > >> >> 0.19 Math::BigRat > >> >> 3.07 MIME::Base64 > >> >> 5.425 MIME::Decoder > >> >> 5.425 MIME::Decoder::UU > >> >> 5.425 MIME::Head > >> >> 5.425 MIME::Parser > >> >> 3.07 MIME::QuotedPrint > >> >> 5.425 MIME::Tools > >> >> 0.11 Net::CIDR > >> >> 1.25 Net::IP > >> >> 0.16 OLE::Storage_Lite > >> >> 1.04 Pod::Escapes > >> >> 3.05 Pod::Simple > >> >> 1.09 POSIX > >> >> 1.19 Scalar::Util > >> >> 1.78 Socket > >> >> 2.15 Storable > >> >> 1.4 Sys::Hostname::Long > >> >> 0.18 Sys::Syslog > >> >> 1.26 Test::Pod > >> >> 0.78 Test::Simple > >> >> 1.86 Time::HiRes > >> >> 1.02 Time::localtime > >> >> > >> >> Optional module versions are: > >> >> 1.34 Archive::Tar > >> >> 0.21 bignum > >> >> 1.82 Business::ISBN > >> >> 1.10 Business::ISBN::Data > >> >> 1.08 Data::Dump > >> >> 1.815 DB_File > >> >> 1.14 DBD::SQLite > >> >> 1.58 DBI > >> >> 1.15 Digest > >> >> 1.01 Digest::HMAC > >> >> 2.36 Digest::MD5 > >> >> 2.11 Digest::SHA1 > >> >> 1.00 Encode::Detect > >> >> 0.17010 Error > >> >> 0.18 ExtUtils::CBuilder > >> >> 2.18 ExtUtils::ParseXS > >> >> 2.36 Getopt::Long > >> >> 0.44 Inline > >> >> 1.08 IO::String > >> >> 1.07 IO::Zlib > >> >> 2.21 IP::Country > >> >> 0.22 Mail::ClamAV > >> >> 3.002005 Mail::SpamAssassin > >> >> v2.005 Mail::SPF > >> >> 1.999001 Mail::SPF::Query > >> >> 0.2808 Module::Build > >> >> 0.20 Net::CIDR::Lite > >> >> 0.63 Net::DNS > >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP > >> >> 4.004 NetAddr::IP > >> >> 1.94 Parse::RecDescent > >> >> missing SAVI > >> >> 2.64 Test::Harness > >> >> 0.95 Test::Manifest > >> >> 1.98 Text::Balanced > >> >> 1.35 URI > >> >> 0.7203 version > >> >> 0.62 YAML > >> >> > >> >> Thanks > >> >> Luciano. > >> >> > > > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> > -- > >> > Il messaggio e' stato analizzato alla ricerca di virus o > >> > contenuti pericolosi da MailScanner, ed e' > >> > risultato non infetto. > >> > > >> > > >> > >> HI Martin, > >> Lock Type = flock > >> ... for test my ideas ... > >> > >> I've setup this Mailscanner box for my client and > >> i' ve reboot the machine friday at 18:45 with new params. > >> Now i'm checking logs and i see Mailscanner pickup messages > >> from Sunday at > >> 15:00. None first! > >> MailScanner needs more time for starting up? > >> > >> I' ve put > >> Lock Type = > >> now and > >> 'service MailScanner restart'. > >> Thank you. > >> L. > >> > >> > > > > Hi > > > > Anything in the maillog reguarding mailScanner??? > > > > Should only take a few seconds to get going. > > > > I'd drop to debug and see if you can spot anything. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Il messaggio e' stato analizzato alla ricerca di virus o > > contenuti pericolosi da MailScanner, ed e' > > risultato non infetto. > > > > > > > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From alex at rtpty.com Mon Jul 7 12:46:10 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jul 7 12:46:31 2008 Subject: Non-English testers? In-Reply-To: <4871DA46.8050906@utwente.nl> References: <486D352F.1040002@ecs.soton.ac.uk> <486D3C1B.9090604@ecs.soton.ac.uk> <4871DA46.8050906@utwente.nl> Message-ID: <32095F2B-DCA3-44CD-8D39-BAA1532C018F@rtpty.com> Have you tried googling +filetype:doc or +filetype:docx for a sample? Sent from my iPhone On Jul 7, 2008, at 3:56 AM, Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote on 3-7-2008 22:52: > >>> One other thing, if somebody here could be so kind to try out Office >>> 2007 documents and/or Word documents with pictures and stuff >>> embedded >>> within which *themselves* have international characters... Well, >>> just >>> to be on the exaggerated safe side, if you catch my drift. >> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword >> doesn't >> support them. If anyone has a way of managing to read them, I would >> be >> very interested to hear it. Or even just some helpful ideas. > > According to > http://www.oooninja.com/2008/01/convert-openxml-docx-etc-in-linux-using.html > odfconverter also supports docx. I haven't been able to test it > because > I don't have access to a docx file. > > - -- > Peter Peters, Teamleider Unix/Linux-Beheer > ICT-Servicecentrum > Universiteit Twente, Postbus 217, 7500 AE Enschede > Telefoon 053 489 2301, Fax 053 489 2383, > P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIcdpFelLo80lrIdIRAvglAKCYBJ0XPQ1+21G8aWNp3Ufma5XeVwCaAlGh > ZKs/loX0ox0QnWvoMP+cbRc= > =45rn > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jra at baylink.com Mon Jul 7 13:24:37 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jul 7 13:24:49 2008 Subject: Phishing Links In-Reply-To: References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> Message-ID: <20080707122437.GA19043@cgi.jachomes.com> On Thu, Jul 03, 2008 at 08:48:47AM -0700, Scott Silva wrote: > on 7-3-2008 6:58 AM Pedro Bordin Hoffmann - [M]orpheus spake the following: > >When Mailscanner finds some phishing link, it puts a message that this > >link may be some phishing, but it don't remove the link. > > > >Is there a way to remove links that mailscanner thinks is phishing? > > > >Thanks! > > > But what if it is wrong? > Then you have removed links that might be legitimate. > Not all links that "look phishy" are phishing attempts. Indeed; this is a topic the RISKS Digest covers fairly often: lots of legitimate organizations sub out their emailing, to companies that aren't smart enough to not make legit emails *look* like phishes. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From jra at baylink.com Mon Jul 7 13:26:58 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jul 7 13:27:08 2008 Subject: Non-English testers? In-Reply-To: <486D3C1B.9090604@ecs.soton.ac.uk> References: <486D352F.1040002@ecs.soton.ac.uk> <486D3C1B.9090604@ecs.soton.ac.uk> Message-ID: <20080707122658.GB19043@cgi.jachomes.com> On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote: > The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't > support them. If anyone has a way of managing to read them, I would be > very interested to hear it. Or even just some helpful ideas. But, but... .docx is this wonderful, open, XML based file format that's easy to parse. Right? I mean, that's what Microsoft has been telling us... :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From lucianog at metline.it Mon Jul 7 13:52:46 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 13:53:38 2008 Subject: MailScanner on FC8 don't pickup emails References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>, <461154D3BC314695B971D5B750769C3D@LUCIANO> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B8599@server02.bhl.local> Message-ID: <870FA5DFD90F4230BE12BFC138711E3A@LUCIANO> Hi Jason, I' ve configured and tested sendmail previous of Mailscanner leaving sendmail mostly at default. The box accept email from 1 domain and deliver on local mailboxes. After installing the RPM version of MailScanner plus Spamassassin / clamAV from Mailscanner website, i' ve stopped sendmail and starting MailScanner. ( chkconfig sendmail off, chkconfig MailScanner on + reboot ) I've compiled with $LANG set to default on Fedora ( LANG="it_IT.UTF-8" ) but i remember to change this in LANG=it_IT in the past ( 2/3 year ago ... ). It's the proper option again? Luciano ----- Original Message ----- From: "Jason Ede" To: "MailScanner discussion" Sent: Monday, July 07, 2008 12:42 PM Subject: RE: MailScanner on FC8 don't pickup emails > > Have you configured your MTA to work with MailScanner properly? > > Jason > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Luciano Grego > [lucianog@metline.it] > Sent: 07 July 2008 11:33 > To: MailScanner discussion > Subject: Re: MailScanner on FC8 don't pickup emails > > Hi, > Excuse me for long list ... > But ... in debug mode i should see the email passing through MailScanner? > > I have not answered your question first: What install instructions have > you > followed? > I' ve follow the INSTALL file guide. Untar src file and ./install.sh. > > -- > > mail root [ /var/log ] MailScanner --debug --debug-sa > In Debugging mode, not forking... > Trying to setlogsock(unix) > 12:23:04 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > 12:23:04 [10417] dbg: logger: adding facilities: all > 12:23:04 [10417] dbg: logger: logging level is DBG > 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 > 12:23:04 [10417] dbg: config: score set 0 chosen. > 12:23:04 [10417] dbg: util: running in taint mode? no > 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes > 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 > 12:23:04 [10417] dbg: ignore: test message to precompile patterns and load > modules > 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site > rules > pre files > 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre > 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre > 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre > 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre > 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for > sys > rules pre files > 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for > default rules dir > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf > 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site > rules > dir > 12:23:04 [10417] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from > @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 > from @INC > 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor > from > @INC > 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop > from @INC > 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from > @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check > from > @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDetail > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes > from > @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HeaderEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval > from @INC > 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce > from @INC > 12:23:04 [10417] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ImageInfo > from @INC > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > 12:23:04 [10417] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" > for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for > included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf > 12:23:04 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf > 12:23:04 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" > for included file > 12:23:04 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" > for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for > included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" > for > included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for > included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > 12:23:05 [10417] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf > 12:23:05 [10417] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" > for included file > 12:23:05 [10417] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf > 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: > __MO_OL_C65FA > 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: > __XM_OL_A842E > 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: > __MO_OL_8627E > __MO_OL_F3B05 > 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: > __RATWARE_0_TZ_DATE > 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: > __XM_OL_25340 > __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF > __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 > 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA > 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > HS_SUBJ_NEW_SOFTWARE > 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: > __HAS_MSMAIL_PRI > 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: > __MO_OL_6554A > 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: > __XM_OL_4BF4C > __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 > __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 > 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: > __MO_OL_B30D1 > __MO_OL_CF0C0 > 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: > KAM_STOCKTIP15 > KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 > 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: > __MO_OL_4F240 > __MO_OL_ADFF7 > 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: > __MO_OL_BC7E6 > 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: > __MO_OL_4EEDB > __MO_OL_7533E > 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: > __MO_OL_B4B40 > 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: > __HAS_ANY_URI > 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: > __XM_OL_EF20B > 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: > BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF > DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 > HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE > URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS > URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED > XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY > YOUR_CRD_RATING > 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: > __MO_OL_A842E > 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: > __MO_OL_FF5C8 > 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: > __MO_OL_F6D01 > 12:23:05 [10417] dbg: conf: finish parsing > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements > 'finish_parsing_end', priority 0 > 12:23:05 [10417] dbg: replacetags: replacing tags > 12:23:05 [10417] dbg: replacetags: done replacing tags > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__toks > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__seen > 12:23:05 [10417] dbg: bayes: found bayes db version 3 > 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 > 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in > bayes DB < 200 > 12:23:05 [10417] dbg: bayes: untie-ing > 12:23:05 [10417] dbg: config: score set 1 chosen. > 12:23:05 [10417] dbg: message: main message type: text/plain > 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- > 12:23:05 [10417] dbg: message: parsing normal part > 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements > 'check_start', priority 0 > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__toks > 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes__seen > 12:23:05 [10417] dbg: bayes: found bayes db version 3 > 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 > 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in > bayes DB < 200 > 12:23:05 [10417] dbg: bayes: untie-ing > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main', > priority 0 > 12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is > recommended that you configure trusted_networks manually > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: > 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements > 'extract_metadata', priority 0 > 12:23:05 [10417] dbg: metadata: X-Relay-Countries: > 12:23:05 [10417] dbg: message: no encoding detected > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements > 'parsed_metadata', priority 0 > 12:23:05 [10417] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements > 'parsed_metadata', priority 0 > 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes > 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 > 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0 > 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes > 12:23:05 [10417] dbg: dns: dns_available set to yes in config file, > skipping > test > 12:23:05 [10417] dbg: uridnsbl: domains to query: > 12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set > bsp-untrusted > 12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set > ssc-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl > 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop > 12:23:05 [10417] dbg: dns: checking RBL > dob.sibl.support-intelligence.net., > set dob > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set > zen-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set > sorbs-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set > zen-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set > dnswl-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set > habeas-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set > dsbl-lastexternal > 12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set > bsp-firsttrusted > 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen > 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set > iadb-firsttrusted > 12:23:05 [10417] dbg: check: running tests for priority: -1000 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: eval: all '*From' addrs: > ignore@compiling.spamassassin.taint.org > 12:23:05 [10417] dbg: eval: all '*To' addrs: > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -950 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -900 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: -400 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: running body tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: running full tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled meta tests > 12:23:05 [10417] dbg: check: running tests for priority: 0 > 12:23:05 [10417] dbg: rules: running head tests; score so far=0 > 12:23:05 [10417] dbg: rules: compiled head tests > 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got > hit: > "UNSET" > 12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> > got hit: " > 12:23:05 [10417] dbg: rules: Message-Id: " > 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit: > "UNSET" > 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got > hit: "@spamassassin_spamd_init>" > 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got > hit: "1215426184" > 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit: > "<" > 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > "<1215426184.34281@spamassassin_spamd_init> > 12:23:05 [10417] dbg: rules: " > 12:23:05 [10417] dbg: spf: checking to see if the message has a > Received-SPF > header that we can use > 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks > 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping > SPF-helo check > 12:23:05 [10417] dbg: spf: already checked for Received-SPF headers, > proceeding with DNS based checks > 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping > SPF > check > 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) > 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and > didn't get pass, skipping whitelist check > 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got > hit > (1) > 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit > (1) > 12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and > didn't get pass, skipping whitelist check > 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled body tests > 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got > hit: > "I" > 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled uri tests > 12:23:05 [10417] dbg: eval: stock info total: 0 > 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled rawbody tests > 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: > "need" > 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 > 12:23:05 [10417] dbg: rules: compiled full tests > 12:23:05 [10417] dbg: info: entering helper-app run mode > 12:23:06 [10417] dbg: info: leaving helper-app run mode > 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 > 12:23:06 [10417] dbg: razor2: results: spam? 0 > 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 > 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 > 12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin > 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable > found > 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor > 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: running tests for priority: 500 > 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries > 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled head tests > 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled body tests > 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled uri tests > 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled rawbody tests > 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: compiled full tests > 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 > 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined > dependency 'DCC_CHECK' > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: running tests for priority: 1000 > 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled head tests > 12:23:06 [10417] dbg: locker: safe_lock: created > /root/.spamassassin/auto-whitelist.mutex > 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > 12:23:06 [10417] dbg: locker: safe_lock: link to > /root/.spamassassin/auto-whitelist.mutex: link ok > 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File > R/W > in /root/.spamassassin/auto-whitelist > 12:23:06 [10417] dbg: auto-whitelist: db-based > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865, > autolearn score: 2.865, mean: undef, IP: undef > 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and > unlocking > 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking > lock > 12:23:06 [10417] dbg: locker: safe_unlock: unlocked > /root/.spamassassin/auto-whitelist.mutex > 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 > 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled body tests > 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled uri tests > 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled rawbody tests > 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled full tests > 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 > 12:23:06 [10417] dbg: rules: compiled meta tests > 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 > 12:23:06 [10417] dbg: check: > tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS > 12:23:06 [10417] dbg: check: > subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID > 12:23:06 Building a message batch to scan... > > > > ----- Original Message ----- > From: "Martin.Hepworth" > To: "MailScanner discussion" > Sent: Monday, July 07, 2008 12:08 PM > Subject: RE: MailScanner on FC8 don't pickup emails > > >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Luciano Grego >>> Sent: 07 July 2008 11:00 >>> To: MailScanner discussion >>> Subject: Re: MailScanner on FC8 don't pickup emails >>> >>> >>> ----- Original Message ----- >>> From: "Martin.Hepworth" >>> To: "MailScanner discussion" >>> Sent: Monday, July 07, 2008 11:06 AM >>> Subject: RE: MailScanner on FC8 don't pickup emails >>> >>> >>> >I would have thought you'd need to change the Lock Type to >>> the default >>> >(blank) as sendmail 8.14 usually uses posix (unless fedora >>> change this) >>> > >>> > Also a "MailScanner --debug --debug-sa" output to a >>> pastebin or web page >>> > (as they can be large) would be interesting to see? >>> > >>> > What install instructions have you followed? >>> > >>> > -- >>> > Martin Hepworth >>> > Snr Systems Administrator >>> > Solid State Logic >>> > Tel: +44 (0)1865 842300 >>> > >>> >> -----Original Message----- >>> >> From: mailscanner-bounces@lists.mailscanner.info >>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> >> Of Luciano Grego >>> >> Sent: 07 July 2008 09:54 >>> >> To: mailscanner@lists.mailscanner.info >>> >> Subject: MailScanner on FC8 don't pickup emails >>> >> >>> >> Hi, >>> >> I' ve installed Fedora Core 8 and updated at latest fix, then >>> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >>> 4.71.2-2). >>> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >>> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >>> >> It' s a locking problem? >>> >> Must reinstall with --nodeps? >>> >> >>> >> Here 'MailScanner --lint': >>> >> >>> >> Trying to setlogsock(unix) >>> >> Read 824 hostnames from the phishing whitelist Read 3052 >>> >> hostnames from the phishing blacklist Checking version numbers... >>> >> Version number in MailScanner.conf (4.71.2) is correct. >>> >> >>> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >> >>> >> Checking for SpamAssassin errors (if you use it)... >>> >> SpamAssassin temporary working directory is >>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> >> SpamAssassin temp dir = >>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> >> Using SpamAssassin results cache >>> >> Connected to SpamAssassin cache database SpamAssassin >>> >> reported no errors. >>> >> ClamAV scanner using unrar command /usr/bin/unrar Using >>> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >>> >> Found these virus scanners installed: clamavmodule >>> >> ============================================================== >>> >> ============= >>> >> Virus and Content Scanning: Starting >>> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >>> >> Eicar-Test-Signature FOUND >>> >> >>> >> /var/spool/MailScanner/incoming/9520/./1.message: >>> >> Eicar-Test-Signature FOUND >>> >> >>> >> Virus Scanning: ClamAV found 2 infections Infected message >>> >> 1.message came from Infected message 1 came from 10.1.1.1 >>> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >>> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >>> >> Checks: Found 1 problems >>> >> ============================================================== >>> >> ============= >>> >> Virus Scanner test reports: >>> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >>> >> >>> >> If any of your virus scanners (clamavmodule) are not listed >>> >> there, you should check that they are installed correctly and >>> >> that MailScanner is finding them correctly via its >>> >> virus.scanners.conf. >>> >> >>> >> >>> >> -- >>> >> >>> >> Here 'MailScanner -v': >>> >> Running on >>> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >>> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >>> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >>> >> >>> >> This is MailScanner version 4.71.2 >>> >> Module versions are: >>> >> 1.00 AnyDBM_File >>> >> 1.20 Archive::Zip >>> >> 0.21 bignum >>> >> 1.04 Carp >>> >> 2.005 Compress::Zlib >>> >> 1.119 Convert::BinHex >>> >> 0.17 Convert::TNEF >>> >> 2.121_08 Data::Dumper >>> >> 2.27 Date::Parse >>> >> 1.00 DirHandle >>> >> 1.05 Fcntl >>> >> 2.74 File::Basename >>> >> 2.09 File::Copy >>> >> 2.01 FileHandle >>> >> 1.08 File::Path >>> >> 0.20 File::Temp >>> >> 0.90 Filesys::Df >>> >> 1.35 HTML::Entities >>> >> 3.56 HTML::Parser >>> >> 2.37 HTML::TokeParser >>> >> 1.23 IO >>> >> 1.14 IO::File >>> >> 1.13 IO::Pipe >>> >> 2.02 Mail::Header >>> >> 1.86 Math::BigInt >>> >> 0.19 Math::BigRat >>> >> 3.07 MIME::Base64 >>> >> 5.425 MIME::Decoder >>> >> 5.425 MIME::Decoder::UU >>> >> 5.425 MIME::Head >>> >> 5.425 MIME::Parser >>> >> 3.07 MIME::QuotedPrint >>> >> 5.425 MIME::Tools >>> >> 0.11 Net::CIDR >>> >> 1.25 Net::IP >>> >> 0.16 OLE::Storage_Lite >>> >> 1.04 Pod::Escapes >>> >> 3.05 Pod::Simple >>> >> 1.09 POSIX >>> >> 1.19 Scalar::Util >>> >> 1.78 Socket >>> >> 2.15 Storable >>> >> 1.4 Sys::Hostname::Long >>> >> 0.18 Sys::Syslog >>> >> 1.26 Test::Pod >>> >> 0.78 Test::Simple >>> >> 1.86 Time::HiRes >>> >> 1.02 Time::localtime >>> >> >>> >> Optional module versions are: >>> >> 1.34 Archive::Tar >>> >> 0.21 bignum >>> >> 1.82 Business::ISBN >>> >> 1.10 Business::ISBN::Data >>> >> 1.08 Data::Dump >>> >> 1.815 DB_File >>> >> 1.14 DBD::SQLite >>> >> 1.58 DBI >>> >> 1.15 Digest >>> >> 1.01 Digest::HMAC >>> >> 2.36 Digest::MD5 >>> >> 2.11 Digest::SHA1 >>> >> 1.00 Encode::Detect >>> >> 0.17010 Error >>> >> 0.18 ExtUtils::CBuilder >>> >> 2.18 ExtUtils::ParseXS >>> >> 2.36 Getopt::Long >>> >> 0.44 Inline >>> >> 1.08 IO::String >>> >> 1.07 IO::Zlib >>> >> 2.21 IP::Country >>> >> 0.22 Mail::ClamAV >>> >> 3.002005 Mail::SpamAssassin >>> >> v2.005 Mail::SPF >>> >> 1.999001 Mail::SPF::Query >>> >> 0.2808 Module::Build >>> >> 0.20 Net::CIDR::Lite >>> >> 0.63 Net::DNS >>> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >>> >> 4.004 NetAddr::IP >>> >> 1.94 Parse::RecDescent >>> >> missing SAVI >>> >> 2.64 Test::Harness >>> >> 0.95 Test::Manifest >>> >> 1.98 Text::Balanced >>> >> 1.35 URI >>> >> 0.7203 version >>> >> 0.62 YAML >>> >> >>> >> Thanks >>> >> Luciano. >>> >> >> >>> > -- >>> > MailScanner mailing list >>> > mailscanner@lists.mailscanner.info >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> > -- >>> > Il messaggio e' stato analizzato alla ricerca di virus o >>> > contenuti pericolosi da MailScanner, ed e' >>> > risultato non infetto. >>> > >>> > >>> >>> HI Martin, >>> Lock Type = flock >>> ... for test my ideas ... >>> >>> I've setup this Mailscanner box for my client and >>> i' ve reboot the machine friday at 18:45 with new params. >>> Now i'm checking logs and i see Mailscanner pickup messages >>> from Sunday at >>> 15:00. None first! >>> MailScanner needs more time for starting up? >>> >>> I' ve put >>> Lock Type = >>> now and >>> 'service MailScanner restart'. >>> Thank you. >>> L. >>> >>> >> >> Hi >> >> Anything in the maillog reguarding mailScanner??? >> >> Should only take a few seconds to get going. >> >> I'd drop to debug and see if you can spot anything. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner, ed e' >> risultato non infetto. >> >> > > > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From lucianog at metline.it Mon Jul 7 14:14:15 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 14:17:16 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> Message-ID: I've used the default path in MailScanner.conf. ( INQDIR=/var/spool/mqueue.in ) and leaving MailScanner in /etc/init.d that starting sendmail in agreement. ----- Original Message ----- From: "Martin.Hepworth" To: "MailScanner discussion" Sent: Monday, July 07, 2008 1:07 PM Subject: RE: MailScanner on FC8 don't pickup emails > Luciano > > You should be using the rpm version for Fedora installs.. > > http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz > > Than follow the rpm based install instructions. > > You need to configure the MailScanner.conf to point at correct locations > for the sendmail queues etc. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Luciano Grego >> Sent: 07 July 2008 11:34 >> To: MailScanner discussion >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> Hi, >> Excuse me for long list ... >> But ... in debug mode i should see the email passing through >> MailScanner? >> >> I have not answered your question first: What install >> instructions have you followed? >> I' ve follow the INSTALL file guide. Untar src file and ./install.sh. >> >> -- >> >> mail root [ /var/log ] MailScanner --debug --debug-sa In >> Debugging mode, not forking... >> Trying to setlogsock(unix) >> 12:23:04 SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> 12:23:04 [10417] dbg: logger: adding facilities: all >> 12:23:04 [10417] dbg: logger: logging level is DBG >> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 >> 12:23:04 [10417] dbg: config: score set 0 chosen. >> 12:23:04 [10417] dbg: util: running in taint mode? no >> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes >> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 >> 12:23:04 [10417] dbg: ignore: test message to precompile >> patterns and load modules >> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >> for site rules pre files >> 12:23:04 [10417] dbg: config: read file >> /etc/mail/spamassassin/init.pre >> 12:23:04 [10417] dbg: config: read file >> /etc/mail/spamassassin/v310.pre >> 12:23:04 [10417] dbg: config: read file >> /etc/mail/spamassassin/v312.pre >> 12:23:04 [10417] dbg: config: read file >> /etc/mail/spamassassin/v320.pre >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005" for sys rules pre files >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005" for default rules dir >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf >> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >> for site rules dir >> 12:23:04 [10417] dbg: config: read file >> /etc/mail/spamassassin/mailscanner.cf >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Hashcash >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SPF from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 >> from @INC >> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2, already registered >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop >> from @INC >> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AWL from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry, already registered >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF, already registered >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Check from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDetail >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Bayes from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::BodyEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::DNSEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HTMLEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HeaderEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WLBLEval >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::VBounce >> from @INC >> 12:23:04 [10417] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ImageInfo >> from @INC >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry, already registered >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF, already registered >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >> 12:23:04 [10417] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2, already registered >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >> ault_prefs.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de >> fault_prefs.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >> ault_prefs.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >> ance_fee.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad >> vance_fee.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >> ance_fee.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >> y_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo >> dy_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >> y_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >> pensate.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co >> mpensate.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >> pensate.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >> bl_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn >> sbl_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >> bl_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr >> ugs.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy >> nrdns.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >> e_helo_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa >> ke_helo_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >> e_helo_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >> d_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he >> ad_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >> d_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >> l_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht >> ml_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >> l_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >> geinfo.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im >> ageinfo.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >> geinfo.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >> a_tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me >> ta_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >> a_tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >> _tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne >> t_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >> _tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph >> rases.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po >> rn.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra >> tware.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >> _tests.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur >> i_tests.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >> _tests.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb >> ounce.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba >> yes.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac >> cessdb.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >> ivirus.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an >> tivirus.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >> ivirus.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as >> n.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc >> c.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk >> im.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >> ainkeys.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do >> mainkeys.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >> ainkeys.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha >> shcash.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py >> zor.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra >> zor2.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re >> place.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp >> f.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te >> xtcat.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur >> ibl.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_de.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_fr.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_it.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_nl.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_pl.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >> t_pt_br.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >> xt_pt_br.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >> t_pt_br.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc >> ores.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw >> l.cf" for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >> rtcircuit.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh >> ortcircuit.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >> rtcircuit.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >> itelist.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_dk.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >> itelist_dk.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_dk.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_dkim.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >> itelist_dkim.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_dkim.cf >> 12:23:04 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_spf.cf >> 12:23:04 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >> itelist_spf.cf" >> for included file >> 12:23:04 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_spf.cf >> 12:23:05 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_subject.cf >> 12:23:05 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >> itelist_subject.cf" >> for included file >> 12:23:05 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >> telist_subject.cf >> 12:23:05 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >> 12:23:05 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac >> tive.cf" for included file >> 12:23:05 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >> 12:23:05 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >> 12:23:05 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re >> moved.cf" for included file >> 12:23:05 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >> 12:23:05 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >> 12:23:05 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc >> ores.cf" for included file >> 12:23:05 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >> 12:23:05 [10417] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >> itional.cf >> 12:23:05 [10417] dbg: config: using >> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad >> ditional.cf" >> for included file >> 12:23:05 [10417] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >> itional.cf >> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: >> __MO_OL_C65FA >> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: >> __XM_OL_A842E >> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: >> __MO_OL_8627E >> __MO_OL_F3B05 >> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: >> __RATWARE_0_TZ_DATE >> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: >> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 >> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 >> __XM_OL_F475E __XM_OL_F6D01 >> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged >> duplicates: __MSGID_VGA >> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >> HS_SUBJ_NEW_SOFTWARE >> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: >> __HAS_MSMAIL_PRI >> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: >> __MO_OL_6554A >> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: >> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B >> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 >> __XM_OL_F3B05 __XM_OL_FF5C8 >> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: >> __MO_OL_B30D1 __MO_OL_CF0C0 >> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: >> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 >> KAM_STOCKTIP6 >> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: >> __MO_OL_4F240 >> __MO_OL_ADFF7 >> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: >> __MO_OL_BC7E6 >> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: >> __MO_OL_4EEDB __MO_OL_7533E >> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: >> __MO_OL_B4B40 >> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >> __HAS_ANY_URI >> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: >> __XM_OL_EF20B >> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER >> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 >> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE >> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX >> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS >> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED >> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY >> YOUR_CRD_RATING >> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: >> __MO_OL_A842E >> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: >> __MO_OL_FF5C8 >> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: >> __MO_OL_F6D01 >> 12:23:05 [10417] dbg: conf: finish parsing >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) >> implements 'finish_parsing_end', priority 0 >> 12:23:05 [10417] dbg: replacetags: replacing tags >> 12:23:05 [10417] dbg: replacetags: done replacing tags >> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes__toks >> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes__seen >> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >> 12:23:05 [10417] dbg: bayes: not available for scanning, only >> 1 spam(s) in bayes DB < 200 >> 12:23:05 [10417] dbg: bayes: untie-ing >> 12:23:05 [10417] dbg: config: score set 1 chosen. >> 12:23:05 [10417] dbg: message: main message type: text/plain >> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- >> 12:23:05 [10417] dbg: message: parsing normal part >> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) >> implements 'check_start', priority 0 >> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes__toks >> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes__seen >> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >> 12:23:05 [10417] dbg: bayes: not available for scanning, only >> 1 spam(s) in bayes DB < 200 >> 12:23:05 [10417] dbg: bayes: untie-ing >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements >> 'check_main', priority 0 >> 12:23:05 [10417] dbg: conf: trusted_networks are not >> configured; it is recommended that you configure >> trusted_networks manually >> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: >> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: >> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: >> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >> implements 'extract_metadata', priority 0 >> 12:23:05 [10417] dbg: metadata: X-Relay-Countries: >> 12:23:05 [10417] dbg: message: no encoding detected >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) >> implements 'parsed_metadata', priority 0 >> 12:23:05 [10417] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >> implements 'parsed_metadata', priority 0 >> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes >> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 >> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, >> LocalAddr: 0.0.0.0 >> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is >> 110592 bytes >> 12:23:05 [10417] dbg: dns: dns_available set to yes in config >> file, skipping test >> 12:23:05 [10417] dbg: uridnsbl: domains to query: >> 12:23:05 [10417] dbg: dns: checking RBL >> sa-other.bondedsender.org., set bsp-untrusted >> 12:23:05 [10417] dbg: dns: checking RBL >> plus.bondedsender.org., set ssc-firsttrusted >> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl >> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop >> 12:23:05 [10417] dbg: dns: checking RBL >> dob.sibl.support-intelligence.net., >> set dob >> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >> set zen-lastexternal >> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set >> sorbs-lastexternal >> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs >> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >> set zen-lastexternal >> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set >> dnswl-firsttrusted >> 12:23:05 [10417] dbg: dns: checking RBL >> sa-accredit.habeas.com., set habeas-firsttrusted >> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set >> dsbl-lastexternal >> 12:23:05 [10417] dbg: dns: checking RBL >> sa-trusted.bondedsender.org., set bsp-firsttrusted >> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen >> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set >> iadb-firsttrusted >> 12:23:05 [10417] dbg: check: running tests for priority: -1000 >> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled head tests >> 12:23:05 [10417] dbg: eval: all '*From' addrs: >> ignore@compiling.spamassassin.taint.org >> 12:23:05 [10417] dbg: eval: all '*To' addrs: >> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled body tests >> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled uri tests >> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled rawbody tests >> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled full tests >> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled meta tests >> 12:23:05 [10417] dbg: check: running tests for priority: -950 >> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled head tests >> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled body tests >> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled uri tests >> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled rawbody tests >> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled full tests >> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled meta tests >> 12:23:05 [10417] dbg: check: running tests for priority: -900 >> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled head tests >> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled body tests >> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled uri tests >> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled rawbody tests >> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled full tests >> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled meta tests >> 12:23:05 [10417] dbg: check: running tests for priority: -400 >> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled head tests >> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled body tests >> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled uri tests >> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled rawbody tests >> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled full tests >> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled meta tests >> 12:23:05 [10417] dbg: check: running tests for priority: 0 >> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >> 12:23:05 [10417] dbg: rules: compiled head tests >> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF >> ======> got hit: >> "UNSET" >> 12:23:05 [10417] dbg: rules: ran header rule >> __MSOE_MID_WRONG_CASE ======> got hit: " >> 12:23:05 [10417] dbg: rules: Message-Id: " >> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE >> ======> got hit: >> "UNSET" >> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST >> ======> got >> hit: "@spamassassin_spamd_init>" >> 12:23:05 [10417] dbg: rules: ran header rule >> __MSGID_OK_DIGITS ======> got >> hit: "1215426184" >> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID >> ======> got hit: >> "<" >> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID >> ======> got hit: >> "<1215426184.34281@spamassassin_spamd_init> >> 12:23:05 [10417] dbg: rules: " >> 12:23:05 [10417] dbg: spf: checking to see if the message has >> a Received-SPF header that we can use >> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks >> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >> found, skipping SPF-helo check >> 12:23:05 [10417] dbg: spf: already checked for Received-SPF >> headers, proceeding with DNS based checks >> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >> found, skipping SPF check >> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> >> got hit (1) >> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already >> checked spf and didn't get pass, skipping whitelist check >> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID >> ======> got hit >> (1) >> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS >> ======> got hit >> (1) >> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already >> checked spf and didn't get pass, skipping whitelist check >> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 >> 12:23:05 [10417] dbg: rules: compiled body tests >> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY >> ======> got hit: >> "I" >> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 >> 12:23:05 [10417] dbg: rules: compiled uri tests >> 12:23:05 [10417] dbg: eval: stock info total: 0 >> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 >> 12:23:05 [10417] dbg: rules: compiled rawbody tests >> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY >> ======> got hit: >> "need" >> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 >> 12:23:05 [10417] dbg: rules: compiled full tests >> 12:23:05 [10417] dbg: info: entering helper-app run mode >> 12:23:06 [10417] dbg: info: leaving helper-app run mode >> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 >> 12:23:06 [10417] dbg: razor2: results: spam? 0 >> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 >> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 >> 12:23:06 [10417] dbg: util: current PATH is: >> /sbin:/bin:/usr/sbin:/usr/bin >> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor >> executable found >> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor >> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled meta tests >> 12:23:06 [10417] dbg: check: running tests for priority: 500 >> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries >> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled head tests >> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled body tests >> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled uri tests >> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled rawbody tests >> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: compiled full tests >> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has >> undefined dependency 'DCC_CHECK' >> 12:23:06 [10417] dbg: rules: compiled meta tests >> 12:23:06 [10417] dbg: check: running tests for priority: 1000 >> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled head tests >> 12:23:06 [10417] dbg: locker: safe_lock: created >> /root/.spamassassin/auto-whitelist.mutex >> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock >> on /root/.spamassassin/auto-whitelist with 30 timeout >> 12:23:06 [10417] dbg: locker: safe_lock: link to >> /root/.spamassassin/auto-whitelist.mutex: link ok >> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of >> type DB_File R/W in /root/.spamassassin/auto-whitelist >> 12:23:06 [10417] dbg: auto-whitelist: db-based >> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 >> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: >> 2.865, autolearn score: 2.865, mean: undef, IP: undef >> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing >> and unlocking >> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file >> locked, breaking lock >> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked >> /root/.spamassassin/auto-whitelist.mutex >> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 >> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled body tests >> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled uri tests >> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled rawbody tests >> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled full tests >> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 >> 12:23:06 [10417] dbg: rules: compiled meta tests >> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 >> 12:23:06 [10417] dbg: check: >> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED >> ,NO_RELAYS >> 12:23:06 [10417] dbg: check: >> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O >> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV >> D_BODY,__UNUSABLE_MSGID >> 12:23:06 Building a message batch to scan... >> >> >> >> ----- Original Message ----- >> From: "Martin.Hepworth" >> To: "MailScanner discussion" >> Sent: Monday, July 07, 2008 12:08 PM >> Subject: RE: MailScanner on FC8 don't pickup emails >> >> >> > >> > >> > >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> Of Luciano Grego >> >> Sent: 07 July 2008 11:00 >> >> To: MailScanner discussion >> >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> >> >> >> >> ----- Original Message ----- >> >> From: "Martin.Hepworth" >> >> To: "MailScanner discussion" >> >> Sent: Monday, July 07, 2008 11:06 AM >> >> Subject: RE: MailScanner on FC8 don't pickup emails >> >> >> >> >> >> >I would have thought you'd need to change the Lock Type to >> >> the default >> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >> >> change this) >> >> > >> >> > Also a "MailScanner --debug --debug-sa" output to a >> >> pastebin or web page >> >> > (as they can be large) would be interesting to see? >> >> > >> >> > What install instructions have you followed? >> >> > >> >> > -- >> >> > Martin Hepworth >> >> > Snr Systems Administrator >> >> > Solid State Logic >> >> > Tel: +44 (0)1865 842300 >> >> > >> >> >> -----Original Message----- >> >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> >> Of Luciano Grego >> >> >> Sent: 07 July 2008 09:54 >> >> >> To: mailscanner@lists.mailscanner.info >> >> >> Subject: MailScanner on FC8 don't pickup emails >> >> >> >> >> >> Hi, >> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >> >> 4.71.2-2). >> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >> >> >> It' s a locking problem? >> >> >> Must reinstall with --nodeps? >> >> >> >> >> >> Here 'MailScanner --lint': >> >> >> >> >> >> Trying to setlogsock(unix) >> >> >> Read 824 hostnames from the phishing whitelist Read 3052 >> >> >> hostnames from the phishing blacklist Checking version >> numbers... >> >> >> Version number in MailScanner.conf (4.71.2) is correct. >> >> >> >> >> >> Your envelope_sender_header in spam.assassin.prefs.conf >> is correct. >> >> >> >> >> >> Checking for SpamAssassin errors (if you use it)... >> >> >> SpamAssassin temporary working directory is >> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> >> SpamAssassin temp dir = >> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> >> Using SpamAssassin results cache >> >> >> Connected to SpamAssassin cache database SpamAssassin >> >> >> reported no errors. >> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >> >> >> Found these virus scanners installed: clamavmodule >> >> >> ============================================================== >> >> >> ============= >> >> >> Virus and Content Scanning: Starting >> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >> >> >> Eicar-Test-Signature FOUND >> >> >> >> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >> >> >> Eicar-Test-Signature FOUND >> >> >> >> >> >> Virus Scanning: ClamAV found 2 infections Infected message >> >> >> 1.message came from Infected message 1 came from 10.1.1.1 >> >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >> >> >> Checks: Found 1 problems >> >> >> ============================================================== >> >> >> ============= >> >> >> Virus Scanner test reports: >> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> >> >> >> >> If any of your virus scanners (clamavmodule) are not listed >> >> >> there, you should check that they are installed correctly and >> >> >> that MailScanner is finding them correctly via its >> >> >> virus.scanners.conf. >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> Here 'MailScanner -v': >> >> >> Running on >> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >> >> >> >> >> >> This is MailScanner version 4.71.2 >> >> >> Module versions are: >> >> >> 1.00 AnyDBM_File >> >> >> 1.20 Archive::Zip >> >> >> 0.21 bignum >> >> >> 1.04 Carp >> >> >> 2.005 Compress::Zlib >> >> >> 1.119 Convert::BinHex >> >> >> 0.17 Convert::TNEF >> >> >> 2.121_08 Data::Dumper >> >> >> 2.27 Date::Parse >> >> >> 1.00 DirHandle >> >> >> 1.05 Fcntl >> >> >> 2.74 File::Basename >> >> >> 2.09 File::Copy >> >> >> 2.01 FileHandle >> >> >> 1.08 File::Path >> >> >> 0.20 File::Temp >> >> >> 0.90 Filesys::Df >> >> >> 1.35 HTML::Entities >> >> >> 3.56 HTML::Parser >> >> >> 2.37 HTML::TokeParser >> >> >> 1.23 IO >> >> >> 1.14 IO::File >> >> >> 1.13 IO::Pipe >> >> >> 2.02 Mail::Header >> >> >> 1.86 Math::BigInt >> >> >> 0.19 Math::BigRat >> >> >> 3.07 MIME::Base64 >> >> >> 5.425 MIME::Decoder >> >> >> 5.425 MIME::Decoder::UU >> >> >> 5.425 MIME::Head >> >> >> 5.425 MIME::Parser >> >> >> 3.07 MIME::QuotedPrint >> >> >> 5.425 MIME::Tools >> >> >> 0.11 Net::CIDR >> >> >> 1.25 Net::IP >> >> >> 0.16 OLE::Storage_Lite >> >> >> 1.04 Pod::Escapes >> >> >> 3.05 Pod::Simple >> >> >> 1.09 POSIX >> >> >> 1.19 Scalar::Util >> >> >> 1.78 Socket >> >> >> 2.15 Storable >> >> >> 1.4 Sys::Hostname::Long >> >> >> 0.18 Sys::Syslog >> >> >> 1.26 Test::Pod >> >> >> 0.78 Test::Simple >> >> >> 1.86 Time::HiRes >> >> >> 1.02 Time::localtime >> >> >> >> >> >> Optional module versions are: >> >> >> 1.34 Archive::Tar >> >> >> 0.21 bignum >> >> >> 1.82 Business::ISBN >> >> >> 1.10 Business::ISBN::Data >> >> >> 1.08 Data::Dump >> >> >> 1.815 DB_File >> >> >> 1.14 DBD::SQLite >> >> >> 1.58 DBI >> >> >> 1.15 Digest >> >> >> 1.01 Digest::HMAC >> >> >> 2.36 Digest::MD5 >> >> >> 2.11 Digest::SHA1 >> >> >> 1.00 Encode::Detect >> >> >> 0.17010 Error >> >> >> 0.18 ExtUtils::CBuilder >> >> >> 2.18 ExtUtils::ParseXS >> >> >> 2.36 Getopt::Long >> >> >> 0.44 Inline >> >> >> 1.08 IO::String >> >> >> 1.07 IO::Zlib >> >> >> 2.21 IP::Country >> >> >> 0.22 Mail::ClamAV >> >> >> 3.002005 Mail::SpamAssassin >> >> >> v2.005 Mail::SPF >> >> >> 1.999001 Mail::SPF::Query >> >> >> 0.2808 Module::Build >> >> >> 0.20 Net::CIDR::Lite >> >> >> 0.63 Net::DNS >> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >> >> >> 4.004 NetAddr::IP >> >> >> 1.94 Parse::RecDescent >> >> >> missing SAVI >> >> >> 2.64 Test::Harness >> >> >> 0.95 Test::Manifest >> >> >> 1.98 Text::Balanced >> >> >> 1.35 URI >> >> >> 0.7203 version >> >> >> 0.62 YAML >> >> >> >> >> >> Thanks >> >> >> Luciano. >> >> >> >> > >> >> > -- >> >> > MailScanner mailing list >> >> > mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > >> >> > Before posting, read http://wiki.mailscanner.info/posting >> >> > >> >> > Support MailScanner development - buy the book off the website! >> >> > >> >> > -- >> >> > Il messaggio e' stato analizzato alla ricerca di virus o >> >> > contenuti pericolosi da MailScanner, ed e' >> >> > risultato non infetto. >> >> > >> >> > >> >> >> >> HI Martin, >> >> Lock Type = flock >> >> ... for test my ideas ... >> >> >> >> I've setup this Mailscanner box for my client and >> >> i' ve reboot the machine friday at 18:45 with new params. >> >> Now i'm checking logs and i see Mailscanner pickup messages >> >> from Sunday at >> >> 15:00. None first! >> >> MailScanner needs more time for starting up? >> >> >> >> I' ve put >> >> Lock Type = >> >> now and >> >> 'service MailScanner restart'. >> >> Thank you. >> >> L. >> >> >> >> >> > >> > Hi >> > >> > Anything in the maillog reguarding mailScanner??? >> > >> > Should only take a few seconds to get going. >> > >> > I'd drop to debug and see if you can spot anything. >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > >> > >> > >> > >> > >> ********************************************************************** >> > Confidentiality : This e-mail and any attachments are >> intended for the >> > addressee only and may be confidential. If they come to you in error >> > you must take no action based on them, nor must you copy or >> show them >> > to anyone. Please advise the sender by replying to this e-mail >> > immediately and then delete the original from your computer. >> > Opinion : Any opinions expressed in this e-mail are >> entirely those of >> > the author and unless specifically stated to the contrary, are not >> > necessarily those of the author's employer. >> > Security Warning : Internet e-mail is not necessarily a secure >> > communications medium and can be subject to data >> corruption. We advise >> > that you consider this fact when e-mailing us. >> > Viruses : We have taken steps to ensure that this e-mail and any >> > attachments are free from known viruses but in keeping with good >> > computing practice, you should ensure that they are virus free. >> > >> > Red Lion 49 Ltd T/A Solid State Logic >> > Registered as a limited company in England and Wales >> > (Company No:5362730) >> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> > United Kingdom >> > >> ********************************************************************** >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > -- >> > Il messaggio e' stato analizzato alla ricerca di virus o >> > contenuti pericolosi da MailScanner, ed e' >> > risultato non infetto. >> > >> > >> >> >> >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner, ed e' >> risultato non infetto. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From rick at duvals.ca Mon Jul 7 14:29:36 2008 From: rick at duvals.ca (Rick Duval) Date: Mon Jul 7 14:29:45 2008 Subject: Bypassing Custom PLugin Message-ID: <4baa40ce0807070629y36bdac25g3a00727a50ee1bb2@mail.gmail.com> I have written a customs plugin and part of what it does is log every email that is passed to it but some emails never seem to reach it. Can anyone tell me where this might be happening? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/9e0dfe7b/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jul 7 14:35:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 7 14:36:13 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> Message-ID: <48721BA8.4060507@ecs.soton.ac.uk> Have you done chkconfig sendmail off chkconfig MailScanner on service sendmail stop service MailScanner start ? If you still have sendmail running from before you installed it, then you will get symptoms you are seeing. Luciano Grego wrote: > I've used the default path in MailScanner.conf. ( > INQDIR=/var/spool/mqueue.in ) > and leaving MailScanner in /etc/init.d that starting sendmail in > agreement. > > > ----- Original Message ----- From: "Martin.Hepworth" > > To: "MailScanner discussion" > Sent: Monday, July 07, 2008 1:07 PM > Subject: RE: MailScanner on FC8 don't pickup emails > > >> Luciano >> >> You should be using the rpm version for Fedora installs.. >> >> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz >> >> Than follow the rpm based install instructions. >> >> You need to configure the MailScanner.conf to point at correct >> locations for the sendmail queues etc. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Luciano Grego >>> Sent: 07 July 2008 11:34 >>> To: MailScanner discussion >>> Subject: Re: MailScanner on FC8 don't pickup emails >>> >>> Hi, >>> Excuse me for long list ... >>> But ... in debug mode i should see the email passing through >>> MailScanner? >>> >>> I have not answered your question first: What install >>> instructions have you followed? >>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh. >>> >>> -- >>> >>> mail root [ /var/log ] MailScanner --debug --debug-sa In >>> Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> 12:23:04 SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> 12:23:04 [10417] dbg: logger: adding facilities: all >>> 12:23:04 [10417] dbg: logger: logging level is DBG >>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 >>> 12:23:04 [10417] dbg: config: score set 0 chosen. >>> 12:23:04 [10417] dbg: util: running in taint mode? no >>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 >>> 12:23:04 [10417] dbg: ignore: test message to precompile >>> patterns and load modules >>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>> for site rules pre files >>> 12:23:04 [10417] dbg: config: read file >>> /etc/mail/spamassassin/init.pre >>> 12:23:04 [10417] dbg: config: read file >>> /etc/mail/spamassassin/v310.pre >>> 12:23:04 [10417] dbg: config: read file >>> /etc/mail/spamassassin/v312.pre >>> 12:23:04 [10417] dbg: config: read file >>> /etc/mail/spamassassin/v320.pre >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005" for sys rules pre files >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005" for default rules dir >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf >>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>> for site rules dir >>> 12:23:04 [10417] dbg: config: read file >>> /etc/mail/spamassassin/mailscanner.cf >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDNSBL >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Hashcash >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SPF from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 >>> from @INC >>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2, already registered >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SpamCop >>> from @INC >>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AWL from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEHeader >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF, already registered >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Check from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDetail >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Bayes from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::BodyEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::DNSEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::HTMLEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::HeaderEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WLBLEval >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::VBounce >>> from @INC >>> 12:23:04 [10417] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ImageInfo >>> from @INC >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF, already registered >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>> 12:23:04 [10417] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2, already registered >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>> ault_prefs.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de >>> fault_prefs.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>> ault_prefs.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>> ance_fee.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad >>> vance_fee.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>> ance_fee.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>> y_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo >>> dy_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>> y_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>> pensate.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co >>> mpensate.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>> pensate.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>> bl_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn >>> sbl_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>> bl_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr >>> ugs.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy >>> nrdns.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>> e_helo_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa >>> ke_helo_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>> e_helo_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>> d_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he >>> ad_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>> d_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>> l_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht >>> ml_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>> l_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>> geinfo.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im >>> ageinfo.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>> geinfo.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>> a_tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me >>> ta_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>> a_tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>> _tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne >>> t_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>> _tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph >>> rases.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po >>> rn.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra >>> tware.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>> _tests.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur >>> i_tests.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>> _tests.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb >>> ounce.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba >>> yes.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac >>> cessdb.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>> ivirus.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an >>> tivirus.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>> ivirus.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as >>> n.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc >>> c.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk >>> im.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>> ainkeys.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do >>> mainkeys.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>> ainkeys.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha >>> shcash.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py >>> zor.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra >>> zor2.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re >>> place.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp >>> f.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te >>> xtcat.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur >>> ibl.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_de.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_fr.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_it.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_nl.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_pl.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>> t_pt_br.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>> xt_pt_br.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>> t_pt_br.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc >>> ores.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw >>> l.cf" for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>> rtcircuit.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh >>> ortcircuit.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>> rtcircuit.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>> itelist.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_dk.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>> itelist_dk.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_dk.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_dkim.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>> itelist_dkim.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_dkim.cf >>> 12:23:04 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_spf.cf >>> 12:23:04 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>> itelist_spf.cf" >>> for included file >>> 12:23:04 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_spf.cf >>> 12:23:05 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_subject.cf >>> 12:23:05 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>> itelist_subject.cf" >>> for included file >>> 12:23:05 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>> telist_subject.cf >>> 12:23:05 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>> 12:23:05 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac >>> tive.cf" for included file >>> 12:23:05 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>> 12:23:05 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>> 12:23:05 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re >>> moved.cf" for included file >>> 12:23:05 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>> 12:23:05 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>> 12:23:05 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc >>> ores.cf" for included file >>> 12:23:05 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>> 12:23:05 [10417] dbg: config: fixed relative path: >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>> itional.cf >>> 12:23:05 [10417] dbg: config: using >>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad >>> ditional.cf" >>> for included file >>> 12:23:05 [10417] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>> itional.cf >>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: >>> __MO_OL_C65FA >>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: >>> __XM_OL_A842E >>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: >>> __MO_OL_8627E >>> __MO_OL_F3B05 >>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: >>> __RATWARE_0_TZ_DATE >>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: >>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 >>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 >>> __XM_OL_F475E __XM_OL_F6D01 >>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged >>> duplicates: __MSGID_VGA >>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>> HS_SUBJ_NEW_SOFTWARE >>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: >>> __HAS_MSMAIL_PRI >>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: >>> __MO_OL_6554A >>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: >>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B >>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 >>> __XM_OL_F3B05 __XM_OL_FF5C8 >>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: >>> __MO_OL_B30D1 __MO_OL_CF0C0 >>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: >>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 >>> KAM_STOCKTIP6 >>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: >>> __MO_OL_4F240 >>> __MO_OL_ADFF7 >>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: >>> __MO_OL_BC7E6 >>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: >>> __MO_OL_4EEDB __MO_OL_7533E >>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: >>> __MO_OL_B4B40 >>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>> __HAS_ANY_URI >>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: >>> __XM_OL_EF20B >>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER >>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 >>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE >>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX >>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS >>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED >>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY >>> YOUR_CRD_RATING >>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: >>> __MO_OL_A842E >>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: >>> __MO_OL_FF5C8 >>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: >>> __MO_OL_F6D01 >>> 12:23:05 [10417] dbg: conf: finish parsing >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) >>> implements 'finish_parsing_end', priority 0 >>> 12:23:05 [10417] dbg: replacetags: replacing tags >>> 12:23:05 [10417] dbg: replacetags: done replacing tags >>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>> /etc/MailScanner/bayes/bayes__toks >>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>> /etc/MailScanner/bayes/bayes__seen >>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>> 1 spam(s) in bayes DB < 200 >>> 12:23:05 [10417] dbg: bayes: untie-ing >>> 12:23:05 [10417] dbg: config: score set 1 chosen. >>> 12:23:05 [10417] dbg: message: main message type: text/plain >>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- >>> 12:23:05 [10417] dbg: message: parsing normal part >>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) >>> implements 'check_start', priority 0 >>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>> /etc/MailScanner/bayes/bayes__toks >>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>> /etc/MailScanner/bayes/bayes__seen >>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>> 1 spam(s) in bayes DB < 200 >>> 12:23:05 [10417] dbg: bayes: untie-ing >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements >>> 'check_main', priority 0 >>> 12:23:05 [10417] dbg: conf: trusted_networks are not >>> configured; it is recommended that you configure >>> trusted_networks manually >>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: >>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: >>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: >>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>> implements 'extract_metadata', priority 0 >>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries: >>> 12:23:05 [10417] dbg: message: no encoding detected >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) >>> implements 'parsed_metadata', priority 0 >>> 12:23:05 [10417] dbg: plugin: >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>> implements 'parsed_metadata', priority 0 >>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 >>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, >>> LocalAddr: 0.0.0.0 >>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is >>> 110592 bytes >>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config >>> file, skipping test >>> 12:23:05 [10417] dbg: uridnsbl: domains to query: >>> 12:23:05 [10417] dbg: dns: checking RBL >>> sa-other.bondedsender.org., set bsp-untrusted >>> 12:23:05 [10417] dbg: dns: checking RBL >>> plus.bondedsender.org., set ssc-firsttrusted >>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl >>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop >>> 12:23:05 [10417] dbg: dns: checking RBL >>> dob.sibl.support-intelligence.net., >>> set dob >>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>> set zen-lastexternal >>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set >>> sorbs-lastexternal >>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs >>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>> set zen-lastexternal >>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set >>> dnswl-firsttrusted >>> 12:23:05 [10417] dbg: dns: checking RBL >>> sa-accredit.habeas.com., set habeas-firsttrusted >>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set >>> dsbl-lastexternal >>> 12:23:05 [10417] dbg: dns: checking RBL >>> sa-trusted.bondedsender.org., set bsp-firsttrusted >>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen >>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set >>> iadb-firsttrusted >>> 12:23:05 [10417] dbg: check: running tests for priority: -1000 >>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled head tests >>> 12:23:05 [10417] dbg: eval: all '*From' addrs: >>> ignore@compiling.spamassassin.taint.org >>> 12:23:05 [10417] dbg: eval: all '*To' addrs: >>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled body tests >>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled uri tests >>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled full tests >>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled meta tests >>> 12:23:05 [10417] dbg: check: running tests for priority: -950 >>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled head tests >>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled body tests >>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled uri tests >>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled full tests >>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled meta tests >>> 12:23:05 [10417] dbg: check: running tests for priority: -900 >>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled head tests >>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled body tests >>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled uri tests >>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled full tests >>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled meta tests >>> 12:23:05 [10417] dbg: check: running tests for priority: -400 >>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled head tests >>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled body tests >>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled uri tests >>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled full tests >>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled meta tests >>> 12:23:05 [10417] dbg: check: running tests for priority: 0 >>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>> 12:23:05 [10417] dbg: rules: compiled head tests >>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF >>> ======> got hit: >>> "UNSET" >>> 12:23:05 [10417] dbg: rules: ran header rule >>> __MSOE_MID_WRONG_CASE ======> got hit: " >>> 12:23:05 [10417] dbg: rules: Message-Id: " >>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE >>> ======> got hit: >>> "UNSET" >>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST >>> ======> got >>> hit: "@spamassassin_spamd_init>" >>> 12:23:05 [10417] dbg: rules: ran header rule >>> __MSGID_OK_DIGITS ======> got >>> hit: "1215426184" >>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID >>> ======> got hit: >>> "<" >>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID >>> ======> got hit: >>> "<1215426184.34281@spamassassin_spamd_init> >>> 12:23:05 [10417] dbg: rules: " >>> 12:23:05 [10417] dbg: spf: checking to see if the message has >>> a Received-SPF header that we can use >>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks >>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>> found, skipping SPF-helo check >>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF >>> headers, proceeding with DNS based checks >>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>> found, skipping SPF check >>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> >>> got hit (1) >>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already >>> checked spf and didn't get pass, skipping whitelist check >>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID >>> ======> got hit >>> (1) >>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS >>> ======> got hit >>> (1) >>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already >>> checked spf and didn't get pass, skipping whitelist check >>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 >>> 12:23:05 [10417] dbg: rules: compiled body tests >>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY >>> ======> got hit: >>> "I" >>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 >>> 12:23:05 [10417] dbg: rules: compiled uri tests >>> 12:23:05 [10417] dbg: eval: stock info total: 0 >>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 >>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY >>> ======> got hit: >>> "need" >>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 >>> 12:23:05 [10417] dbg: rules: compiled full tests >>> 12:23:05 [10417] dbg: info: entering helper-app run mode >>> 12:23:06 [10417] dbg: info: leaving helper-app run mode >>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 >>> 12:23:06 [10417] dbg: razor2: results: spam? 0 >>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 >>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 >>> 12:23:06 [10417] dbg: util: current PATH is: >>> /sbin:/bin:/usr/sbin:/usr/bin >>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor >>> executable found >>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor >>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled meta tests >>> 12:23:06 [10417] dbg: check: running tests for priority: 500 >>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries >>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled head tests >>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled body tests >>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled uri tests >>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: compiled full tests >>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has >>> undefined dependency 'DCC_CHECK' >>> 12:23:06 [10417] dbg: rules: compiled meta tests >>> 12:23:06 [10417] dbg: check: running tests for priority: 1000 >>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled head tests >>> 12:23:06 [10417] dbg: locker: safe_lock: created >>> /root/.spamassassin/auto-whitelist.mutex >>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock >>> on /root/.spamassassin/auto-whitelist with 30 timeout >>> 12:23:06 [10417] dbg: locker: safe_lock: link to >>> /root/.spamassassin/auto-whitelist.mutex: link ok >>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of >>> type DB_File R/W in /root/.spamassassin/auto-whitelist >>> 12:23:06 [10417] dbg: auto-whitelist: db-based >>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 >>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: >>> 2.865, autolearn score: 2.865, mean: undef, IP: undef >>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing >>> and unlocking >>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file >>> locked, breaking lock >>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked >>> /root/.spamassassin/auto-whitelist.mutex >>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 >>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled body tests >>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled uri tests >>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled full tests >>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 >>> 12:23:06 [10417] dbg: rules: compiled meta tests >>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 >>> 12:23:06 [10417] dbg: check: >>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED >>> ,NO_RELAYS >>> 12:23:06 [10417] dbg: check: >>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O >>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV >>> D_BODY,__UNUSABLE_MSGID >>> 12:23:06 Building a message batch to scan... >>> >>> >>> >>> ----- Original Message ----- >>> From: "Martin.Hepworth" >>> To: "MailScanner discussion" >>> Sent: Monday, July 07, 2008 12:08 PM >>> Subject: RE: MailScanner on FC8 don't pickup emails >>> >>> >>> > >>> > >>> > >>> >> -----Original Message----- >>> >> From: mailscanner-bounces@lists.mailscanner.info >>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> >> Of Luciano Grego >>> >> Sent: 07 July 2008 11:00 >>> >> To: MailScanner discussion >>> >> Subject: Re: MailScanner on FC8 don't pickup emails >>> >> >>> >> >>> >> ----- Original Message ----- >>> >> From: "Martin.Hepworth" >>> >> To: "MailScanner discussion" >>> >> Sent: Monday, July 07, 2008 11:06 AM >>> >> Subject: RE: MailScanner on FC8 don't pickup emails >>> >> >>> >> >>> >> >I would have thought you'd need to change the Lock Type to >>> >> the default >>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >>> >> change this) >>> >> > >>> >> > Also a "MailScanner --debug --debug-sa" output to a >>> >> pastebin or web page >>> >> > (as they can be large) would be interesting to see? >>> >> > >>> >> > What install instructions have you followed? >>> >> > >>> >> > -- >>> >> > Martin Hepworth >>> >> > Snr Systems Administrator >>> >> > Solid State Logic >>> >> > Tel: +44 (0)1865 842300 >>> >> > >>> >> >> -----Original Message----- >>> >> >> From: mailscanner-bounces@lists.mailscanner.info >>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> >> >> Of Luciano Grego >>> >> >> Sent: 07 July 2008 09:54 >>> >> >> To: mailscanner@lists.mailscanner.info >>> >> >> Subject: MailScanner on FC8 don't pickup emails >>> >> >> >>> >> >> Hi, >>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >>> >> 4.71.2-2). >>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >>> >> >> It' s a locking problem? >>> >> >> Must reinstall with --nodeps? >>> >> >> >>> >> >> Here 'MailScanner --lint': >>> >> >> >>> >> >> Trying to setlogsock(unix) >>> >> >> Read 824 hostnames from the phishing whitelist Read 3052 >>> >> >> hostnames from the phishing blacklist Checking version >>> numbers... >>> >> >> Version number in MailScanner.conf (4.71.2) is correct. >>> >> >> >>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf >>> is correct. >>> >> >> >>> >> >> Checking for SpamAssassin errors (if you use it)... >>> >> >> SpamAssassin temporary working directory is >>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> >> >> SpamAssassin temp dir = >>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> >> >> Using SpamAssassin results cache >>> >> >> Connected to SpamAssassin cache database SpamAssassin >>> >> >> reported no errors. >>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >>> >> >> Found these virus scanners installed: clamavmodule >>> >> >> ============================================================== >>> >> >> ============= >>> >> >> Virus and Content Scanning: Starting >>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >>> >> >> Eicar-Test-Signature FOUND >>> >> >> >>> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >>> >> >> Eicar-Test-Signature FOUND >>> >> >> >>> >> >> Virus Scanning: ClamAV found 2 infections Infected message >>> >> >> 1.message came from Infected message 1 came from 10.1.1.1 >>> >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >>> >> >> Checks: Found 1 problems >>> >> >> ============================================================== >>> >> >> ============= >>> >> >> Virus Scanner test reports: >>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >>> >> >> >>> >> >> If any of your virus scanners (clamavmodule) are not listed >>> >> >> there, you should check that they are installed correctly and >>> >> >> that MailScanner is finding them correctly via its >>> >> >> virus.scanners.conf. >>> >> >> >>> >> >> >>> >> >> -- >>> >> >> >>> >> >> Here 'MailScanner -v': >>> >> >> Running on >>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >>> >> >> >>> >> >> This is MailScanner version 4.71.2 >>> >> >> Module versions are: >>> >> >> 1.00 AnyDBM_File >>> >> >> 1.20 Archive::Zip >>> >> >> 0.21 bignum >>> >> >> 1.04 Carp >>> >> >> 2.005 Compress::Zlib >>> >> >> 1.119 Convert::BinHex >>> >> >> 0.17 Convert::TNEF >>> >> >> 2.121_08 Data::Dumper >>> >> >> 2.27 Date::Parse >>> >> >> 1.00 DirHandle >>> >> >> 1.05 Fcntl >>> >> >> 2.74 File::Basename >>> >> >> 2.09 File::Copy >>> >> >> 2.01 FileHandle >>> >> >> 1.08 File::Path >>> >> >> 0.20 File::Temp >>> >> >> 0.90 Filesys::Df >>> >> >> 1.35 HTML::Entities >>> >> >> 3.56 HTML::Parser >>> >> >> 2.37 HTML::TokeParser >>> >> >> 1.23 IO >>> >> >> 1.14 IO::File >>> >> >> 1.13 IO::Pipe >>> >> >> 2.02 Mail::Header >>> >> >> 1.86 Math::BigInt >>> >> >> 0.19 Math::BigRat >>> >> >> 3.07 MIME::Base64 >>> >> >> 5.425 MIME::Decoder >>> >> >> 5.425 MIME::Decoder::UU >>> >> >> 5.425 MIME::Head >>> >> >> 5.425 MIME::Parser >>> >> >> 3.07 MIME::QuotedPrint >>> >> >> 5.425 MIME::Tools >>> >> >> 0.11 Net::CIDR >>> >> >> 1.25 Net::IP >>> >> >> 0.16 OLE::Storage_Lite >>> >> >> 1.04 Pod::Escapes >>> >> >> 3.05 Pod::Simple >>> >> >> 1.09 POSIX >>> >> >> 1.19 Scalar::Util >>> >> >> 1.78 Socket >>> >> >> 2.15 Storable >>> >> >> 1.4 Sys::Hostname::Long >>> >> >> 0.18 Sys::Syslog >>> >> >> 1.26 Test::Pod >>> >> >> 0.78 Test::Simple >>> >> >> 1.86 Time::HiRes >>> >> >> 1.02 Time::localtime >>> >> >> >>> >> >> Optional module versions are: >>> >> >> 1.34 Archive::Tar >>> >> >> 0.21 bignum >>> >> >> 1.82 Business::ISBN >>> >> >> 1.10 Business::ISBN::Data >>> >> >> 1.08 Data::Dump >>> >> >> 1.815 DB_File >>> >> >> 1.14 DBD::SQLite >>> >> >> 1.58 DBI >>> >> >> 1.15 Digest >>> >> >> 1.01 Digest::HMAC >>> >> >> 2.36 Digest::MD5 >>> >> >> 2.11 Digest::SHA1 >>> >> >> 1.00 Encode::Detect >>> >> >> 0.17010 Error >>> >> >> 0.18 ExtUtils::CBuilder >>> >> >> 2.18 ExtUtils::ParseXS >>> >> >> 2.36 Getopt::Long >>> >> >> 0.44 Inline >>> >> >> 1.08 IO::String >>> >> >> 1.07 IO::Zlib >>> >> >> 2.21 IP::Country >>> >> >> 0.22 Mail::ClamAV >>> >> >> 3.002005 Mail::SpamAssassin >>> >> >> v2.005 Mail::SPF >>> >> >> 1.999001 Mail::SPF::Query >>> >> >> 0.2808 Module::Build >>> >> >> 0.20 Net::CIDR::Lite >>> >> >> 0.63 Net::DNS >>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >>> >> >> 4.004 NetAddr::IP >>> >> >> 1.94 Parse::RecDescent >>> >> >> missing SAVI >>> >> >> 2.64 Test::Harness >>> >> >> 0.95 Test::Manifest >>> >> >> 1.98 Text::Balanced >>> >> >> 1.35 URI >>> >> >> 0.7203 version >>> >> >> 0.62 YAML >>> >> >> >>> >> >> Thanks >>> >> >> Luciano. >>> >> >> >>> > >>> >> > -- >>> >> > MailScanner mailing list >>> >> > mailscanner@lists.mailscanner.info >>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >> > >>> >> > Before posting, read http://wiki.mailscanner.info/posting >>> >> > >>> >> > Support MailScanner development - buy the book off the website! >>> >> > >>> >> > -- >>> >> > Il messaggio e' stato analizzato alla ricerca di virus o >>> >> > contenuti pericolosi da MailScanner, ed e' >>> >> > risultato non infetto. >>> >> > >>> >> > >>> >> >>> >> HI Martin, >>> >> Lock Type = flock >>> >> ... for test my ideas ... >>> >> >>> >> I've setup this Mailscanner box for my client and >>> >> i' ve reboot the machine friday at 18:45 with new params. >>> >> Now i'm checking logs and i see Mailscanner pickup messages >>> >> from Sunday at >>> >> 15:00. None first! >>> >> MailScanner needs more time for starting up? >>> >> >>> >> I' ve put >>> >> Lock Type = >>> >> now and >>> >> 'service MailScanner restart'. >>> >> Thank you. >>> >> L. >>> >> >>> >> >>> > >>> > Hi >>> > >>> > Anything in the maillog reguarding mailScanner??? >>> > >>> > Should only take a few seconds to get going. >>> > >>> > I'd drop to debug and see if you can spot anything. >>> > >>> > >>> > -- >>> > Martin Hepworth >>> > Snr Systems Administrator >>> > Solid State Logic >>> > Tel: +44 (0)1865 842300 >>> > >>> > >>> > >>> > >>> > >>> > >>> ********************************************************************** >>> > Confidentiality : This e-mail and any attachments are >>> intended for the >>> > addressee only and may be confidential. If they come to you in error >>> > you must take no action based on them, nor must you copy or >>> show them >>> > to anyone. Please advise the sender by replying to this e-mail >>> > immediately and then delete the original from your computer. >>> > Opinion : Any opinions expressed in this e-mail are >>> entirely those of >>> > the author and unless specifically stated to the contrary, are not >>> > necessarily those of the author's employer. >>> > Security Warning : Internet e-mail is not necessarily a secure >>> > communications medium and can be subject to data >>> corruption. We advise >>> > that you consider this fact when e-mailing us. >>> > Viruses : We have taken steps to ensure that this e-mail and any >>> > attachments are free from known viruses but in keeping with good >>> > computing practice, you should ensure that they are virus free. >>> > >>> > Red Lion 49 Ltd T/A Solid State Logic >>> > Registered as a limited company in England and Wales >>> > (Company No:5362730) >>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> > United Kingdom >>> > >>> ********************************************************************** >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner@lists.mailscanner.info >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> > -- >>> > Il messaggio e' stato analizzato alla ricerca di virus o >>> > contenuti pericolosi da MailScanner, ed e' >>> > risultato non infetto. >>> > >>> > >>> >>> >>> >>> -- >>> Il messaggio e' stato analizzato alla ricerca di virus o >>> contenuti pericolosi da MailScanner, ed e' >>> risultato non infetto. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner, ed e' >> risultato non infetto. >> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lucianog at metline.it Mon Jul 7 15:15:42 2008 From: lucianog at metline.it (Luciano Grego) Date: Mon Jul 7 15:16:11 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> <48721BA8.4060507@ecs.soton.ac.uk> Message-ID: Hi, Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) plus reboot the machine many times. The strange things is: LOCK TYPE = flock + reboot Mailscanner see the messages ( with errors ), here the mail log: Jul 6 15:54:39 mail sendmail[2160]: m66DsbjM002160: from=, size=581, class=0, nrcpts=1, msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, daemon=Daemon0, relay=[89.123.92.101] Jul 6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0, stat=Sent Jul 6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 messages, 1034 bytes Jul 6 15:54:40 mail MailScanner[21651]: Spam Checks: Starting Jul 6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=xxxxxxx, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=60768, dsn=2.0.0, stat=Sent Jul 6 15:54:40 mail MailScanner[21651]: RBL checks: m66DsbjM002160 found in spamhaus-ZEN Jul 6 15:54:45 mail MailScanner[21651]: Message m66DsbjM002160 from 89.123.92.101 (tequilla99@hotmail.com) to xxxxxxx.it is spam, spamhaus-ZEN, SpamAssassin (not cached, punteggio=26.821, necessario 4, autolearn=spam, FORGED_HOTMAIL_RCVD2 1.12, HELO_LH_HOME 3.17, INVALID_DATE 1.65, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.51, RCVD_IN_XBL 2.90, RDNS_NONE 0.10, SPF_SOFTFAIL 0.65, SUBJ_ALL_CAPS 1.81, URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86, URIBL_OB_SURBL 2.13, URIBL_RHS_DOB 0.90, URIBL_SBL 2.47, URIBL_WS_SURBL 2.10) Jul 6 15:54:45 mail MailScanner[21651]: Spam Checks: Found 1 spam messages Jul 6 15:54:45 mail MailScanner[21651]: Spam Actions: message m66DsbjM002160 actions are store Jul 6 15:54:45 mail MailScanner[21651]: Unlinking /var/spool/mqueue.in/qfm66DsbjM002160 failed: No such file or directory Jul 6 15:54:45 mail MailScanner[21651]: Unlinking /var/spool/mqueue.in/dfm66DsbjM002160 failed: No such file or directory Jul 6 15:54:45 mail MailScanner[21651]: Virus and Content Scanning: Starting Jul 6 15:54:51 mail MailScanner[21651]: MailScanner child dying of old age Jul 6 15:54:51 mail MailScanner[2174]: MailScanner E-Mail Virus Scanner version 4.71.2 starting... Jul 6 15:54:51 mail MailScanner[2174]: Read 824 hostnames from the phishing whitelist Jul 6 15:54:51 mail MailScanner[2174]: Read 3090 hostnames from the phishing blacklist Jul 6 15:54:51 mail MailScanner[2174]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jul 6 15:54:51 mail MailScanner[2174]: Using SpamAssassin results cache Jul 6 15:54:51 mail MailScanner[2174]: Connected to SpamAssassin cache database Jul 6 15:54:51 mail MailScanner[2174]: Enabling SpamAssassin auto-whitelist functionality... Jul 6 15:54:53 mail MailScanner[2174]: ClamAV scanner using unrar command /usr/bin/unrar Jul 6 15:54:53 mail MailScanner[2174]: Using locktype = flock Jul 6 16:01:01 mail update.bad.phishing.sites: Delaying cron job up to 600 seconds Jul 6 16:09:43 mail update.virus.scanners: Delaying cron job up to 600 seconds Jul 6 16:12:23 mail update.virus.scanners: Found clamav installed Jul 6 16:12:23 mail update.virus.scanners: Running autoupdate for clamav Jul 6 16:12:23 mail ClamAV-autoupdate[2261]: ClamAV did not need updating Jul 6 16:12:23 mail update.virus.scanners: Found generic installed Again, LOCK TYPE = Mailscanner don't see any messages: Jul 7 12:36:20 mail MailScanner[10714]: MailScanner E-Mail Virus Scanner version 4.71.2 starting... Jul 7 12:36:20 mail MailScanner[10714]: Read 824 hostnames from the phishing whitelist Jul 7 12:36:20 mail MailScanner[10714]: Read 3056 hostnames from the phishing blacklist Jul 7 12:36:20 mail MailScanner[10714]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jul 7 12:36:20 mail MailScanner[10714]: Using SpamAssassin results cache Jul 7 12:36:20 mail MailScanner[10714]: Connected to SpamAssassin cache database Jul 7 12:36:20 mail MailScanner[10714]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 12:36:22 mail MailScanner[10714]: ClamAV scanner using unrar command /usr/bin/unrar Jul 7 12:36:22 mail MailScanner[10714]: Using locktype = posix Jul 7 13:01:01 mail update.bad.phishing.sites: Delaying cron job up to 600 seconds Jul 7 13:10:54 mail update.virus.scanners: Delaying cron job up to 600 seconds Jul 7 13:12:48 mail update.virus.scanners: Found clamav installed Jul 7 13:12:48 mail update.virus.scanners: Running autoupdate for clamav Jul 7 13:13:22 mail ClamAV-autoupdate[10805]: ClamAV updated Jul 7 13:13:22 mail update.virus.scanners: Found generic installed Jul 7 13:13:22 mail update.virus.scanners: Running autoupdate for generic Jul 7 13:27:34 mail sendmail[10919]: m67BRTfq010919: ... User unknown Jul 7 13:27:34 mail sendmail[10919]: m67BRTfq010919: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=[82.114.71.182] Jul 7 13:29:14 mail sendmail[10920]: m67BTCqS010920: from=, size=5082, class=0, nrcpts=1, msgid=<200807071129.10479701581833459663@mx1.sfarratu.com>, proto=SMTP, daemon=Daemon0, relay=mx1.sfarratu.com [69.12.222.232] Jul 7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, stat=Sent Jul 7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, stat=Sent Jul 7 13:33:54 mail sendmail[10924]: m67BXr3X010924: from=, size=5172, class=0, nrcpts=1, msgid=<000001c8e025$57cd8e40$1400000a@acerfed0a54eeb>, proto=ESMTP, daemon=Daemon0, relay=jack.mail.tiscali.it [213.205.33.53] Jul 7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, stat=Sent Jul 7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, stat=Sent Jul 7 13:48:59 mail sendmail[10933]: m67Bmolh010933: from=, size=567, class=0, nrcpts=1, msgid=<76feedfd$7bf7f7ef$4fc49f89@gixr>, bodytype=8BITMIME, proto=ESMTP, daemon=Daemon0, relay=[124.133.160.88] ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, July 07, 2008 3:35 PM Subject: Re: MailScanner on FC8 don't pickup emails > Have you done > chkconfig sendmail off > chkconfig MailScanner on > service sendmail stop > service MailScanner start > ? > If you still have sendmail running from before you installed it, then you > will get symptoms you are seeing. > > > Luciano Grego wrote: >> I've used the default path in MailScanner.conf. ( >> INQDIR=/var/spool/mqueue.in ) >> and leaving MailScanner in /etc/init.d that starting sendmail in >> agreement. >> >> >> ----- Original Message ----- From: "Martin.Hepworth" >> >> To: "MailScanner discussion" >> Sent: Monday, July 07, 2008 1:07 PM >> Subject: RE: MailScanner on FC8 don't pickup emails >> >> >>> Luciano >>> >>> You should be using the rpm version for Fedora installs.. >>> >>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz >>> >>> Than follow the rpm based install instructions. >>> >>> You need to configure the MailScanner.conf to point at correct locations >>> for the sendmail queues etc. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Luciano Grego >>>> Sent: 07 July 2008 11:34 >>>> To: MailScanner discussion >>>> Subject: Re: MailScanner on FC8 don't pickup emails >>>> >>>> Hi, >>>> Excuse me for long list ... >>>> But ... in debug mode i should see the email passing through >>>> MailScanner? >>>> >>>> I have not answered your question first: What install >>>> instructions have you followed? >>>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh. >>>> >>>> -- >>>> >>>> mail root [ /var/log ] MailScanner --debug --debug-sa In >>>> Debugging mode, not forking... >>>> Trying to setlogsock(unix) >>>> 12:23:04 SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> 12:23:04 [10417] dbg: logger: adding facilities: all >>>> 12:23:04 [10417] dbg: logger: logging level is DBG >>>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 >>>> 12:23:04 [10417] dbg: config: score set 0 chosen. >>>> 12:23:04 [10417] dbg: util: running in taint mode? no >>>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 >>>> 12:23:04 [10417] dbg: ignore: test message to precompile >>>> patterns and load modules >>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>>> for site rules pre files >>>> 12:23:04 [10417] dbg: config: read file >>>> /etc/mail/spamassassin/init.pre >>>> 12:23:04 [10417] dbg: config: read file >>>> /etc/mail/spamassassin/v310.pre >>>> 12:23:04 [10417] dbg: config: read file >>>> /etc/mail/spamassassin/v312.pre >>>> 12:23:04 [10417] dbg: config: read file >>>> /etc/mail/spamassassin/v320.pre >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005" for sys rules pre files >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005" for default rules dir >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf >>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>>> for site rules dir >>>> 12:23:04 [10417] dbg: config: read file >>>> /etc/mail/spamassassin/mailscanner.cf >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::URIDNSBL >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Hashcash >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::SPF from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Razor2 >>>> from @INC >>>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::Razor2, already registered >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::SpamCop >>>> from @INC >>>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::AWL from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::MIMEHeader >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::SPF, already registered >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Check from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::URIDetail >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Bayes from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::BodyEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::DNSEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::HTMLEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::HeaderEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::MIMEEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::RelayEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::URIEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::WLBLEval >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::VBounce >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::ImageInfo >>>> from @INC >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::SPF, already registered >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>>> 12:23:04 [10417] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::Razor2, already registered >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>>> ault_prefs.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de >>>> fault_prefs.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>>> ault_prefs.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>>> ance_fee.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad >>>> vance_fee.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>>> ance_fee.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>>> y_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo >>>> dy_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>>> y_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>>> pensate.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co >>>> mpensate.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>>> pensate.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>>> bl_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn >>>> sbl_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>>> bl_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr >>>> ugs.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy >>>> nrdns.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>>> e_helo_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa >>>> ke_helo_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>>> e_helo_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>>> d_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he >>>> ad_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>>> d_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>>> l_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht >>>> ml_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>>> l_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>>> geinfo.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im >>>> ageinfo.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>>> geinfo.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>>> a_tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me >>>> ta_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>>> a_tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>>> _tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne >>>> t_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>>> _tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph >>>> rases.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po >>>> rn.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra >>>> tware.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>>> _tests.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur >>>> i_tests.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>>> _tests.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb >>>> ounce.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba >>>> yes.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac >>>> cessdb.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>>> ivirus.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an >>>> tivirus.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>>> ivirus.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as >>>> n.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc >>>> c.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk >>>> im.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>>> ainkeys.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do >>>> mainkeys.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>>> ainkeys.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha >>>> shcash.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py >>>> zor.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra >>>> zor2.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re >>>> place.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp >>>> f.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te >>>> xtcat.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur >>>> ibl.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_de.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_fr.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_it.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_nl.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_pl.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>>> t_pt_br.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>> xt_pt_br.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>>> t_pt_br.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc >>>> ores.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw >>>> l.cf" for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>>> rtcircuit.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh >>>> ortcircuit.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>>> rtcircuit.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>> itelist.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_dk.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>> itelist_dk.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_dk.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_dkim.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>> itelist_dkim.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_dkim.cf >>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_spf.cf >>>> 12:23:04 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>> itelist_spf.cf" >>>> for included file >>>> 12:23:04 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_spf.cf >>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_subject.cf >>>> 12:23:05 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>> itelist_subject.cf" >>>> for included file >>>> 12:23:05 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>> telist_subject.cf >>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>>> 12:23:05 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac >>>> tive.cf" for included file >>>> 12:23:05 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>>> 12:23:05 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re >>>> moved.cf" for included file >>>> 12:23:05 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>>> 12:23:05 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc >>>> ores.cf" for included file >>>> 12:23:05 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>>> itional.cf >>>> 12:23:05 [10417] dbg: config: using >>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad >>>> ditional.cf" >>>> for included file >>>> 12:23:05 [10417] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>>> itional.cf >>>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: >>>> __MO_OL_C65FA >>>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: >>>> __XM_OL_A842E >>>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: >>>> __MO_OL_8627E >>>> __MO_OL_F3B05 >>>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: >>>> __RATWARE_0_TZ_DATE >>>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: >>>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 >>>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 >>>> __XM_OL_F475E __XM_OL_F6D01 >>>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged >>>> duplicates: __MSGID_VGA >>>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>>> HS_SUBJ_NEW_SOFTWARE >>>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: >>>> __HAS_MSMAIL_PRI >>>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: >>>> __MO_OL_6554A >>>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: >>>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B >>>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 >>>> __XM_OL_F3B05 __XM_OL_FF5C8 >>>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: >>>> __MO_OL_B30D1 __MO_OL_CF0C0 >>>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: >>>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 >>>> KAM_STOCKTIP6 >>>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: >>>> __MO_OL_4F240 >>>> __MO_OL_ADFF7 >>>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: >>>> __MO_OL_BC7E6 >>>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: >>>> __MO_OL_4EEDB __MO_OL_7533E >>>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: >>>> __MO_OL_B4B40 >>>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>>> __HAS_ANY_URI >>>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: >>>> __XM_OL_EF20B >>>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >>>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER >>>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 >>>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE >>>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX >>>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS >>>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED >>>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY >>>> YOUR_CRD_RATING >>>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: >>>> __MO_OL_A842E >>>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: >>>> __MO_OL_FF5C8 >>>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: >>>> __MO_OL_F6D01 >>>> 12:23:05 [10417] dbg: conf: finish parsing >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) >>>> implements 'finish_parsing_end', priority 0 >>>> 12:23:05 [10417] dbg: replacetags: replacing tags >>>> 12:23:05 [10417] dbg: replacetags: done replacing tags >>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>> /etc/MailScanner/bayes/bayes__toks >>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>> /etc/MailScanner/bayes/bayes__seen >>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>>> 1 spam(s) in bayes DB < 200 >>>> 12:23:05 [10417] dbg: bayes: untie-ing >>>> 12:23:05 [10417] dbg: config: score set 1 chosen. >>>> 12:23:05 [10417] dbg: message: main message type: text/plain >>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- >>>> 12:23:05 [10417] dbg: message: parsing normal part >>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) >>>> implements 'check_start', priority 0 >>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>> /etc/MailScanner/bayes/bayes__toks >>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>> /etc/MailScanner/bayes/bayes__seen >>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>>> 1 spam(s) in bayes DB < 200 >>>> 12:23:05 [10417] dbg: bayes: untie-ing >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements >>>> 'check_main', priority 0 >>>> 12:23:05 [10417] dbg: conf: trusted_networks are not >>>> configured; it is recommended that you configure >>>> trusted_networks manually >>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: >>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: >>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: >>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>>> implements 'extract_metadata', priority 0 >>>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries: >>>> 12:23:05 [10417] dbg: message: no encoding detected >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) >>>> implements 'parsed_metadata', priority 0 >>>> 12:23:05 [10417] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>>> implements 'parsed_metadata', priority 0 >>>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 >>>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, >>>> LocalAddr: 0.0.0.0 >>>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is >>>> 110592 bytes >>>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config >>>> file, skipping test >>>> 12:23:05 [10417] dbg: uridnsbl: domains to query: >>>> 12:23:05 [10417] dbg: dns: checking RBL >>>> sa-other.bondedsender.org., set bsp-untrusted >>>> 12:23:05 [10417] dbg: dns: checking RBL >>>> plus.bondedsender.org., set ssc-firsttrusted >>>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl >>>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop >>>> 12:23:05 [10417] dbg: dns: checking RBL >>>> dob.sibl.support-intelligence.net., >>>> set dob >>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>>> set zen-lastexternal >>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set >>>> sorbs-lastexternal >>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs >>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>>> set zen-lastexternal >>>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set >>>> dnswl-firsttrusted >>>> 12:23:05 [10417] dbg: dns: checking RBL >>>> sa-accredit.habeas.com., set habeas-firsttrusted >>>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set >>>> dsbl-lastexternal >>>> 12:23:05 [10417] dbg: dns: checking RBL >>>> sa-trusted.bondedsender.org., set bsp-firsttrusted >>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen >>>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set >>>> iadb-firsttrusted >>>> 12:23:05 [10417] dbg: check: running tests for priority: -1000 >>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>> 12:23:05 [10417] dbg: eval: all '*From' addrs: >>>> ignore@compiling.spamassassin.taint.org >>>> 12:23:05 [10417] dbg: eval: all '*To' addrs: >>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>> 12:23:05 [10417] dbg: check: running tests for priority: -950 >>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>> 12:23:05 [10417] dbg: check: running tests for priority: -900 >>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>> 12:23:05 [10417] dbg: check: running tests for priority: -400 >>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>> 12:23:05 [10417] dbg: check: running tests for priority: 0 >>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF >>>> ======> got hit: >>>> "UNSET" >>>> 12:23:05 [10417] dbg: rules: ran header rule >>>> __MSOE_MID_WRONG_CASE ======> got hit: " >>>> 12:23:05 [10417] dbg: rules: Message-Id: " >>>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE >>>> ======> got hit: >>>> "UNSET" >>>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST >>>> ======> got >>>> hit: "@spamassassin_spamd_init>" >>>> 12:23:05 [10417] dbg: rules: ran header rule >>>> __MSGID_OK_DIGITS ======> got >>>> hit: "1215426184" >>>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID >>>> ======> got hit: >>>> "<" >>>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID >>>> ======> got hit: >>>> "<1215426184.34281@spamassassin_spamd_init> >>>> 12:23:05 [10417] dbg: rules: " >>>> 12:23:05 [10417] dbg: spf: checking to see if the message has >>>> a Received-SPF header that we can use >>>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks >>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>>> found, skipping SPF-helo check >>>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF >>>> headers, proceeding with DNS based checks >>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>>> found, skipping SPF check >>>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> >>>> got hit (1) >>>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already >>>> checked spf and didn't get pass, skipping whitelist check >>>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID >>>> ======> got hit >>>> (1) >>>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS >>>> ======> got hit >>>> (1) >>>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already >>>> checked spf and didn't get pass, skipping whitelist check >>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 >>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY >>>> ======> got hit: >>>> "I" >>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 >>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>> 12:23:05 [10417] dbg: eval: stock info total: 0 >>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581 >>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY >>>> ======> got hit: >>>> "need" >>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 >>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>> 12:23:05 [10417] dbg: info: entering helper-app run mode >>>> 12:23:06 [10417] dbg: info: leaving helper-app run mode >>>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0 >>>> 12:23:06 [10417] dbg: razor2: results: spam? 0 >>>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 >>>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 >>>> 12:23:06 [10417] dbg: util: current PATH is: >>>> /sbin:/bin:/usr/sbin:/usr/bin >>>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor >>>> executable found >>>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor >>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>> 12:23:06 [10417] dbg: check: running tests for priority: 500 >>>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries >>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled head tests >>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled body tests >>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled uri tests >>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: compiled full tests >>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has >>>> undefined dependency 'DCC_CHECK' >>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>> 12:23:06 [10417] dbg: check: running tests for priority: 1000 >>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled head tests >>>> 12:23:06 [10417] dbg: locker: safe_lock: created >>>> /root/.spamassassin/auto-whitelist.mutex >>>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock >>>> on /root/.spamassassin/auto-whitelist with 30 timeout >>>> 12:23:06 [10417] dbg: locker: safe_lock: link to >>>> /root/.spamassassin/auto-whitelist.mutex: link ok >>>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of >>>> type DB_File R/W in /root/.spamassassin/auto-whitelist >>>> 12:23:06 [10417] dbg: auto-whitelist: db-based >>>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 >>>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: >>>> 2.865, autolearn score: 2.865, mean: undef, IP: undef >>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing >>>> and unlocking >>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file >>>> locked, breaking lock >>>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked >>>> /root/.spamassassin/auto-whitelist.mutex >>>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865 >>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled body tests >>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled uri tests >>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled full tests >>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 >>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 >>>> 12:23:06 [10417] dbg: check: >>>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED >>>> ,NO_RELAYS >>>> 12:23:06 [10417] dbg: check: >>>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O >>>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV >>>> D_BODY,__UNUSABLE_MSGID >>>> 12:23:06 Building a message batch to scan... >>>> >>>> >>>> >>>> ----- Original Message ----- >>>> From: "Martin.Hepworth" >>>> To: "MailScanner discussion" >>>> Sent: Monday, July 07, 2008 12:08 PM >>>> Subject: RE: MailScanner on FC8 don't pickup emails >>>> >>>> >>>> > >>>> > >>>> > >>>> >> -----Original Message----- >>>> >> From: mailscanner-bounces@lists.mailscanner.info >>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> >> Of Luciano Grego >>>> >> Sent: 07 July 2008 11:00 >>>> >> To: MailScanner discussion >>>> >> Subject: Re: MailScanner on FC8 don't pickup emails >>>> >> >>>> >> >>>> >> ----- Original Message ----- >>>> >> From: "Martin.Hepworth" >>>> >> To: "MailScanner discussion" >>>> >> Sent: Monday, July 07, 2008 11:06 AM >>>> >> Subject: RE: MailScanner on FC8 don't pickup emails >>>> >> >>>> >> >>>> >> >I would have thought you'd need to change the Lock Type to >>>> >> the default >>>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >>>> >> change this) >>>> >> > >>>> >> > Also a "MailScanner --debug --debug-sa" output to a >>>> >> pastebin or web page >>>> >> > (as they can be large) would be interesting to see? >>>> >> > >>>> >> > What install instructions have you followed? >>>> >> > >>>> >> > -- >>>> >> > Martin Hepworth >>>> >> > Snr Systems Administrator >>>> >> > Solid State Logic >>>> >> > Tel: +44 (0)1865 842300 >>>> >> > >>>> >> >> -----Original Message----- >>>> >> >> From: mailscanner-bounces@lists.mailscanner.info >>>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> >> >> Of Luciano Grego >>>> >> >> Sent: 07 July 2008 09:54 >>>> >> >> To: mailscanner@lists.mailscanner.info >>>> >> >> Subject: MailScanner on FC8 don't pickup emails >>>> >> >> >>>> >> >> Hi, >>>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >>>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >>>> >> 4.71.2-2). >>>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >>>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >>>> >> >> It' s a locking problem? >>>> >> >> Must reinstall with --nodeps? >>>> >> >> >>>> >> >> Here 'MailScanner --lint': >>>> >> >> >>>> >> >> Trying to setlogsock(unix) >>>> >> >> Read 824 hostnames from the phishing whitelist Read 3052 >>>> >> >> hostnames from the phishing blacklist Checking version >>>> numbers... >>>> >> >> Version number in MailScanner.conf (4.71.2) is correct. >>>> >> >> >>>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf >>>> is correct. >>>> >> >> >>>> >> >> Checking for SpamAssassin errors (if you use it)... >>>> >> >> SpamAssassin temporary working directory is >>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> >> >> SpamAssassin temp dir = >>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> >> >> Using SpamAssassin results cache >>>> >> >> Connected to SpamAssassin cache database SpamAssassin >>>> >> >> reported no errors. >>>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >>>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav" >>>> >> >> Found these virus scanners installed: clamavmodule >>>> >> >> ============================================================== >>>> >> >> ============= >>>> >> >> Virus and Content Scanning: Starting >>>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >>>> >> >> Eicar-Test-Signature FOUND >>>> >> >> >>>> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >>>> >> >> Eicar-Test-Signature FOUND >>>> >> >> >>>> >> >> Virus Scanning: ClamAV found 2 infections Infected message >>>> >> >> 1.message came from Infected message 1 came from 10.1.1.1 >>>> >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >>>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >>>> >> >> Checks: Found 1 problems >>>> >> >> ============================================================== >>>> >> >> ============= >>>> >> >> Virus Scanner test reports: >>>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >>>> >> >> >>>> >> >> If any of your virus scanners (clamavmodule) are not listed >>>> >> >> there, you should check that they are installed correctly and >>>> >> >> that MailScanner is finding them correctly via its >>>> >> >> virus.scanners.conf. >>>> >> >> >>>> >> >> >>>> >> >> -- >>>> >> >> >>>> >> >> Here 'MailScanner -v': >>>> >> >> Running on >>>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >>>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >>>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >>>> >> >> >>>> >> >> This is MailScanner version 4.71.2 >>>> >> >> Module versions are: >>>> >> >> 1.00 AnyDBM_File >>>> >> >> 1.20 Archive::Zip >>>> >> >> 0.21 bignum >>>> >> >> 1.04 Carp >>>> >> >> 2.005 Compress::Zlib >>>> >> >> 1.119 Convert::BinHex >>>> >> >> 0.17 Convert::TNEF >>>> >> >> 2.121_08 Data::Dumper >>>> >> >> 2.27 Date::Parse >>>> >> >> 1.00 DirHandle >>>> >> >> 1.05 Fcntl >>>> >> >> 2.74 File::Basename >>>> >> >> 2.09 File::Copy >>>> >> >> 2.01 FileHandle >>>> >> >> 1.08 File::Path >>>> >> >> 0.20 File::Temp >>>> >> >> 0.90 Filesys::Df >>>> >> >> 1.35 HTML::Entities >>>> >> >> 3.56 HTML::Parser >>>> >> >> 2.37 HTML::TokeParser >>>> >> >> 1.23 IO >>>> >> >> 1.14 IO::File >>>> >> >> 1.13 IO::Pipe >>>> >> >> 2.02 Mail::Header >>>> >> >> 1.86 Math::BigInt >>>> >> >> 0.19 Math::BigRat >>>> >> >> 3.07 MIME::Base64 >>>> >> >> 5.425 MIME::Decoder >>>> >> >> 5.425 MIME::Decoder::UU >>>> >> >> 5.425 MIME::Head >>>> >> >> 5.425 MIME::Parser >>>> >> >> 3.07 MIME::QuotedPrint >>>> >> >> 5.425 MIME::Tools >>>> >> >> 0.11 Net::CIDR >>>> >> >> 1.25 Net::IP >>>> >> >> 0.16 OLE::Storage_Lite >>>> >> >> 1.04 Pod::Escapes >>>> >> >> 3.05 Pod::Simple >>>> >> >> 1.09 POSIX >>>> >> >> 1.19 Scalar::Util >>>> >> >> 1.78 Socket >>>> >> >> 2.15 Storable >>>> >> >> 1.4 Sys::Hostname::Long >>>> >> >> 0.18 Sys::Syslog >>>> >> >> 1.26 Test::Pod >>>> >> >> 0.78 Test::Simple >>>> >> >> 1.86 Time::HiRes >>>> >> >> 1.02 Time::localtime >>>> >> >> >>>> >> >> Optional module versions are: >>>> >> >> 1.34 Archive::Tar >>>> >> >> 0.21 bignum >>>> >> >> 1.82 Business::ISBN >>>> >> >> 1.10 Business::ISBN::Data >>>> >> >> 1.08 Data::Dump >>>> >> >> 1.815 DB_File >>>> >> >> 1.14 DBD::SQLite >>>> >> >> 1.58 DBI >>>> >> >> 1.15 Digest >>>> >> >> 1.01 Digest::HMAC >>>> >> >> 2.36 Digest::MD5 >>>> >> >> 2.11 Digest::SHA1 >>>> >> >> 1.00 Encode::Detect >>>> >> >> 0.17010 Error >>>> >> >> 0.18 ExtUtils::CBuilder >>>> >> >> 2.18 ExtUtils::ParseXS >>>> >> >> 2.36 Getopt::Long >>>> >> >> 0.44 Inline >>>> >> >> 1.08 IO::String >>>> >> >> 1.07 IO::Zlib >>>> >> >> 2.21 IP::Country >>>> >> >> 0.22 Mail::ClamAV >>>> >> >> 3.002005 Mail::SpamAssassin >>>> >> >> v2.005 Mail::SPF >>>> >> >> 1.999001 Mail::SPF::Query >>>> >> >> 0.2808 Module::Build >>>> >> >> 0.20 Net::CIDR::Lite >>>> >> >> 0.63 Net::DNS >>>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >>>> >> >> 4.004 NetAddr::IP >>>> >> >> 1.94 Parse::RecDescent >>>> >> >> missing SAVI >>>> >> >> 2.64 Test::Harness >>>> >> >> 0.95 Test::Manifest >>>> >> >> 1.98 Text::Balanced >>>> >> >> 1.35 URI >>>> >> >> 0.7203 version >>>> >> >> 0.62 YAML >>>> >> >> >>>> >> >> Thanks >>>> >> >> Luciano. >>>> >> >> >>>> > >>>> >> > -- >>>> >> > MailScanner mailing list >>>> >> > mailscanner@lists.mailscanner.info >>>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >> > >>>> >> > Before posting, read http://wiki.mailscanner.info/posting >>>> >> > >>>> >> > Support MailScanner development - buy the book off the website! >>>> >> > >>>> >> > -- >>>> >> > Il messaggio e' stato analizzato alla ricerca di virus o >>>> >> > contenuti pericolosi da MailScanner, ed e' >>>> >> > risultato non infetto. >>>> >> > >>>> >> > >>>> >> >>>> >> HI Martin, >>>> >> Lock Type = flock >>>> >> ... for test my ideas ... >>>> >> >>>> >> I've setup this Mailscanner box for my client and >>>> >> i' ve reboot the machine friday at 18:45 with new params. >>>> >> Now i'm checking logs and i see Mailscanner pickup messages >>>> >> from Sunday at >>>> >> 15:00. None first! >>>> >> MailScanner needs more time for starting up? >>>> >> >>>> >> I' ve put >>>> >> Lock Type = >>>> >> now and >>>> >> 'service MailScanner restart'. >>>> >> Thank you. >>>> >> L. >>>> >> >>>> >> >>>> > >>>> > Hi >>>> > >>>> > Anything in the maillog reguarding mailScanner??? >>>> > >>>> > Should only take a few seconds to get going. >>>> > >>>> > I'd drop to debug and see if you can spot anything. >>>> > >>>> > >>>> > -- >>>> > Martin Hepworth >>>> > Snr Systems Administrator >>>> > Solid State Logic >>>> > Tel: +44 (0)1865 842300 >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> ********************************************************************** >>>> > Confidentiality : This e-mail and any attachments are >>>> intended for the >>>> > addressee only and may be confidential. If they come to you in error >>>> > you must take no action based on them, nor must you copy or >>>> show them >>>> > to anyone. Please advise the sender by replying to this e-mail >>>> > immediately and then delete the original from your computer. >>>> > Opinion : Any opinions expressed in this e-mail are >>>> entirely those of >>>> > the author and unless specifically stated to the contrary, are not >>>> > necessarily those of the author's employer. >>>> > Security Warning : Internet e-mail is not necessarily a secure >>>> > communications medium and can be subject to data >>>> corruption. We advise >>>> > that you consider this fact when e-mailing us. >>>> > Viruses : We have taken steps to ensure that this e-mail and any >>>> > attachments are free from known viruses but in keeping with good >>>> > computing practice, you should ensure that they are virus free. >>>> > >>>> > Red Lion 49 Ltd T/A Solid State Logic >>>> > Registered as a limited company in England and Wales >>>> > (Company No:5362730) >>>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> > United Kingdom >>>> > >>>> ********************************************************************** >>>> > >>>> > -- >>>> > MailScanner mailing list >>>> > mailscanner@lists.mailscanner.info >>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> > >>>> > Before posting, read http://wiki.mailscanner.info/posting >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> > -- >>>> > Il messaggio e' stato analizzato alla ricerca di virus o >>>> > contenuti pericolosi da MailScanner, ed e' >>>> > risultato non infetto. >>>> > >>>> > >>>> >>>> >>>> >>>> -- >>>> Il messaggio e' stato analizzato alla ricerca di virus o >>>> contenuti pericolosi da MailScanner, ed e' >>>> risultato non infetto. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended for the >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We advise >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> ********************************************************************** >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Il messaggio e' stato analizzato alla ricerca di virus o >>> contenuti pericolosi da MailScanner, ed e' >>> risultato non infetto. >>> >>> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From MailScanner at ecs.soton.ac.uk Mon Jul 7 15:25:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 7 15:25:57 2008 Subject: Bypassing Custom PLugin In-Reply-To: References: Message-ID: <4872275A.2060601@ecs.soton.ac.uk> Do you mean a "Custom Function" or a "Generic Spam Scanner" or a "Generic Virus Scanner"? If you mean a "Custom Function" then what configuration setting have you attached it to? Rick Duval wrote: > I have written a customs plugin and part of what it does is log every > email that is passed to it but some emails never seem to reach it. > > Can anyone tell me where this might be happening? > > Thanks Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jul 7 15:27:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 7 15:27:42 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> <48721BA8.4060507@ecs.soton.ac.uk> Message-ID: <487227BD.4050502@ecs.soton.ac.uk> Why are you setting "Lock Type = flock"? What version of sendmail are you running and what operating system are you running? Have you just tried leaving "Lock Type =" (i.e. leaving it set blank)? Luciano Grego wrote: > Hi, > Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) > plus reboot the machine many times. > The strange things is: > LOCK TYPE = flock + reboot > Mailscanner see the messages ( with errors ), here the mail log: > > Jul 6 15:54:39 mail sendmail[2160]: m66DsbjM002160: > from=, size=581, class=0, nrcpts=1, > msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, > daemon=Daemon0, relay=[89.123.92.101] > Jul 6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX, > delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0, > stat=Sent > Jul 6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 > messages, 1034 bytes > Jul 6 15:54:40 mail MailScanner[21651]: Spam Checks: Starting > Jul 6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=xxxxxxx, > delay=00:00:01, xdelay=00:00:00, mailer=local, pri=60768, dsn=2.0.0, > stat=Sent > Jul 6 15:54:40 mail MailScanner[21651]: RBL checks: m66DsbjM002160 > found in spamhaus-ZEN > Jul 6 15:54:45 mail MailScanner[21651]: Message m66DsbjM002160 from > 89.123.92.101 (tequilla99@hotmail.com) to xxxxxxx.it is spam, > spamhaus-ZEN, SpamAssassin (not cached, punteggio=26.821, necessario > 4, autolearn=spam, FORGED_HOTMAIL_RCVD2 1.12, HELO_LH_HOME 3.17, > INVALID_DATE 1.65, RAZOR2_CF_RANGE_51_100 0.50, > RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.51, > RCVD_IN_XBL 2.90, RDNS_NONE 0.10, SPF_SOFTFAIL 0.65, SUBJ_ALL_CAPS > 1.81, URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86, URIBL_OB_SURBL 2.13, > URIBL_RHS_DOB 0.90, URIBL_SBL 2.47, URIBL_WS_SURBL 2.10) > Jul 6 15:54:45 mail MailScanner[21651]: Spam Checks: Found 1 spam > messages > Jul 6 15:54:45 mail MailScanner[21651]: Spam Actions: message > m66DsbjM002160 actions are store > Jul 6 15:54:45 mail MailScanner[21651]: Unlinking > /var/spool/mqueue.in/qfm66DsbjM002160 failed: No such file or directory > Jul 6 15:54:45 mail MailScanner[21651]: Unlinking > /var/spool/mqueue.in/dfm66DsbjM002160 failed: No such file or directory > Jul 6 15:54:45 mail MailScanner[21651]: Virus and Content Scanning: > Starting > Jul 6 15:54:51 mail MailScanner[21651]: MailScanner child dying of > old age > Jul 6 15:54:51 mail MailScanner[2174]: MailScanner E-Mail Virus > Scanner version 4.71.2 starting... > Jul 6 15:54:51 mail MailScanner[2174]: Read 824 hostnames from the > phishing whitelist > Jul 6 15:54:51 mail MailScanner[2174]: Read 3090 hostnames from the > phishing blacklist > Jul 6 15:54:51 mail MailScanner[2174]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Jul 6 15:54:51 mail MailScanner[2174]: Using SpamAssassin results cache > Jul 6 15:54:51 mail MailScanner[2174]: Connected to SpamAssassin > cache database > Jul 6 15:54:51 mail MailScanner[2174]: Enabling SpamAssassin > auto-whitelist functionality... > Jul 6 15:54:53 mail MailScanner[2174]: ClamAV scanner using unrar > command /usr/bin/unrar > Jul 6 15:54:53 mail MailScanner[2174]: Using locktype = flock > Jul 6 16:01:01 mail update.bad.phishing.sites: Delaying cron job up > to 600 seconds > Jul 6 16:09:43 mail update.virus.scanners: Delaying cron job up to > 600 seconds > Jul 6 16:12:23 mail update.virus.scanners: Found clamav installed > Jul 6 16:12:23 mail update.virus.scanners: Running autoupdate for clamav > Jul 6 16:12:23 mail ClamAV-autoupdate[2261]: ClamAV did not need > updating > Jul 6 16:12:23 mail update.virus.scanners: Found generic installed > > Again, > LOCK TYPE = > Mailscanner don't see any messages: > > Jul 7 12:36:20 mail MailScanner[10714]: MailScanner E-Mail Virus > Scanner version 4.71.2 starting... > Jul 7 12:36:20 mail MailScanner[10714]: Read 824 hostnames from the > phishing whitelist > Jul 7 12:36:20 mail MailScanner[10714]: Read 3056 hostnames from the > phishing blacklist > Jul 7 12:36:20 mail MailScanner[10714]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Jul 7 12:36:20 mail MailScanner[10714]: Using SpamAssassin results cache > Jul 7 12:36:20 mail MailScanner[10714]: Connected to SpamAssassin > cache database > Jul 7 12:36:20 mail MailScanner[10714]: Enabling SpamAssassin > auto-whitelist functionality... > Jul 7 12:36:22 mail MailScanner[10714]: ClamAV scanner using unrar > command /usr/bin/unrar > Jul 7 12:36:22 mail MailScanner[10714]: Using locktype = posix > Jul 7 13:01:01 mail update.bad.phishing.sites: Delaying cron job up > to 600 seconds > Jul 7 13:10:54 mail update.virus.scanners: Delaying cron job up to > 600 seconds > Jul 7 13:12:48 mail update.virus.scanners: Found clamav installed > Jul 7 13:12:48 mail update.virus.scanners: Running autoupdate for clamav > Jul 7 13:13:22 mail ClamAV-autoupdate[10805]: ClamAV updated > Jul 7 13:13:22 mail update.virus.scanners: Found generic installed > Jul 7 13:13:22 mail update.virus.scanners: Running autoupdate for > generic > Jul 7 13:27:34 mail sendmail[10919]: m67BRTfq010919: > ... User unknown > Jul 7 13:27:34 mail sendmail[10919]: m67BRTfq010919: > from=, size=0, class=0, nrcpts=0, > proto=ESMTP, daemon=Daemon0, relay=[82.114.71.182] > Jul 7 13:29:14 mail sendmail[10920]: m67BTCqS010920: > from=, size=5082, class=0, nrcpts=1, > msgid=<200807071129.10479701581833459663@mx1.sfarratu.com>, > proto=SMTP, daemon=Daemon0, relay=mx1.sfarratu.com [69.12.222.232] > Jul 7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, > delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, > stat=Sent > Jul 7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, > delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, > stat=Sent > Jul 7 13:33:54 mail sendmail[10924]: m67BXr3X010924: > from=, size=5172, class=0, nrcpts=1, > msgid=<000001c8e025$57cd8e40$1400000a@acerfed0a54eeb>, proto=ESMTP, > daemon=Daemon0, relay=jack.mail.tiscali.it [213.205.33.53] > Jul 7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, > delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, > stat=Sent > Jul 7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, > delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, > stat=Sent > Jul 7 13:48:59 mail sendmail[10933]: m67Bmolh010933: > from=, size=567, class=0, nrcpts=1, > msgid=<76feedfd$7bf7f7ef$4fc49f89@gixr>, bodytype=8BITMIME, > proto=ESMTP, daemon=Daemon0, relay=[124.133.160.88] > > > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, July 07, 2008 3:35 PM > Subject: Re: MailScanner on FC8 don't pickup emails > > >> Have you done >> chkconfig sendmail off >> chkconfig MailScanner on >> service sendmail stop >> service MailScanner start >> ? >> If you still have sendmail running from before you installed it, then >> you will get symptoms you are seeing. >> >> >> Luciano Grego wrote: >>> I've used the default path in MailScanner.conf. ( >>> INQDIR=/var/spool/mqueue.in ) >>> and leaving MailScanner in /etc/init.d that starting sendmail in >>> agreement. >>> >>> >>> ----- Original Message ----- From: "Martin.Hepworth" >>> >>> To: "MailScanner discussion" >>> Sent: Monday, July 07, 2008 1:07 PM >>> Subject: RE: MailScanner on FC8 don't pickup emails >>> >>> >>>> Luciano >>>> >>>> You should be using the rpm version for Fedora installs.. >>>> >>>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz >>>> >>>> >>>> Than follow the rpm based install instructions. >>>> >>>> You need to configure the MailScanner.conf to point at correct >>>> locations for the sendmail queues etc. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Luciano Grego >>>>> Sent: 07 July 2008 11:34 >>>>> To: MailScanner discussion >>>>> Subject: Re: MailScanner on FC8 don't pickup emails >>>>> >>>>> Hi, >>>>> Excuse me for long list ... >>>>> But ... in debug mode i should see the email passing through >>>>> MailScanner? >>>>> >>>>> I have not answered your question first: What install >>>>> instructions have you followed? >>>>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh. >>>>> >>>>> -- >>>>> >>>>> mail root [ /var/log ] MailScanner --debug --debug-sa In >>>>> Debugging mode, not forking... >>>>> Trying to setlogsock(unix) >>>>> 12:23:04 SpamAssassin temp dir = >>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> 12:23:04 [10417] dbg: logger: adding facilities: all >>>>> 12:23:04 [10417] dbg: logger: logging level is DBG >>>>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5 >>>>> 12:23:04 [10417] dbg: config: score set 0 chosen. >>>>> 12:23:04 [10417] dbg: util: running in taint mode? no >>>>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>>>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63 >>>>> 12:23:04 [10417] dbg: ignore: test message to precompile >>>>> patterns and load modules >>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>>>> for site rules pre files >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /etc/mail/spamassassin/init.pre >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /etc/mail/spamassassin/v310.pre >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /etc/mail/spamassassin/v312.pre >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /etc/mail/spamassassin/v320.pre >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005" for sys rules pre files >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005" for default rules dir >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf >>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" >>>>> for site rules dir >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /etc/mail/spamassassin/mailscanner.cf >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDNSBL >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Hashcash >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SPF from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 >>>>> from @INC >>>>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84 >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>>>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::Razor2, already registered >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SpamCop >>>>> from @INC >>>>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AWL from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEHeader >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::SPF, already registered >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Check from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDetail >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Bayes from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::BodyEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::DNSEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::HTMLEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::HeaderEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WLBLEval >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::VBounce >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ImageInfo >>>>> from @INC >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::SPF, already registered >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >>>>> 12:23:04 [10417] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::Razor2, already registered >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>>>> ault_prefs.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de >>>>> fault_prefs.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def >>>>> ault_prefs.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>>>> ance_fee.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad >>>>> vance_fee.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv >>>>> ance_fee.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>>>> y_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo >>>>> dy_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod >>>>> y_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>>>> pensate.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co >>>>> mpensate.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com >>>>> pensate.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>>>> bl_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn >>>>> sbl_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns >>>>> bl_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr >>>>> ugs.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy >>>>> nrdns.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>>>> e_helo_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa >>>>> ke_helo_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak >>>>> e_helo_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>>>> d_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he >>>>> ad_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea >>>>> d_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>>>> l_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht >>>>> ml_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm >>>>> l_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>>>> geinfo.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im >>>>> ageinfo.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima >>>>> geinfo.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>>>> a_tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me >>>>> ta_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met >>>>> a_tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>>>> _tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne >>>>> t_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net >>>>> _tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph >>>>> rases.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po >>>>> rn.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra >>>>> tware.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>>>> _tests.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur >>>>> i_tests.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri >>>>> _tests.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb >>>>> ounce.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba >>>>> yes.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>>>> >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac >>>>> cessdb.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf >>>>> >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>>>> ivirus.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an >>>>> tivirus.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant >>>>> ivirus.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as >>>>> n.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc >>>>> c.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk >>>>> im.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>>>> ainkeys.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do >>>>> mainkeys.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom >>>>> ainkeys.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>>>> >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha >>>>> shcash.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf >>>>> >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py >>>>> zor.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra >>>>> zor2.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re >>>>> place.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp >>>>> f.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te >>>>> xtcat.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur >>>>> ibl.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_de.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_fr.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_it.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_nl.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_pl.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>>>> t_pt_br.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te >>>>> xt_pt_br.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex >>>>> t_pt_br.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc >>>>> ores.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw >>>>> l.cf" for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>>>> rtcircuit.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh >>>>> ortcircuit.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho >>>>> rtcircuit.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>>> itelist.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_dk.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>>> itelist_dk.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_dk.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_dkim.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>>> itelist_dkim.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_dkim.cf >>>>> 12:23:04 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_spf.cf >>>>> 12:23:04 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>>> itelist_spf.cf" >>>>> for included file >>>>> 12:23:04 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_spf.cf >>>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_subject.cf >>>>> 12:23:05 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh >>>>> itelist_subject.cf" >>>>> for included file >>>>> 12:23:05 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi >>>>> telist_subject.cf >>>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>>>> 12:23:05 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac >>>>> tive.cf" for included file >>>>> 12:23:05 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf >>>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>>>> 12:23:05 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re >>>>> moved.cf" for included file >>>>> 12:23:05 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf >>>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>>>> 12:23:05 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc >>>>> ores.cf" for included file >>>>> 12:23:05 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf >>>>> 12:23:05 [10417] dbg: config: fixed relative path: >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>>>> itional.cf >>>>> 12:23:05 [10417] dbg: config: using >>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad >>>>> ditional.cf" >>>>> for included file >>>>> 12:23:05 [10417] dbg: config: read file >>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add >>>>> itional.cf >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: >>>>> __MO_OL_C65FA >>>>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: >>>>> __XM_OL_A842E >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: >>>>> __MO_OL_8627E >>>>> __MO_OL_F3B05 >>>>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: >>>>> __RATWARE_0_TZ_DATE >>>>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: >>>>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 >>>>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 >>>>> __XM_OL_F475E __XM_OL_F6D01 >>>>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged >>>>> duplicates: __MSGID_VGA >>>>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>>>> HS_SUBJ_NEW_SOFTWARE >>>>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: >>>>> __HAS_MSMAIL_PRI >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: >>>>> __MO_OL_6554A >>>>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: >>>>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B >>>>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 >>>>> __XM_OL_F3B05 __XM_OL_FF5C8 >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: >>>>> __MO_OL_B30D1 __MO_OL_CF0C0 >>>>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: >>>>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 >>>>> KAM_STOCKTIP6 >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: >>>>> __MO_OL_4F240 >>>>> __MO_OL_ADFF7 >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: >>>>> __MO_OL_BC7E6 >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: >>>>> __MO_OL_4EEDB __MO_OL_7533E >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: >>>>> __MO_OL_B4B40 >>>>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>>>> __HAS_ANY_URI >>>>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: >>>>> __XM_OL_EF20B >>>>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >>>>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER >>>>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 >>>>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE >>>>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX >>>>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS >>>>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED >>>>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY >>>>> YOUR_CRD_RATING >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: >>>>> __MO_OL_A842E >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: >>>>> __MO_OL_FF5C8 >>>>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: >>>>> __MO_OL_F6D01 >>>>> 12:23:05 [10417] dbg: conf: finish parsing >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) >>>>> implements 'finish_parsing_end', priority 0 >>>>> 12:23:05 [10417] dbg: replacetags: replacing tags >>>>> 12:23:05 [10417] dbg: replacetags: done replacing tags >>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>>> /etc/MailScanner/bayes/bayes__toks >>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>>> /etc/MailScanner/bayes/bayes__seen >>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>>>> 1 spam(s) in bayes DB < 200 >>>>> 12:23:05 [10417] dbg: bayes: untie-ing >>>>> 12:23:05 [10417] dbg: config: score set 1 chosen. >>>>> 12:23:05 [10417] dbg: message: main message type: text/plain >>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ---- >>>>> 12:23:05 [10417] dbg: message: parsing normal part >>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ---- >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) >>>>> implements 'check_start', priority 0 >>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>>> /etc/MailScanner/bayes/bayes__toks >>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O >>>>> /etc/MailScanner/bayes/bayes__seen >>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3 >>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0 >>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only >>>>> 1 spam(s) in bayes DB < 200 >>>>> 12:23:05 [10417] dbg: bayes: untie-ing >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements >>>>> 'check_main', priority 0 >>>>> 12:23:05 [10417] dbg: conf: trusted_networks are not >>>>> configured; it is recommended that you configure >>>>> trusted_networks manually >>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted: >>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted: >>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal: >>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External: >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>>>> implements 'extract_metadata', priority 0 >>>>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries: >>>>> 12:23:05 [10417] dbg: message: no encoding detected >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) >>>>> implements 'parsed_metadata', priority 0 >>>>> 12:23:05 [10417] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) >>>>> implements 'parsed_metadata', priority 0 >>>>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes >>>>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63 >>>>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, >>>>> LocalAddr: 0.0.0.0 >>>>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is >>>>> 110592 bytes >>>>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config >>>>> file, skipping test >>>>> 12:23:05 [10417] dbg: uridnsbl: domains to query: >>>>> 12:23:05 [10417] dbg: dns: checking RBL >>>>> sa-other.bondedsender.org., set bsp-untrusted >>>>> 12:23:05 [10417] dbg: dns: checking RBL >>>>> plus.bondedsender.org., set ssc-firsttrusted >>>>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set >>>>> njabl >>>>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop >>>>> 12:23:05 [10417] dbg: dns: checking RBL >>>>> dob.sibl.support-intelligence.net., >>>>> set dob >>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>>>> set zen-lastexternal >>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set >>>>> sorbs-lastexternal >>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs >>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., >>>>> set zen-lastexternal >>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set >>>>> dnswl-firsttrusted >>>>> 12:23:05 [10417] dbg: dns: checking RBL >>>>> sa-accredit.habeas.com., set habeas-firsttrusted >>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set >>>>> dsbl-lastexternal >>>>> 12:23:05 [10417] dbg: dns: checking RBL >>>>> sa-trusted.bondedsender.org., set bsp-firsttrusted >>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen >>>>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set >>>>> iadb-firsttrusted >>>>> 12:23:05 [10417] dbg: check: running tests for priority: -1000 >>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>>> 12:23:05 [10417] dbg: eval: all '*From' addrs: >>>>> ignore@compiling.spamassassin.taint.org >>>>> 12:23:05 [10417] dbg: eval: all '*To' addrs: >>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>>> 12:23:05 [10417] dbg: check: running tests for priority: -950 >>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>>> 12:23:05 [10417] dbg: check: running tests for priority: -900 >>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>>> 12:23:05 [10417] dbg: check: running tests for priority: -400 >>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled meta tests >>>>> 12:23:05 [10417] dbg: check: running tests for priority: 0 >>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0 >>>>> 12:23:05 [10417] dbg: rules: compiled head tests >>>>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF >>>>> ======> got hit: >>>>> "UNSET" >>>>> 12:23:05 [10417] dbg: rules: ran header rule >>>>> __MSOE_MID_WRONG_CASE ======> got hit: " >>>>> 12:23:05 [10417] dbg: rules: Message-Id: " >>>>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE >>>>> ======> got hit: >>>>> "UNSET" >>>>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST >>>>> ======> got >>>>> hit: "@spamassassin_spamd_init>" >>>>> 12:23:05 [10417] dbg: rules: ran header rule >>>>> __MSGID_OK_DIGITS ======> got >>>>> hit: "1215426184" >>>>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID >>>>> ======> got hit: >>>>> "<" >>>>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID >>>>> ======> got hit: >>>>> "<1215426184.34281@spamassassin_spamd_init> >>>>> 12:23:05 [10417] dbg: rules: " >>>>> 12:23:05 [10417] dbg: spf: checking to see if the message has >>>>> a Received-SPF header that we can use >>>>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks >>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>>>> found, skipping SPF-helo check >>>>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF >>>>> headers, proceeding with DNS based checks >>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use >>>>> found, skipping SPF check >>>>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> >>>>> got hit (1) >>>>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already >>>>> checked spf and didn't get pass, skipping whitelist check >>>>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID >>>>> ======> got hit >>>>> (1) >>>>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS >>>>> ======> got hit >>>>> (1) >>>>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already >>>>> checked spf and didn't get pass, skipping whitelist check >>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581 >>>>> 12:23:05 [10417] dbg: rules: compiled body tests >>>>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY >>>>> ======> got hit: >>>>> "I" >>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581 >>>>> 12:23:05 [10417] dbg: rules: compiled uri tests >>>>> 12:23:05 [10417] dbg: eval: stock info total: 0 >>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so >>>>> far=1.581 >>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY >>>>> ======> got hit: >>>>> "need" >>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581 >>>>> 12:23:05 [10417] dbg: rules: compiled full tests >>>>> 12:23:05 [10417] dbg: info: entering helper-app run mode >>>>> 12:23:06 [10417] dbg: info: leaving helper-app run mode >>>>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 >>>>> confidence=0 >>>>> 12:23:06 [10417] dbg: razor2: results: spam? 0 >>>>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0 >>>>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0 >>>>> 12:23:06 [10417] dbg: util: current PATH is: >>>>> /sbin:/bin:/usr/sbin:/usr/bin >>>>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor >>>>> executable found >>>>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor >>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>>> 12:23:06 [10417] dbg: check: running tests for priority: 500 >>>>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries >>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled head tests >>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled body tests >>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled uri tests >>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so >>>>> far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: compiled full tests >>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581 >>>>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has >>>>> undefined dependency 'DCC_CHECK' >>>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>>> 12:23:06 [10417] dbg: check: running tests for priority: 1000 >>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled head tests >>>>> 12:23:06 [10417] dbg: locker: safe_lock: created >>>>> /root/.spamassassin/auto-whitelist.mutex >>>>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock >>>>> on /root/.spamassassin/auto-whitelist with 30 timeout >>>>> 12:23:06 [10417] dbg: locker: safe_lock: link to >>>>> /root/.spamassassin/auto-whitelist.mutex: link ok >>>>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of >>>>> type DB_File R/W in /root/.spamassassin/auto-whitelist >>>>> 12:23:06 [10417] dbg: auto-whitelist: db-based >>>>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 >>>>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: >>>>> 2.865, autolearn score: 2.865, mean: undef, IP: undef >>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing >>>>> and unlocking >>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file >>>>> locked, breaking lock >>>>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked >>>>> /root/.spamassassin/auto-whitelist.mutex >>>>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: >>>>> 2.865 >>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled body tests >>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled uri tests >>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so >>>>> far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests >>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled full tests >>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865 >>>>> 12:23:06 [10417] dbg: rules: compiled meta tests >>>>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5 >>>>> 12:23:06 [10417] dbg: check: >>>>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED >>>>> ,NO_RELAYS >>>>> 12:23:06 [10417] dbg: check: >>>>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O >>>>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV >>>>> D_BODY,__UNUSABLE_MSGID >>>>> 12:23:06 Building a message batch to scan... >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>> From: "Martin.Hepworth" >>>>> To: "MailScanner discussion" >>>>> Sent: Monday, July 07, 2008 12:08 PM >>>>> Subject: RE: MailScanner on FC8 don't pickup emails >>>>> >>>>> >>>>> > >>>>> > >>>>> > >>>>> >> -----Original Message----- >>>>> >> From: mailscanner-bounces@lists.mailscanner.info >>>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> >> Of Luciano Grego >>>>> >> Sent: 07 July 2008 11:00 >>>>> >> To: MailScanner discussion >>>>> >> Subject: Re: MailScanner on FC8 don't pickup emails >>>>> >> >>>>> >> >>>>> >> ----- Original Message ----- >>>>> >> From: "Martin.Hepworth" >>>>> >> To: "MailScanner discussion" >>>>> >> Sent: Monday, July 07, 2008 11:06 AM >>>>> >> Subject: RE: MailScanner on FC8 don't pickup emails >>>>> >> >>>>> >> >>>>> >> >I would have thought you'd need to change the Lock Type to >>>>> >> the default >>>>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora >>>>> >> change this) >>>>> >> > >>>>> >> > Also a "MailScanner --debug --debug-sa" output to a >>>>> >> pastebin or web page >>>>> >> > (as they can be large) would be interesting to see? >>>>> >> > >>>>> >> > What install instructions have you followed? >>>>> >> > >>>>> >> > -- >>>>> >> > Martin Hepworth >>>>> >> > Snr Systems Administrator >>>>> >> > Solid State Logic >>>>> >> > Tel: +44 (0)1865 842300 >>>>> >> > >>>>> >> >> -----Original Message----- >>>>> >> >> From: mailscanner-bounces@lists.mailscanner.info >>>>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> >> >> Of Luciano Grego >>>>> >> >> Sent: 07 July 2008 09:54 >>>>> >> >> To: mailscanner@lists.mailscanner.info >>>>> >> >> Subject: MailScanner on FC8 don't pickup emails >>>>> >> >> >>>>> >> >> Hi, >>>>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then >>>>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and >>>>> >> 4.71.2-2). >>>>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner. >>>>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ). >>>>> >> >> It' s a locking problem? >>>>> >> >> Must reinstall with --nodeps? >>>>> >> >> >>>>> >> >> Here 'MailScanner --lint': >>>>> >> >> >>>>> >> >> Trying to setlogsock(unix) >>>>> >> >> Read 824 hostnames from the phishing whitelist Read 3052 >>>>> >> >> hostnames from the phishing blacklist Checking version >>>>> numbers... >>>>> >> >> Version number in MailScanner.conf (4.71.2) is correct. >>>>> >> >> >>>>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf >>>>> is correct. >>>>> >> >> >>>>> >> >> Checking for SpamAssassin errors (if you use it)... >>>>> >> >> SpamAssassin temporary working directory is >>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> >> >> SpamAssassin temp dir = >>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> >> >> Using SpamAssassin results cache >>>>> >> >> Connected to SpamAssassin cache database SpamAssassin >>>>> >> >> reported no errors. >>>>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using >>>>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = >>>>> clamav" >>>>> >> >> Found these virus scanners installed: clamavmodule >>>>> >> >> ============================================================== >>>>> >> >> ============= >>>>> >> >> Virus and Content Scanning: Starting >>>>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com: >>>>> >> >> Eicar-Test-Signature FOUND >>>>> >> >> >>>>> >> >> /var/spool/MailScanner/incoming/9520/./1.message: >>>>> >> >> Eicar-Test-Signature FOUND >>>>> >> >> >>>>> >> >> Virus Scanning: ClamAV found 2 infections Infected message >>>>> >> >> 1.message came from Infected message 1 came from 10.1.1.1 >>>>> >> >> Virus Scanning: Found 2 viruses Filename Checks: (1 >>>>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other >>>>> >> >> Checks: Found 1 problems >>>>> >> >> ============================================================== >>>>> >> >> ============= >>>>> >> >> Virus Scanner test reports: >>>>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >>>>> >> >> >>>>> >> >> If any of your virus scanners (clamavmodule) are not listed >>>>> >> >> there, you should check that they are installed correctly and >>>>> >> >> that MailScanner is finding them correctly via its >>>>> >> >> virus.scanners.conf. >>>>> >> >> >>>>> >> >> >>>>> >> >> -- >>>>> >> >> >>>>> >> >> Here 'MailScanner -v': >>>>> >> >> Running on >>>>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT >>>>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8 >>>>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8) >>>>> >> >> >>>>> >> >> This is MailScanner version 4.71.2 >>>>> >> >> Module versions are: >>>>> >> >> 1.00 AnyDBM_File >>>>> >> >> 1.20 Archive::Zip >>>>> >> >> 0.21 bignum >>>>> >> >> 1.04 Carp >>>>> >> >> 2.005 Compress::Zlib >>>>> >> >> 1.119 Convert::BinHex >>>>> >> >> 0.17 Convert::TNEF >>>>> >> >> 2.121_08 Data::Dumper >>>>> >> >> 2.27 Date::Parse >>>>> >> >> 1.00 DirHandle >>>>> >> >> 1.05 Fcntl >>>>> >> >> 2.74 File::Basename >>>>> >> >> 2.09 File::Copy >>>>> >> >> 2.01 FileHandle >>>>> >> >> 1.08 File::Path >>>>> >> >> 0.20 File::Temp >>>>> >> >> 0.90 Filesys::Df >>>>> >> >> 1.35 HTML::Entities >>>>> >> >> 3.56 HTML::Parser >>>>> >> >> 2.37 HTML::TokeParser >>>>> >> >> 1.23 IO >>>>> >> >> 1.14 IO::File >>>>> >> >> 1.13 IO::Pipe >>>>> >> >> 2.02 Mail::Header >>>>> >> >> 1.86 Math::BigInt >>>>> >> >> 0.19 Math::BigRat >>>>> >> >> 3.07 MIME::Base64 >>>>> >> >> 5.425 MIME::Decoder >>>>> >> >> 5.425 MIME::Decoder::UU >>>>> >> >> 5.425 MIME::Head >>>>> >> >> 5.425 MIME::Parser >>>>> >> >> 3.07 MIME::QuotedPrint >>>>> >> >> 5.425 MIME::Tools >>>>> >> >> 0.11 Net::CIDR >>>>> >> >> 1.25 Net::IP >>>>> >> >> 0.16 OLE::Storage_Lite >>>>> >> >> 1.04 Pod::Escapes >>>>> >> >> 3.05 Pod::Simple >>>>> >> >> 1.09 POSIX >>>>> >> >> 1.19 Scalar::Util >>>>> >> >> 1.78 Socket >>>>> >> >> 2.15 Storable >>>>> >> >> 1.4 Sys::Hostname::Long >>>>> >> >> 0.18 Sys::Syslog >>>>> >> >> 1.26 Test::Pod >>>>> >> >> 0.78 Test::Simple >>>>> >> >> 1.86 Time::HiRes >>>>> >> >> 1.02 Time::localtime >>>>> >> >> >>>>> >> >> Optional module versions are: >>>>> >> >> 1.34 Archive::Tar >>>>> >> >> 0.21 bignum >>>>> >> >> 1.82 Business::ISBN >>>>> >> >> 1.10 Business::ISBN::Data >>>>> >> >> 1.08 Data::Dump >>>>> >> >> 1.815 DB_File >>>>> >> >> 1.14 DBD::SQLite >>>>> >> >> 1.58 DBI >>>>> >> >> 1.15 Digest >>>>> >> >> 1.01 Digest::HMAC >>>>> >> >> 2.36 Digest::MD5 >>>>> >> >> 2.11 Digest::SHA1 >>>>> >> >> 1.00 Encode::Detect >>>>> >> >> 0.17010 Error >>>>> >> >> 0.18 ExtUtils::CBuilder >>>>> >> >> 2.18 ExtUtils::ParseXS >>>>> >> >> 2.36 Getopt::Long >>>>> >> >> 0.44 Inline >>>>> >> >> 1.08 IO::String >>>>> >> >> 1.07 IO::Zlib >>>>> >> >> 2.21 IP::Country >>>>> >> >> 0.22 Mail::ClamAV >>>>> >> >> 3.002005 Mail::SpamAssassin >>>>> >> >> v2.005 Mail::SPF >>>>> >> >> 1.999001 Mail::SPF::Query >>>>> >> >> 0.2808 Module::Build >>>>> >> >> 0.20 Net::CIDR::Lite >>>>> >> >> 0.63 Net::DNS >>>>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP >>>>> >> >> 4.004 NetAddr::IP >>>>> >> >> 1.94 Parse::RecDescent >>>>> >> >> missing SAVI >>>>> >> >> 2.64 Test::Harness >>>>> >> >> 0.95 Test::Manifest >>>>> >> >> 1.98 Text::Balanced >>>>> >> >> 1.35 URI >>>>> >> >> 0.7203 version >>>>> >> >> 0.62 YAML >>>>> >> >> >>>>> >> >> Thanks >>>>> >> >> Luciano. >>>>> >> >> >>>>> > >>>>> >> > -- >>>>> >> > MailScanner mailing list >>>>> >> > mailscanner@lists.mailscanner.info >>>>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >> > >>>>> >> > Before posting, read http://wiki.mailscanner.info/posting >>>>> >> > >>>>> >> > Support MailScanner development - buy the book off the website! >>>>> >> > >>>>> >> > -- >>>>> >> > Il messaggio e' stato analizzato alla ricerca di virus o >>>>> >> > contenuti pericolosi da MailScanner, ed e' >>>>> >> > risultato non infetto. >>>>> >> > >>>>> >> > >>>>> >> >>>>> >> HI Martin, >>>>> >> Lock Type = flock >>>>> >> ... for test my ideas ... >>>>> >> >>>>> >> I've setup this Mailscanner box for my client and >>>>> >> i' ve reboot the machine friday at 18:45 with new params. >>>>> >> Now i'm checking logs and i see Mailscanner pickup messages >>>>> >> from Sunday at >>>>> >> 15:00. None first! >>>>> >> MailScanner needs more time for starting up? >>>>> >> >>>>> >> I' ve put >>>>> >> Lock Type = >>>>> >> now and >>>>> >> 'service MailScanner restart'. >>>>> >> Thank you. >>>>> >> L. >>>>> >> >>>>> >> >>>>> > >>>>> > Hi >>>>> > >>>>> > Anything in the maillog reguarding mailScanner??? >>>>> > >>>>> > Should only take a few seconds to get going. >>>>> > >>>>> > I'd drop to debug and see if you can spot anything. >>>>> > >>>>> > >>>>> > -- >>>>> > Martin Hepworth >>>>> > Snr Systems Administrator >>>>> > Solid State Logic >>>>> > Tel: +44 (0)1865 842300 >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ********************************************************************** >>>>> >>>>> > Confidentiality : This e-mail and any attachments are >>>>> intended for the >>>>> > addressee only and may be confidential. If they come to you in >>>>> error >>>>> > you must take no action based on them, nor must you copy or >>>>> show them >>>>> > to anyone. Please advise the sender by replying to this e-mail >>>>> > immediately and then delete the original from your computer. >>>>> > Opinion : Any opinions expressed in this e-mail are >>>>> entirely those of >>>>> > the author and unless specifically stated to the contrary, are not >>>>> > necessarily those of the author's employer. >>>>> > Security Warning : Internet e-mail is not necessarily a secure >>>>> > communications medium and can be subject to data >>>>> corruption. We advise >>>>> > that you consider this fact when e-mailing us. >>>>> > Viruses : We have taken steps to ensure that this e-mail and any >>>>> > attachments are free from known viruses but in keeping with good >>>>> > computing practice, you should ensure that they are virus free. >>>>> > >>>>> > Red Lion 49 Ltd T/A Solid State Logic >>>>> > Registered as a limited company in England and Wales >>>>> > (Company No:5362730) >>>>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>>> > United Kingdom >>>>> > >>>>> ********************************************************************** >>>>> >>>>> > >>>>> > -- >>>>> > MailScanner mailing list >>>>> > mailscanner@lists.mailscanner.info >>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> > >>>>> > Before posting, read http://wiki.mailscanner.info/posting >>>>> > >>>>> > Support MailScanner development - buy the book off the website! >>>>> > >>>>> > -- >>>>> > Il messaggio e' stato analizzato alla ricerca di virus o >>>>> > contenuti pericolosi da MailScanner, ed e' >>>>> > risultato non infetto. >>>>> > >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> Il messaggio e' stato analizzato alla ricerca di virus o >>>>> contenuti pericolosi da MailScanner, ed e' >>>>> risultato non infetto. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> Confidentiality : This e-mail and any attachments are intended for the >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show them >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those of >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We advise >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> ********************************************************************** >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Il messaggio e' stato analizzato alla ricerca di virus o >>>> contenuti pericolosi da MailScanner, ed e' >>>> risultato non infetto. >>>> >>>> >>> >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner, ed e' >> risultato non infetto. >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Mon Jul 7 15:40:19 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jul 7 15:40:29 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com> <48721BA8.4060507@ecs.soton.ac.uk> Message-ID: <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> On Mon, Jul 7, 2008 at 4:15 PM, Luciano Grego wrote: > Hi, > Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) plus > reboot the machine many times. > The strange things is: > LOCK TYPE = flock + reboot > Mailscanner see the messages ( with errors ), here the mail log: > > Jul 6 15:54:39 mail sendmail[2160]: m66DsbjM002160: > from=, size=581, class=0, nrcpts=1, > msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, daemon=Daemon0, > relay=[89.123.92.101] > Jul 6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX, > delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0, > stat=Sent > Jul 6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 messages, > 1034 bytes The "to" Sendmail line should say "stat=queued". What options are Sendmail running with? Please trim your posts, no need to repost thousands of lines over and over. -- Simone de Beauvoir - "To catch a husband is an art; to hold him is a job." From Ron.Ghetti at town.barnstable.ma.us Mon Jul 7 16:36:48 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Mon Jul 7 16:47:00 2008 Subject: Run MScanner in a virtualized environment. Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us> Running here on vmware, it took a bit of tweaking To get it to keep up when we get busy. No virus scanning as it is handled elsewhere. Although, I'd like to re-enable it but av scanning just kills it. The network load factor is generally all the spam attempts. I think it's dropping about 10 - 20,000 connections a day. Here are some numbers. There were 2,110 Messages Sent from internal Users. There were 0 virus infected messages removed. There were 12,814 Total messages Recieved. There were 4,072 Messages Delivered. There were 6,981 messages marked as spam. There were 7,794 Messages rejected due to bad recipients. There were 323 Messages rejected due to bad Sender Addresses (Domain Not Found) There were 996 Messages rejected due to embedded-attached images ( image spam ) There were 4 Attempted Message Relays. There were 13,379 Connections Dropped. There were 22,505 rejected in Total. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Tuesday, July 01, 2008 2:53 PM To: MailScanner discussion Subject: OT: Run MScanner in a virtualized environment. Hi guys, i know that it's not recomendable to run MS on virtualized HW because of it's high cpu/io load. However, i'm doing some research because my boss required it. What products do you think that will work best? VMware? Xen? The objective is that it has to be simple and quick to deploy. Also will be useful in case the HW dies, so you quickly can have the emails flowing (may be with delay, but working), until HW gets repaired. We all know that installing MS servers takes a while, so having a pre-installed image will reduce times. Any thoughts? Everything will be appreciated. Eduardo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Jul 7 16:58:39 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 16:58:51 2008 Subject: Run MScanner in a virtualized environment. In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us> Message-ID: Interesting - spamassassin tends to be heavier than virus scanning these days. I guess the two together could be the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ghetti, Ron > Sent: 07 July 2008 16:37 > To: MailScanner discussion > Subject: RE: Run MScanner in a virtualized environment. > > > Running here on vmware, it took a bit of tweaking To get it > to keep up when we get busy. > No virus scanning as it is handled elsewhere. > Although, I'd like to re-enable it but av scanning just kills it. > The network load factor is generally all the spam attempts. > I think it's dropping about 10 - 20,000 connections a day. > > Here are some numbers. > > There were 2,110 Messages Sent from internal Users. > There were 0 virus infected messages removed. > There were 12,814 Total messages Recieved. > There were 4,072 Messages Delivered. > There were 6,981 messages marked as spam. > There were 7,794 Messages rejected due to bad recipients. > There were 323 Messages rejected due to bad Sender Addresses > (Domain Not > Found) > There were 996 Messages rejected due to embedded-attached > images ( image spam ) There were 4 Attempted Message Relays. > There were 13,379 Connections Dropped. > There were 22,505 rejected in Total. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Eduardo Casarero > Sent: Tuesday, July 01, 2008 2:53 PM > To: MailScanner discussion > Subject: OT: Run MScanner in a virtualized environment. > > > Hi guys, i know that it's not recomendable to run MS on > virtualized HW because of it's high cpu/io load. However, i'm > doing some research because my boss required it. > > What products do you think that will work best? VMware? Xen? > The objective is that it has to be simple and quick to > deploy. Also will be useful in case the HW dies, so you > quickly can have the emails flowing (may be with delay, but > working), until HW gets repaired. > > We all know that installing MS servers takes a while, so > having a pre-installed image will reduce times. > > Any thoughts? > > Everything will be appreciated. > > Eduardo. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Mon Jul 7 16:59:41 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 16:59:51 2008 Subject: FW: [Clamav-announce] announcing ClamAV 0.93.2 Message-ID: <3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com> -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf > Of Luca Gibelli > Sent: 07 July 2008 16:56 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.93.2 > > > Dear ClamAV users, > > This release fixes and re-enables the Petite unpacker, > improves database loading and solves some other minor issues. > > > -- > The ClamAV team (http://www.clamav.net/team) > > -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL > anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] > nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server > || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From simonmjones at gmail.com Mon Jul 7 17:13:37 2008 From: simonmjones at gmail.com (Simon Jones) Date: Mon Jul 7 17:13:46 2008 Subject: inconsistent performance Message-ID: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com> hello chaps, anyone have an idea why i'm seeing inconsistent performance on all 3 of my gateway servers? Nothing shows up errors in the maillog and MailScanner --Lint checks out ok but from time to time the machines will choke and i'll stack 2k and rising messages up in the hold queue. one day they'll work fine and the hold queue will be normal, then all of a sudden they'll start backing up. I have postfix reading from mysql for the relay_domains / relay_recipients and transport maps as well as logging to a seperate db on the same seperate db server for mailwatch. the mysql db has dual oppy's with 10gb ram so it's pretty beefy and doesn't seem to be maxed at all. the gateways run fairly heavy but are by no means topping out. I've tried dropping max children and the batch processing settings but to no avail. any ideas would be really appreciated. thanks SMJ From richard.frovarp at sendit.nodak.edu Mon Jul 7 17:17:51 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jul 7 17:18:02 2008 Subject: inconsistent performance In-Reply-To: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com> References: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com> Message-ID: <487241AF.1060601@sendit.nodak.edu> Simon Jones wrote: > hello chaps, > > anyone have an idea why i'm seeing inconsistent performance on all 3 > of my gateway servers? Nothing shows up errors in the maillog and > MailScanner --Lint checks out ok but from time to time the machines > will choke and i'll stack 2k and rising messages up in the hold queue. > > one day they'll work fine and the hold queue will be normal, then all > of a sudden they'll start backing up. > > I have postfix reading from mysql for the relay_domains / > relay_recipients and transport maps as well as logging to a seperate > db on the same seperate db server for mailwatch. > > the mysql db has dual oppy's with 10gb ram so it's pretty beefy and > doesn't seem to be maxed at all. > > the gateways run fairly heavy but are by no means topping out. I've > tried dropping max children and the batch processing settings but to > no avail. > > any ideas would be really appreciated. > > thanks > > SMJ > What about mail volume? Is it consistent across the days in question? Or, even if the numbers are the same, you might end up with bursty traffic on the days you backup, causing everything to fall behind. Botnets, mailing lists, all of that sort can drop traffic on you in one heck of a hurry at times. From kc5goi at gmail.com Mon Jul 7 17:20:36 2008 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Mon Jul 7 17:20:46 2008 Subject: Run MScanner in a virtualized environment. In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us> References: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us> Message-ID: I am running VMWare. I have allocated off 1 gig of ram with a dual core 3 GHz Xeon, it runs Postgrey, Postfix, Mailscanner, ClamAV, and Spamassassin for 100 employees. I run 4 max childern and a scan interval of 10 seconds. I do not have full stats on dropped connections. According to AWStats for this month so far: 51197 code 554 access denied 4210 code 450 DNS check failures, mailbox busy or other reasons 1286 code 550 relaying denied unknown users 13 code 999 unknown error Our mail server is very responsive and solid. The only time I see more than the 10 second scan interval as a delay is the first time an address hits Postgrey. I have Postfix running rbls for me. I prefer to deny the connection so my load in general is reduced. My rational for running in a vm is disaster recovery. I back this vm up monthly offsite. Guy On Mon, Jul 7, 2008 at 10:36 AM, Ghetti, Ron < Ron.Ghetti@town.barnstable.ma.us> wrote: > > Running here on vmware, it took a bit of tweaking > To get it to keep up when we get busy. > No virus scanning as it is handled elsewhere. > Although, I'd like to re-enable it but av scanning just kills it. > The network load factor is generally all the spam attempts. > I think it's dropping about 10 - 20,000 connections a day. > > Here are some numbers. > > There were 2,110 Messages Sent from internal Users. > There were 0 virus infected messages removed. > There were 12,814 Total messages Recieved. > There were 4,072 Messages Delivered. > There were 6,981 messages marked as spam. > There were 7,794 Messages rejected due to bad recipients. > There were 323 Messages rejected due to bad Sender Addresses (Domain Not > Found) > There were 996 Messages rejected due to embedded-attached images ( image > spam ) > There were 4 Attempted Message Relays. > There were 13,379 Connections Dropped. > There were 22,505 rejected in Total. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo > Casarero > Sent: Tuesday, July 01, 2008 2:53 PM > To: MailScanner discussion > Subject: OT: Run MScanner in a virtualized environment. > > > Hi guys, i know that it's not recomendable to run MS on virtualized HW > because of it's high cpu/io load. However, i'm doing some research > because my boss required it. > > What products do you think that will work best? VMware? Xen? The > objective is that it has to be simple and quick to deploy. Also will > be useful in case the HW dies, so you quickly can have the emails > flowing (may be with delay, but working), until HW gets repaired. > > We all know that installing MS servers takes a while, so having a > pre-installed image will reduce times. > > Any thoughts? > > Everything will be appreciated. > > Eduardo. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/3aa5ec95/attachment.html From Ron.Ghetti at town.barnstable.ma.us Mon Jul 7 17:22:26 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Mon Jul 7 17:21:22 2008 Subject: Run MScanner in a virtualized environment. Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us> Well I will say that it could be my impementation Of clam, I've heard tell that it can be setup as a Daemon and that will reduce overhead, however I've no idea how. At the time we went with the defaults. I think this brought the overhead up past the breaking point for us. Again, I would like to re-enable it if I could find A good resource on how to set it up for my specifics. Thanks -Ron -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Monday, July 07, 2008 11:59 AM To: MailScanner discussion Subject: RE: Run MScanner in a virtualized environment. Interesting - spamassassin tends to be heavier than virus scanning these days. I guess the two together could be the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ghetti, Ron > Sent: 07 July 2008 16:37 > To: MailScanner discussion > Subject: RE: Run MScanner in a virtualized environment. > > > Running here on vmware, it took a bit of tweaking To get it > to keep up when we get busy. > No virus scanning as it is handled elsewhere. > Although, I'd like to re-enable it but av scanning just kills it. > The network load factor is generally all the spam attempts. > I think it's dropping about 10 - 20,000 connections a day. > > Here are some numbers. > > There were 2,110 Messages Sent from internal Users. > There were 0 virus infected messages removed. > There were 12,814 Total messages Recieved. > There were 4,072 Messages Delivered. > There were 6,981 messages marked as spam. > There were 7,794 Messages rejected due to bad recipients. > There were 323 Messages rejected due to bad Sender Addresses > (Domain Not > Found) > There were 996 Messages rejected due to embedded-attached > images ( image spam ) There were 4 Attempted Message Relays. > There were 13,379 Connections Dropped. > There were 22,505 rejected in Total. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Eduardo Casarero > Sent: Tuesday, July 01, 2008 2:53 PM > To: MailScanner discussion > Subject: OT: Run MScanner in a virtualized environment. > > > Hi guys, i know that it's not recomendable to run MS on > virtualized HW because of it's high cpu/io load. However, i'm > doing some research because my boss required it. > > What products do you think that will work best? VMware? Xen? > The objective is that it has to be simple and quick to > deploy. Also will be useful in case the HW dies, so you > quickly can have the emails flowing (may be with delay, but > working), until HW gets repaired. > > We all know that installing MS servers takes a while, so > having a pre-installed image will reduce times. > > Any thoughts? > > Everything will be appreciated. > > Eduardo. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 7 17:40:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 7 17:40:52 2008 Subject: FW: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: References: Message-ID: <487246FB.2060504@ecs.soton.ac.uk> I have updated the ClamAV+SpamAssassin package on www.mailscanner.info. Martin.Hepworth wrote: > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: clamav-announce-bounces@lists.clamav.net >> [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf >> Of Luca Gibelli >> Sent: 07 July 2008 16:56 >> To: ClamAV Announce >> Subject: [Clamav-announce] announcing ClamAV 0.93.2 >> >> >> Dear ClamAV users, >> >> This release fixes and re-enables the Petite unpacker, >> improves database loading and solves some other minor issues. >> >> >> -- >> The ClamAV team (http://www.clamav.net/team) >> >> -- >> Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL >> anti-virus toolkit >> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] >> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server >> || http://www.clamav.net/gpg/luca.gpg >> _______________________________________________ >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simonmjones at gmail.com Mon Jul 7 17:46:11 2008 From: simonmjones at gmail.com (Simon Jones) Date: Mon Jul 7 17:46:21 2008 Subject: inconsistent performance In-Reply-To: <487241AF.1060601@sendit.nodak.edu> References: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com> <487241AF.1060601@sendit.nodak.edu> Message-ID: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com> Could be I guess, netstat just shows up the usual mass of smtp connections - it's just really odd why it's ok on the most part but as soon as somthing triggers a choke they all start backing the queue up with messages. I'll do some more checking around. thanks Richard SMJ 2008/7/7 Richard Frovarp : > Simon Jones wrote: >> >> hello chaps, >> >> anyone have an idea why i'm seeing inconsistent performance on all 3 >> of my gateway servers? Nothing shows up errors in the maillog and >> MailScanner --Lint checks out ok but from time to time the machines >> will choke and i'll stack 2k and rising messages up in the hold queue. >> >> one day they'll work fine and the hold queue will be normal, then all >> of a sudden they'll start backing up. >> >> I have postfix reading from mysql for the relay_domains / >> relay_recipients and transport maps as well as logging to a seperate >> db on the same seperate db server for mailwatch. >> >> the mysql db has dual oppy's with 10gb ram so it's pretty beefy and >> doesn't seem to be maxed at all. >> >> the gateways run fairly heavy but are by no means topping out. I've >> tried dropping max children and the batch processing settings but to >> no avail. >> >> any ideas would be really appreciated. >> >> thanks >> >> SMJ >> > > What about mail volume? Is it consistent across the days in question? Or, > even if the numbers are the same, you might end up with bursty traffic on > the days you backup, causing everything to fall behind. Botnets, mailing > lists, all of that sort can drop traffic on you in one heck of a hurry at > times. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at rtpty.com Mon Jul 7 17:51:42 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jul 7 17:52:01 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <487246FB.2060504@ecs.soton.ac.uk> References: <487246FB.2060504@ecs.soton.ac.uk> Message-ID: <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> If you ever do it any sooner, you're likely to cause a temporal paradox!! Cheers, Sent from my iPhone On Jul 7, 2008, at 11:40 AM, Julian Field wrote: > I have updated the ClamAV+SpamAssassin package on > www.mailscanner.info. > > Martin.Hepworth wrote: >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: clamav-announce-bounces@lists.clamav.net >>> [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf >>> Of Luca Gibelli >>> Sent: 07 July 2008 16:56 >>> To: ClamAV Announce >>> Subject: [Clamav-announce] announcing ClamAV 0.93.2 >>> >>> >>> Dear ClamAV users, >>> >>> This release fixes and re-enables the Petite unpacker, >>> improves database loading and solves some other minor issues. >>> >>> >>> -- >>> The ClamAV team (http://www.clamav.net/team) >>> >>> -- >>> Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL >>> anti-virus toolkit >>> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] >>> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server >>> || http://www.clamav.net/gpg/luca.gpg >>> _______________________________________________ >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce >>> >>> >> >> >> >> >> *** >> ******************************************************************* >> Confidentiality : This e-mail and any attachments are intended for >> the addressee only and may be confidential. If they come to you in >> error you must take no action based on them, nor must you copy or >> show them to anyone. Please advise the sender by replying to this e- >> mail immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those >> of the author and unless specifically stated to the contrary, are >> not necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We >> advise that you consider this fact when e-mailing us. Viruses : We >> have taken steps to ensure that this e-mail and any attachments are >> free from known viruses but in keeping with good computing >> practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales (Company No: >> 5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> *** >> ******************************************************************* >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Jul 7 17:53:29 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 7 17:53:40 2008 Subject: inconsistent performance In-Reply-To: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com> Message-ID: <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com> Simon What RBL's you using? Could be one of them backing up - eg spamhaus tend to slow down their feed if you go over the 'free' limit. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Simon Jones > Sent: 07 July 2008 17:46 > To: MailScanner discussion > Subject: Re: inconsistent performance > > Could be I guess, netstat just shows up the usual mass of > smtp connections - it's just really odd why it's ok on the > most part but as soon as somthing triggers a choke they all > start backing the queue up with messages. > > I'll do some more checking around. > > thanks Richard > > SMJ > > 2008/7/7 Richard Frovarp : > > Simon Jones wrote: > >> > >> hello chaps, > >> > >> anyone have an idea why i'm seeing inconsistent > performance on all 3 > >> of my gateway servers? Nothing shows up errors in the maillog and > >> MailScanner --Lint checks out ok but from time to time the > machines > >> will choke and i'll stack 2k and rising messages up in the > hold queue. > >> > >> one day they'll work fine and the hold queue will be > normal, then all > >> of a sudden they'll start backing up. > >> > >> I have postfix reading from mysql for the relay_domains / > >> relay_recipients and transport maps as well as logging to > a seperate > >> db on the same seperate db server for mailwatch. > >> > >> the mysql db has dual oppy's with 10gb ram so it's pretty > beefy and > >> doesn't seem to be maxed at all. > >> > >> the gateways run fairly heavy but are by no means topping > out. I've > >> tried dropping max children and the batch processing > settings but to > >> no avail. > >> > >> any ideas would be really appreciated. > >> > >> thanks > >> > >> SMJ > >> > > > > What about mail volume? Is it consistent across the days in > question? > > Or, even if the numbers are the same, you might end up with bursty > > traffic on the days you backup, causing everything to fall behind. > > Botnets, mailing lists, all of that sort can drop traffic on you in > > one heck of a hurry at times. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Mon Jul 7 18:04:03 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jul 7 18:04:13 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> Message-ID: <48724C83.9070208@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | If you ever do it any sooner, you're likely to cause a temporal paradox!! Next thing Jules will prove that the speed of light is just a conveniant legal limit and you can exceed it as you please if you are ready to pay ~ the fine. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIckyBBvzDRVjxmYERAgG8AJ9isUQ7t8cAsOs94w1ide+ron5KMQCfZFJp RP8k0of54RlIqKSRGSGquxo= =qvoG -----END PGP SIGNATURE----- From gregg at mochabomb.com Mon Jul 7 18:08:09 2008 From: gregg at mochabomb.com (Gregg Lain) Date: Mon Jul 7 18:08:42 2008 Subject: yum update on CentOS 5.2 broke MailScanner + many other perl programs Message-ID: <48724D79.3020308@mochabomb.com> After 2 days of a half-broken mail config (where decoupled MailScanner from Postfix) thought I'd share what got it working again: 1. Decoupled MailScanner from Postfix - comment out header_checks in main.cf - now Postfix worked w/o scanning but received emails - since I process less than 500/day and most spam is handled at the MTA level, was not a signif difference.. 2. Edit vi /usr/lib/perl5/site_perl/5.8.8/Errno.pm and change line to match my install from perl -V | grep osvers "$Config{'archname'}-$Config{'osvers'}" eq #"x86_64-linux-thread-multi-2.6.9-42.0.3.elsmp" or "x86_64-linux-thread-multi-2.6.18-53.el5" or die "Errno architecture (x86_64-linux-thread-multi-2.6.9-42.0.3.elsmp) does not match executable architecture ($Config{'archname'}-$Config{'osvers'})"; 3. From cpan: force install Scalar::Util install OLE::Storage_Lite force install Test::Harness install IO 4. Restart MailScanner - it was ok, so then undo the Postfix changes and back in business.. From simonmjones at gmail.com Mon Jul 7 18:13:12 2008 From: simonmjones at gmail.com (Simon Jones) Date: Mon Jul 7 18:13:22 2008 Subject: inconsistent performance In-Reply-To: <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com> References: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com> <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com> Message-ID: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com> here's my spam.lists.conf # This file translates the names of the spam lists and spam domains lists # into the real DNS domains to search. # There is a far more comprehensive list of these at # http://www.declude.com/JunkMail/Support/ip4r.htm # and you can easily search them all at www.DNSstuff.com. # If you want to search other DNSBL's you will need to define them here first, # before referring to them by name in mailscanner.conf (or a rules file). spamhaus.org sbl.spamhaus.org. spamhaus-XBL xbl.spamhaus.org. spamhaus-PBL pbl.spamhaus.org. spamhaus-ZEN zen.spamhaus.org. SBL+XBL sbl-xbl.spamhaus.org. spamcop.net bl.spamcop.net. NJABL dnsbl.njabl.org. # ORDB has been shut down. # ORDB-RBL relays.ordb.org. #Infinite-Monkeys proxies.relays.monkeys.com. #osirusoft.com relays.osirusoft.com. # These two lists are now dead and must not be used. # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. MAPS-RBL blackholes.mail-abuse.org. MAPS-DUL dialups.mail-abuse.org. MAPS-RSS relays.mail-abuse.org. # This next line works for JANET UK Academic sites only MAPS-RBL+ rbl-plus.mail-abuse.ja.net. # And build a similar list for the RBL domains that work on the name # of the domain rather than the IP address of the exact machine that # is listed. This way the RBL controllers can blacklist entire # domains very quickly and easily. # These aren't used by default, as they slow down MailScanner quite a bit. RFC-IGNORANT-DSN dsn.rfc-ignorant.org. RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. # Easynet are closing down, so don't use these any more Easynet-DNSBL blackholes.easynet.nl. Easynet-Proxies proxies.blackholes.easynet.nl. Easynet-Dynablock dynablock.easynet.nl. # This list is now dead and must not be used. #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. # These folks are still going strong SORBS-DNSBL dnsbl.sorbs.net. SORBS-HTTP http.dnsbl.sorbs.net. SORBS-SOCKS socks.dnsbl.sorbs.net. SORBS-MISC misc.dnsbl.sorbs.net. SORBS-SMTP smtp.dnsbl.sorbs.net. SORBS-WEB web.dnsbl.sorbs.net. SORBS-SPAM spam.dnsbl.sorbs.net. SORBS-BLOCK block.dnsbl.sorbs.net. SORBS-ZOMBIE zombie.dnsbl.sorbs.net. SORBS-DUL dul.dnsbl.sorbs.net. SORBS-RHSBL rhsbl.sorbs.net. # These next 2 are "Spam Domain List" entries and not "Spam List"s SORBS-BADCONF badconf.rhsbl.sorbs.net. SORBS-NOMAIL nomail.rhsbl.sorbs.net. # Some other good lists CBL cbl.abuseat.org. DSBL list.dsbl.org. 2008/7/7 Martin.Hepworth : > Simon > > What RBL's you using? Could be one of them backing up - eg spamhaus tend to slow down their feed if you go over the 'free' limit. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Simon Jones >> Sent: 07 July 2008 17:46 >> To: MailScanner discussion >> Subject: Re: inconsistent performance >> >> Could be I guess, netstat just shows up the usual mass of >> smtp connections - it's just really odd why it's ok on the >> most part but as soon as somthing triggers a choke they all >> start backing the queue up with messages. >> >> I'll do some more checking around. >> >> thanks Richard >> >> SMJ >> >> 2008/7/7 Richard Frovarp : >> > Simon Jones wrote: >> >> >> >> hello chaps, >> >> >> >> anyone have an idea why i'm seeing inconsistent >> performance on all 3 >> >> of my gateway servers? Nothing shows up errors in the maillog and >> >> MailScanner --Lint checks out ok but from time to time the >> machines >> >> will choke and i'll stack 2k and rising messages up in the >> hold queue. >> >> >> >> one day they'll work fine and the hold queue will be >> normal, then all >> >> of a sudden they'll start backing up. >> >> >> >> I have postfix reading from mysql for the relay_domains / >> >> relay_recipients and transport maps as well as logging to >> a seperate >> >> db on the same seperate db server for mailwatch. >> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty >> beefy and >> >> doesn't seem to be maxed at all. >> >> >> >> the gateways run fairly heavy but are by no means topping >> out. I've >> >> tried dropping max children and the batch processing >> settings but to >> >> no avail. >> >> >> >> any ideas would be really appreciated. >> >> >> >> thanks >> >> >> >> SMJ >> >> >> > >> > What about mail volume? Is it consistent across the days in >> question? >> > Or, even if the numbers are the same, you might end up with bursty >> > traffic on the days you backup, causing everything to fall behind. >> > Botnets, mailing lists, all of that sort can drop traffic on you in >> > one heck of a hurry at times. >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Mon Jul 7 18:50:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 7 18:51:40 2008 Subject: Non-English testers? In-Reply-To: <20080707122658.GB19043@cgi.jachomes.com> References: <486D352F.1040002@ecs.soton.ac.uk> <486D3C1B.9090604@ecs.soton.ac.uk> <20080707122658.GB19043@cgi.jachomes.com> Message-ID: on 7-7-2008 5:26 AM Jay R. Ashworth spake the following: > On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote: >> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't >> support them. If anyone has a way of managing to read them, I would be >> very interested to hear it. Or even just some helpful ideas. > > But, but... .docx is this wonderful, open, XML based file format that's > easy to parse. Right? I mean, that's what Microsoft has been telling > us... > > :-) > > Cheers, > -- jra I think that one needed a winking smily ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/839a933f/signature.bin From doc at maddoc.net Mon Jul 7 18:59:27 2008 From: doc at maddoc.net (Doc Schneider) Date: Mon Jul 7 18:59:44 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <48724C83.9070208@vanderkooij.org> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> <48724C83.9070208@vanderkooij.org> Message-ID: <4872597F.8010807@maddoc.net> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Neuman wrote: > | If you ever do it any sooner, you're likely to cause a temporal paradox!! > > Next thing Jules will prove that the speed of light is just a conveniant > legal limit and you can exceed it as you please if you are ready to pay > ~ the fine. > > Hugo. This just in: Folks, A problem has been found in 0.93.2 and it has to be withdrawn. Please do not use it. We are working on a fix as a top priority. Sorry for the inconvenience. -Nigel Horne -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From dominian at slackadelic.com Mon Jul 7 19:04:09 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Mon Jul 7 19:04:23 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <4872597F.8010807@maddoc.net> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> <48724C83.9070208@vanderkooij.org> <4872597F.8010807@maddoc.net> Message-ID: <48725A99.3070003@slackadelic.com> Doc Schneider wrote: > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Alex Neuman wrote: >> | If you ever do it any sooner, you're likely to cause a temporal >> paradox!! >> >> Next thing Jules will prove that the speed of light is just a conveniant >> legal limit and you can exceed it as you please if you are ready to pay >> ~ the fine. >> >> Hugo. > > This just in: > > > Folks, > > A problem has been found in 0.93.2 and it has to be withdrawn. Please do > not use it. We are working on a fix as a top priority. > > Sorry for the inconvenience. > > -Nigel Horne > > > > What is the issue? -Matt From alex at rtpty.com Mon Jul 7 19:04:34 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jul 7 19:04:54 2008 Subject: Non-English testers? In-Reply-To: References: <486D352F.1040002@ecs.soton.ac.uk> <486D3C1B.9090604@ecs.soton.ac.uk> <20080707122658.GB19043@cgi.jachomes.com> Message-ID: More like a smiley that's laughing his toches off, if you'll pardon the Yiddish... Like X-D Sent from my iPhone On Jul 7, 2008, at 12:50 PM, Scott Silva wrote: > on 7-7-2008 5:26 AM Jay R. Ashworth spake the following: >> On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote: >>> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword >>> doesn't support them. If anyone has a way of managing to read >>> them, I would be very interested to hear it. Or even just some >>> helpful ideas. >> But, but... .docx is this wonderful, open, XML based file format >> that's >> easy to parse. Right? I mean, that's what Microsoft has been >> telling >> us... >> :-) >> Cheers, >> -- jra > I think that one needed a winking smily ;-) > > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at adventuras.no Mon Jul 7 19:04:58 2008 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Jul 7 19:05:12 2008 Subject: HEADS UP: [Fwd: [Clamav-users] 0.93.2] Message-ID: <48725ACA.5070403@adventuras.no> FYI -------- Opprinnelig melding -------- Emne: [Clamav-users] 0.93.2 Dato: Mon, 07 Jul 2008 18:48:25 +0100 Fra: Nigel Horne Svar-Til: ClamAV users ML Organisasjon: NJH Music Til: ClamAV users ML Folks, A problem has been found in 0.93.2 and it has to be withdrawn. Please do not use it. We are working on a fix as a top priority. Sorry for the inconvenience. -Nigel Horne -- Come to Las Vegas to see the latest in Sourcefire and open source innovation. Register at www.bossconference.com by September 30th to save $200! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/e695afec/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Jul 7 19:09:08 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jul 7 19:09:18 2008 Subject: Whitelists Still Not Working? In-Reply-To: <486EDC9F.3040504@openenterprise.ca> References: <486D681C.4080104@openenterprise.ca> <486EDC9F.3040504@openenterprise.ca> Message-ID: On the MTA it's a milter - I use sendmail. Since Postfix does milters now too, I expect there's a way to add it in there also. I'm running smfspf but there are other versions available as well. See http://www.openspf.org/ I believe it's tied into spamassassin, so you'd turn it on/off in there. I think you'd just set the scores to 0 in the spam.assassin.prefs.conf. I found the ruleset in /var/lib/spamassassin/3.002004/25_spf.cf but don't edit it there as it will be lost after an update. If you're not publishing spf records in your dns, think about adding them. HTH... ...Kevin Johnny Stork wrote: > I dont think I have SPF running and had been planning to look into it > at some time in the future. Where should/could I check to be sure? > > Kevin Miller wrote: >> Johnny Stork wrote: >> >>> X-Assp-Received-SPF: pass - Please see >>> >>> >> http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a% >> 40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam: >> >>> 208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19; >>> >> >> I'm not sure that it's MailScanner/Spamassassin/MailWatch that's >> doing the neferious deed Johnny. Following the link in the headers >> it looks like SPF is scrunching the message, but can't explain why. >> It knows it shouldn't. >> >> Do you have the luxury of running SPF on your MTA and turning it off >> in mailscanner/spamassassin and seeing how that goes? >> >> ...Kevin ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From doc at maddoc.net Mon Jul 7 19:10:30 2008 From: doc at maddoc.net (Doc Schneider) Date: Mon Jul 7 19:10:47 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <48725A99.3070003@slackadelic.com> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> <48724C83.9070208@vanderkooij.org> <4872597F.8010807@maddoc.net> <48725A99.3070003@slackadelic.com> Message-ID: <48725C16.9040209@maddoc.net> Matt Hayes wrote: > Doc Schneider wrote: >> Hugo van der Kooij wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Alex Neuman wrote: >>> | If you ever do it any sooner, you're likely to cause a temporal >>> paradox!! >>> >>> Next thing Jules will prove that the speed of light is just a conveniant >>> legal limit and you can exceed it as you please if you are ready to pay >>> ~ the fine. >>> >>> Hugo. >> >> This just in: >> >> >> Folks, >> >> A problem has been found in 0.93.2 and it has to be withdrawn. Please do >> not use it. We are working on a fix as a top priority. >> >> Sorry for the inconvenience. >> >> -Nigel Horne >> >> >> >> > > What is the issue? > > -Matt I was just passing along the message from the clamav list. Guess Jules now needs to exceed the speed of dark redoing his package! HAR! -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Mon Jul 7 19:11:01 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 7 19:12:00 2008 Subject: inconsistent performance In-Reply-To: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com> References: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com> <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com> <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com> Message-ID: on 7-7-2008 10:13 AM Simon Jones spake the following: > here's my spam.lists.conf > Every body gets that file. What spam lists have you enabled? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/6d9bddc8/signature.bin From Kevin_Miller at ci.juneau.ak.us Mon Jul 7 19:44:29 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jul 7 19:44:39 2008 Subject: Non-English testers? In-Reply-To: <20080707122658.GB19043@cgi.jachomes.com> References: <486D352F.1040002@ecs.soton.ac.uk><486D3C1B.9090604@ecs.soton.ac.uk> <20080707122658.GB19043@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote: >> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword >> doesn't support them. If anyone has a way of managing to read them, >> I would be very interested to hear it. Or even just some helpful >> ideas. > > But, but... .docx is this wonderful, open, XML based file format > that's > easy to parse. Right? I mean, that's what Microsoft has been telling > us... Yeah. And I have a nice bridge in Brooklyn that I'll sell you real cheap! ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Mon Jul 7 20:20:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 7 20:21:02 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <48725C16.9040209@maddoc.net> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> <48724C83.9070208@vanderkooij.org> <4872597F.8010807@maddoc.net> <48725A99.3070003@slackadelic.com> <48725C16.9040209@maddoc.net> Message-ID: on 7-7-2008 11:10 AM Doc Schneider spake the following: > Matt Hayes wrote: >> Doc Schneider wrote: >>> Hugo van der Kooij wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Alex Neuman wrote: >>>> | If you ever do it any sooner, you're likely to cause a temporal >>>> paradox!! >>>> >>>> Next thing Jules will prove that the speed of light is just a >>>> conveniant >>>> legal limit and you can exceed it as you please if you are ready to pay >>>> ~ the fine. >>>> >>>> Hugo. >>> >>> This just in: >>> >>> >>> Folks, >>> >>> A problem has been found in 0.93.2 and it has to be withdrawn. Please do >>> not use it. We are working on a fix as a top priority. >>> >>> Sorry for the inconvenience. >>> >>> -Nigel Horne >>> >>> >>> >>> >> >> What is the issue? >> >> -Matt > > I was just passing along the message from the clamav list. > > Guess Jules now needs to exceed the speed of dark redoing his package! HAR! > > The old package is still there, you just have to be creative with the url ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/caba7256/signature.bin From ssilva at sgvwater.com Mon Jul 7 20:22:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 7 20:25:11 2008 Subject: HEADS UP: [Fwd: [Clamav-users] 0.93.2] In-Reply-To: <48725ACA.5070403@adventuras.no> References: <48725ACA.5070403@adventuras.no> Message-ID: > > > > Folks, > > A problem has been found in 0.93.2 and it has to be withdrawn. Please do > not use it. We are working on a fix as a top priority. > > Sorry for the inconvenience. > > -Nigel Horne Another good example for not jumping to a new release on the first day. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/25795b83/signature.bin From lars+lister.mailscanner at adventuras.no Mon Jul 7 21:16:33 2008 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Jul 7 21:16:54 2008 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.93.3] Message-ID: <487279A1.3000003@adventuras.no> FYI -------- Opprinnelig melding -------- Emne: [Clamav-announce] announcing ClamAV 0.93.3 Dato: Mon, 7 Jul 2008 21:42:35 +0200 Fra: Luca Gibelli Svar-Til: noreply@clamav.net Til: ClamAV Announce Referanser: <20080707155612.GA28395@adsl.nervous.it> Dear ClamAV users, This release fixes a problem in handling of .cld files introduced in 0.93.2. -- The ClamAV team (http://www.clamav.net/team) Best regards From davejones70 at gmail.com Mon Jul 7 21:28:40 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Jul 7 21:28:50 2008 Subject: inconsistent performance Message-ID: <67a55ed50807071328j465e965bwaf182a07ce4604f1@mail.gmail.com> >Could be I guess, netstat just shows up the usual mass of smtp >connections - it's just really odd why it's ok on the most part but as >soon as somthing triggers a choke they all start backing the queue up >with messages. > >I'll do some more checking around. > >thanks Richard > >SMJ > >2008/7/7 Richard Frovarp : >> Simon Jones wrote: >>> >>> hello chaps, >>> >>> anyone have an idea why i'm seeing inconsistent performance on all 3 >>> of my gateway servers? Nothing shows up errors in the maillog and >>> MailScanner --Lint checks out ok but from time to time the machines >>> will choke and i'll stack 2k and rising messages up in the hold queue. >>> >>> one day they'll work fine and the hold queue will be normal, then all >>> of a sudden they'll start backing up. >>> >>> I have postfix reading from mysql for the relay_domains / >>> relay_recipients and transport maps as well as logging to a seperate >>> db on the same seperate db server for mailwatch. >>> >>> the mysql db has dual oppy's with 10gb ram so it's pretty beefy and >>> doesn't seem to be maxed at all. >>> >>> the gateways run fairly heavy but are by no means topping out. I've >>> tried dropping max children and the batch processing settings but to >>> no avail. >>> >>> any ideas would be really appreciated. >>> >>> thanks >>> >>> SMJ >>> >> >> What about mail volume? Is it consistent across the days in question? Or, >> even if the numbers are the same, you might end up with bursty traffic on >> the days you backup, causing everything to fall behind. Botnets, mailing >> lists, all of that sort can drop traffic on you in one heck of a hurry at >> times. > -- You might want to put Munin on the boxes to quickly get some high-level charts across all 3 boxes to see trending over time. We have Munin local to each box so we can check general performance info when something like this comes up. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/7084843d/attachment.html From Rich.West at wesmo.com Tue Jul 8 00:51:27 2008 From: Rich.West at wesmo.com (Rich West) Date: Tue Jul 8 00:51:37 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> <486B2EEB.8020502@anymore.nl> Message-ID: <4872ABFF.1040600@wesmo.com> Ugo Bellavance wrote: > Arjan Schrijver wrote: >> Anthony Cartmell wrote: >>>> Hi guys, i know that it's not recomendable to run MS on virtualized HW >>>> because of it's high cpu/io load. However, i'm doing some research >>>> because my boss required it. >>> >>> I have it running on a high-powered Xen VPS (with 2G RAM available >>> and eight processor cores shared between the VPS instances) and it >>> works fine. Only processing ~800 messages per day so probably not a >>> very useful test though. I'll be moving more mail through it soon, >>> so might get to see how well it works then. My other server, non VPS >>> but with the same memory but only twin processors, manages 10,000 >>> messages per day without much problem. >>> >> Running OpenVZ here (no performance impact), on 4 virtual MailScanner >> servers. They each process about 40.000 messages a day, through both >> SpamAssassin and ClamAV. The hardware consists of four servers with >> 4x2GHz cores and 2GB RAM. Each server runs one container. The >> performance is exactly the same as when the same servers were running >> MailScanner natively (not virtualized). >> But this is of course only possible with OpenVZ or Virtuozzo, because >> it doesn't virtualize the complete hardware but only the kernel. > > I also use OpenVZ, about 40 000 emails/day on that gateway, about 800 > 000 smtp connects/day (using BarricadeMX). > > The server is a quad core xeon, and runs this MailScanner system and > an asterisk PBX. > > Ugo We're running MailScanner + Spamassassin + Clamd + milter-greylist under VMware ESX on an IBM BladeCenter. We're only averaging about 4-6k messages per day, and the CPU / memory utilization never creeps up too high. I'd say it's averaged around 1.3GB of memory and minimal CPU usage. And it runs just fine. :) -Rich From nwp at nz.lemon-computing.com Tue Jul 8 00:58:47 2008 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Tue Jul 8 00:59:03 2008 Subject: Phishing Links In-Reply-To: <20080707122437.GA19043@cgi.jachomes.com> References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> <20080707122437.GA19043@cgi.jachomes.com> Message-ID: On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote: > > Indeed; this is a topic the RISKS Digest covers fairly often: lots of > legitimate organizations sub out their emailing, to companies that > aren't smart enough to not make legit emails *look* like phishes. Or indeed who *are* smart enough to realise that we care about this more than they do, which allows them to shit all over their own doorstep and have us clean up the mess :-( In other words, block the buggers and they might think about stopping. Cheers, Nick From rcooper at dwford.com Tue Jul 8 01:34:48 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jul 8 01:35:03 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.2 In-Reply-To: <48725A99.3070003@slackadelic.com> References: <487246FB.2060504@ecs.soton.ac.uk> <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com> <48724C83.9070208@vanderkooij.org><4872597F.8010807@maddoc.net> <48725A99.3070003@slackadelic.com> Message-ID: <8852E8728FE94E88A4E169B6712588E6@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Matt Hayes > Sent: Monday, July 07, 2008 2:04 PM > To: MailScanner discussion > Subject: Re: [Clamav-announce] announcing ClamAV 0.93.2 > > Doc Schneider wrote: > > Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Alex Neuman wrote: > >> | If you ever do it any sooner, you're likely to cause a temporal > >> paradox!! > >> > >> Next thing Jules will prove that the speed of light is > just a conveniant > >> legal limit and you can exceed it as you please if you > are ready to pay > >> ~ the fine. > >> > >> Hugo. > > > > This just in: > > > > > > Folks, > > > > A problem has been found in 0.93.2 and it has to be > withdrawn. Please do > > not use it. We are working on a fix as a top priority. > > > > Sorry for the inconvenience. > > > > -Nigel Horne > > > > > > > > > > What is the issue? > The daily db crashed clamd shortly after uploading. You could delete it, rerun freshclam and clamd would reload the new db and be fine for a few min and then crash and not restart. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ismail at ismailozatay.net Tue Jul 8 07:32:16 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue Jul 8 07:32:31 2008 Subject: About spam attack References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com><20080707122437.GA19043@cgi.jachomes.com> Message-ID: <8F928109DCEB4E4984F8EF3B3CD84019@pc> Hi there; I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my mailserver with lots of bad mails that include these subjects: Delivery failure. Undeliverable mail. failure notice. And also these e-mails have no sender. How can i block them ? Thanks From craig at csfs.co.za Tue Jul 8 07:48:58 2008 From: craig at csfs.co.za (Craig Retief) Date: Tue Jul 8 07:59:21 2008 Subject: About spam attack In-Reply-To: <8F928109DCEB4E4984F8EF3B3CD84019@pc> References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> <20080707122437.GA19043@cgi.jachomes.com> <8F928109DCEB4E4984F8EF3B3CD84019@pc> Message-ID: <1215499738.9506.1.camel@cX> On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: > Hi there; > > I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my > mailserver with lots of bad mails that include these subjects: > > Delivery failure. > Undeliverable mail. > failure notice. > > And also these e-mails have no sender. > > How can i block them ? Take a look at Jule's watermark feature that is included in the newest MailScanner for Download.... Cheers Craig > > Thanks > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/f9224d6f/attachment.html From ismail at ismailozatay.net Tue Jul 8 08:10:07 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue Jul 8 08:10:22 2008 Subject: About spam attack References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com><20080707122437.GA19043@cgi.jachomes.com><8F928109DCEB4E4984F8EF3B3CD84019@pc> <1215499738.9506.1.camel@cX> Message-ID: <7ADC5C5F17A64174941F6F76C0A84EC5@pc> Hi Craig; I know Watermark but my mail server and mailscanner gateway are running on different servers. My domain's mx records point mailscanner gateway then it sends mails to mail server. mail server sends outgoing mails itself. so mailscanner can not put watermark tag in outgoing mails. so if i enable watermak for this topology it do not work , is not it ? Thanks ----- Original Message ----- From: Craig Retief To: MailScanner discussion Sent: Tuesday, July 08, 2008 9:48 AM Subject: Re: About spam attack On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: Hi there; I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my mailserver with lots of bad mails that include these subjects: Delivery failure. Undeliverable mail. failure notice. And also these e-mails have no sender. How can i block them ? Take a look at Jule's watermark feature that is included in the newest MailScanner for Download.... Cheers Craig Thanks ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/779f46ce/attachment.html From martinh at solidstatelogic.com Tue Jul 8 09:14:35 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 09:14:57 2008 Subject: About spam attack In-Reply-To: <7ADC5C5F17A64174941F6F76C0A84EC5@pc> Message-ID: Correct I suggest you pass you're outgoing via the mailscanner then the watermarking will mark. You can put a rule against the spam scanning etc to not scan email from the mailserver, but at least you'll get the watermarks in there. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ismail OZATAY > Sent: 08 July 2008 08:10 > To: MailScanner discussion > Subject: Re: About spam attack > > Hi Craig; > > I know Watermark but my mail server and mailscanner gateway > are running on different servers. My domain's mx records > point mailscanner gateway then it sends mails to mail server. > mail server sends outgoing mails itself. so mailscanner can > not put watermark tag in outgoing mails. so if i enable > watermak for this topology it do not work , is not it ? > > Thanks > > ----- Original Message ----- > From: Craig Retief > To: MailScanner discussion > > Sent: Tuesday, July 08, 2008 9:48 AM > Subject: Re: About spam attack > > On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: > > Hi there; > > I use MailScanner 4.68.8 with SA 3.24. > Sometimes spammers attack my > mailserver with lots of bad mails that include > these subjects: > > Delivery failure. > Undeliverable mail. > failure notice. > > And also these e-mails have no sender. > > How can i block them ? > > Take a look at Jule's watermark feature that is > included in the newest MailScanner for Download.... > > Cheers > > Craig > > > Thanks > > > > > ________________________________ > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Tue Jul 8 09:15:43 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 09:15:58 2008 Subject: inconsistent performance In-Reply-To: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com> Message-ID: <12760a890b23b24b9293255f03dc3b32@solidstatelogic.com> Simon Not only this but what are you running in MailScanner.conf and also spamassassin. If you haven't turned any RBL's off in SA you're more than like running them all which could well account for odd performance issues. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Simon Jones > Sent: 07 July 2008 18:13 > To: MailScanner discussion > Subject: Re: inconsistent performance > > here's my spam.lists.conf > > # This file translates the names of the spam lists and spam > domains lists # into the real DNS domains to search. > > # There is a far more comprehensive list of these at # > http://www.declude.com/JunkMail/Support/ip4r.htm > # and you can easily search them all at www.DNSstuff.com. > > # If you want to search other DNSBL's you will need to define > them here first, # before referring to them by name in > mailscanner.conf (or a rules file). > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. > spamcop.net bl.spamcop.net. > NJABL dnsbl.njabl.org. > > # ORDB has been shut down. > # ORDB-RBL relays.ordb.org. > > #Infinite-Monkeys proxies.relays.monkeys.com. > #osirusoft.com relays.osirusoft.com. > # These two lists are now dead and must not be used. > > # MAPS now charge for their services, so you'll have to buy a > contract before # attempting to use the next 3 lines. > > MAPS-RBL blackholes.mail-abuse.org. > MAPS-DUL dialups.mail-abuse.org. > MAPS-RSS relays.mail-abuse.org. > > # This next line works for JANET UK Academic sites only > > MAPS-RBL+ rbl-plus.mail-abuse.ja.net. > > # And build a similar list for the RBL domains that work on > the name # of the domain rather than the IP address of the > exact machine that # is listed. This way the RBL controllers > can blacklist entire # domains very quickly and easily. > # These aren't used by default, as they slow down MailScanner > quite a bit. > > RFC-IGNORANT-DSN dsn.rfc-ignorant.org. > RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. > RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. > RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. > RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. > RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. > > # Easynet are closing down, so don't use these any more > Easynet-DNSBL blackholes.easynet.nl. > Easynet-Proxies proxies.blackholes.easynet.nl. > Easynet-Dynablock dynablock.easynet.nl. > > # This list is now dead and must not be used. > #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. > > # These folks are still going strong > SORBS-DNSBL dnsbl.sorbs.net. > SORBS-HTTP http.dnsbl.sorbs.net. > SORBS-SOCKS socks.dnsbl.sorbs.net. > SORBS-MISC misc.dnsbl.sorbs.net. > SORBS-SMTP smtp.dnsbl.sorbs.net. > SORBS-WEB web.dnsbl.sorbs.net. > SORBS-SPAM spam.dnsbl.sorbs.net. > SORBS-BLOCK block.dnsbl.sorbs.net. > SORBS-ZOMBIE zombie.dnsbl.sorbs.net. > SORBS-DUL dul.dnsbl.sorbs.net. > SORBS-RHSBL rhsbl.sorbs.net. > # These next 2 are "Spam Domain List" entries and not "Spam List"s > SORBS-BADCONF badconf.rhsbl.sorbs.net. > SORBS-NOMAIL nomail.rhsbl.sorbs.net. > > # Some other good lists > > CBL cbl.abuseat.org. > DSBL list.dsbl.org. > > 2008/7/7 Martin.Hepworth : > > Simon > > > > What RBL's you using? Could be one of them backing up - eg > spamhaus tend to slow down their feed if you go over the 'free' limit. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Simon Jones > >> Sent: 07 July 2008 17:46 > >> To: MailScanner discussion > >> Subject: Re: inconsistent performance > >> > >> Could be I guess, netstat just shows up the usual mass of smtp > >> connections - it's just really odd why it's ok on the most > part but > >> as soon as somthing triggers a choke they all start > backing the queue > >> up with messages. > >> > >> I'll do some more checking around. > >> > >> thanks Richard > >> > >> SMJ > >> > >> 2008/7/7 Richard Frovarp : > >> > Simon Jones wrote: > >> >> > >> >> hello chaps, > >> >> > >> >> anyone have an idea why i'm seeing inconsistent > >> performance on all 3 > >> >> of my gateway servers? Nothing shows up errors in the > maillog and > >> >> MailScanner --Lint checks out ok but from time to time the > >> machines > >> >> will choke and i'll stack 2k and rising messages up in the > >> hold queue. > >> >> > >> >> one day they'll work fine and the hold queue will be > >> normal, then all > >> >> of a sudden they'll start backing up. > >> >> > >> >> I have postfix reading from mysql for the relay_domains / > >> >> relay_recipients and transport maps as well as logging to > >> a seperate > >> >> db on the same seperate db server for mailwatch. > >> >> > >> >> the mysql db has dual oppy's with 10gb ram so it's pretty > >> beefy and > >> >> doesn't seem to be maxed at all. > >> >> > >> >> the gateways run fairly heavy but are by no means topping > >> out. I've > >> >> tried dropping max children and the batch processing > >> settings but to > >> >> no avail. > >> >> > >> >> any ideas would be really appreciated. > >> >> > >> >> thanks > >> >> > >> >> SMJ > >> >> > >> > > >> > What about mail volume? Is it consistent across the days in > >> question? > >> > Or, even if the numbers are the same, you might end up > with bursty > >> > traffic on the days you backup, causing everything to > fall behind. > >> > Botnets, mailing lists, all of that sort can drop > traffic on you in > >> > one heck of a hurry at times. > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 1RU, United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From simonmjones at gmail.com Tue Jul 8 09:29:52 2008 From: simonmjones at gmail.com (Simon Jones) Date: Tue Jul 8 09:30:03 2008 Subject: inconsistent performance In-Reply-To: <12760a890b23b24b9293255f03dc3b32@solidstatelogic.com> References: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com> <12760a890b23b24b9293255f03dc3b32@solidstatelogic.com> Message-ID: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com> mate, where do i find what rbl's spamassassin is checking? I thought they were in spam.lists.conf only Simon 2008/7/8 Martin.Hepworth : > Simon > > Not only this but what are you running in MailScanner.conf and also spamassassin. > > If you haven't turned any RBL's off in SA you're more than like running them all which could well account for odd performance issues. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Simon Jones >> Sent: 07 July 2008 18:13 >> To: MailScanner discussion >> Subject: Re: inconsistent performance >> >> here's my spam.lists.conf >> >> # This file translates the names of the spam lists and spam >> domains lists # into the real DNS domains to search. >> >> # There is a far more comprehensive list of these at # >> http://www.declude.com/JunkMail/Support/ip4r.htm >> # and you can easily search them all at www.DNSstuff.com. >> >> # If you want to search other DNSBL's you will need to define >> them here first, # before referring to them by name in >> mailscanner.conf (or a rules file). >> >> spamhaus.org sbl.spamhaus.org. >> spamhaus-XBL xbl.spamhaus.org. >> spamhaus-PBL pbl.spamhaus.org. >> spamhaus-ZEN zen.spamhaus.org. >> SBL+XBL sbl-xbl.spamhaus.org. >> spamcop.net bl.spamcop.net. >> NJABL dnsbl.njabl.org. >> >> # ORDB has been shut down. >> # ORDB-RBL relays.ordb.org. >> >> #Infinite-Monkeys proxies.relays.monkeys.com. >> #osirusoft.com relays.osirusoft.com. >> # These two lists are now dead and must not be used. >> >> # MAPS now charge for their services, so you'll have to buy a >> contract before # attempting to use the next 3 lines. >> >> MAPS-RBL blackholes.mail-abuse.org. >> MAPS-DUL dialups.mail-abuse.org. >> MAPS-RSS relays.mail-abuse.org. >> >> # This next line works for JANET UK Academic sites only >> >> MAPS-RBL+ rbl-plus.mail-abuse.ja.net. >> >> # And build a similar list for the RBL domains that work on >> the name # of the domain rather than the IP address of the >> exact machine that # is listed. This way the RBL controllers >> can blacklist entire # domains very quickly and easily. >> # These aren't used by default, as they slow down MailScanner >> quite a bit. >> >> RFC-IGNORANT-DSN dsn.rfc-ignorant.org. >> RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. >> RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. >> RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. >> RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. >> RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. >> >> # Easynet are closing down, so don't use these any more >> Easynet-DNSBL blackholes.easynet.nl. >> Easynet-Proxies proxies.blackholes.easynet.nl. >> Easynet-Dynablock dynablock.easynet.nl. >> >> # This list is now dead and must not be used. >> #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. >> >> # These folks are still going strong >> SORBS-DNSBL dnsbl.sorbs.net. >> SORBS-HTTP http.dnsbl.sorbs.net. >> SORBS-SOCKS socks.dnsbl.sorbs.net. >> SORBS-MISC misc.dnsbl.sorbs.net. >> SORBS-SMTP smtp.dnsbl.sorbs.net. >> SORBS-WEB web.dnsbl.sorbs.net. >> SORBS-SPAM spam.dnsbl.sorbs.net. >> SORBS-BLOCK block.dnsbl.sorbs.net. >> SORBS-ZOMBIE zombie.dnsbl.sorbs.net. >> SORBS-DUL dul.dnsbl.sorbs.net. >> SORBS-RHSBL rhsbl.sorbs.net. >> # These next 2 are "Spam Domain List" entries and not "Spam List"s >> SORBS-BADCONF badconf.rhsbl.sorbs.net. >> SORBS-NOMAIL nomail.rhsbl.sorbs.net. >> >> # Some other good lists >> >> CBL cbl.abuseat.org. >> DSBL list.dsbl.org. >> >> 2008/7/7 Martin.Hepworth : >> > Simon >> > >> > What RBL's you using? Could be one of them backing up - eg >> spamhaus tend to slow down their feed if you go over the 'free' limit. >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> >> Simon Jones >> >> Sent: 07 July 2008 17:46 >> >> To: MailScanner discussion >> >> Subject: Re: inconsistent performance >> >> >> >> Could be I guess, netstat just shows up the usual mass of smtp >> >> connections - it's just really odd why it's ok on the most >> part but >> >> as soon as somthing triggers a choke they all start >> backing the queue >> >> up with messages. >> >> >> >> I'll do some more checking around. >> >> >> >> thanks Richard >> >> >> >> SMJ >> >> >> >> 2008/7/7 Richard Frovarp : >> >> > Simon Jones wrote: >> >> >> >> >> >> hello chaps, >> >> >> >> >> >> anyone have an idea why i'm seeing inconsistent >> >> performance on all 3 >> >> >> of my gateway servers? Nothing shows up errors in the >> maillog and >> >> >> MailScanner --Lint checks out ok but from time to time the >> >> machines >> >> >> will choke and i'll stack 2k and rising messages up in the >> >> hold queue. >> >> >> >> >> >> one day they'll work fine and the hold queue will be >> >> normal, then all >> >> >> of a sudden they'll start backing up. >> >> >> >> >> >> I have postfix reading from mysql for the relay_domains / >> >> >> relay_recipients and transport maps as well as logging to >> >> a seperate >> >> >> db on the same seperate db server for mailwatch. >> >> >> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty >> >> beefy and >> >> >> doesn't seem to be maxed at all. >> >> >> >> >> >> the gateways run fairly heavy but are by no means topping >> >> out. I've >> >> >> tried dropping max children and the batch processing >> >> settings but to >> >> >> no avail. >> >> >> >> >> >> any ideas would be really appreciated. >> >> >> >> >> >> thanks >> >> >> >> >> >> SMJ >> >> >> >> >> > >> >> > What about mail volume? Is it consistent across the days in >> >> question? >> >> > Or, even if the numbers are the same, you might end up >> with bursty >> >> > traffic on the days you backup, causing everything to >> fall behind. >> >> > Botnets, mailing lists, all of that sort can drop >> traffic on you in >> >> > one heck of a hurry at times. >> >> > -- >> >> > MailScanner mailing list >> >> > mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > >> >> > Before posting, read http://wiki.mailscanner.info/posting >> >> > >> >> > Support MailScanner development - buy the book off the website! >> >> > >> >> -- >> >> MailScanner mailing list >> >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> Support MailScanner development - buy the book off the website! >> >> >> > >> > >> > >> > >> > >> ********************************************************************** >> > Confidentiality : This e-mail and any attachments are >> intended for the >> > addressee only and may be confidential. If they come to you >> in error >> > you must take no action based on them, nor must you copy or >> show them >> > to anyone. Please advise the sender by replying to this e-mail >> > immediately and then delete the original from your computer. >> > Opinion : Any opinions expressed in this e-mail are >> entirely those of >> > the author and unless specifically stated to the contrary, are not >> > necessarily those of the author's employer. >> > Security Warning : Internet e-mail is not necessarily a secure >> > communications medium and can be subject to data >> corruption. We advise >> > that you consider this fact when e-mailing us. >> > Viruses : We have taken steps to ensure that this e-mail and any >> > attachments are free from known viruses but in keeping with good >> > computing practice, you should ensure that they are virus free. >> > >> > Red Lion 49 Ltd T/A Solid State Logic >> > Registered as a limited company in England and Wales (Company >> > No:5362730) Registered Office: 25 Spring Hill Road, >> Begbroke, Oxford >> > OX5 1RU, United Kingdom >> > >> ********************************************************************** >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Tue Jul 8 09:41:13 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 09:41:32 2008 Subject: inconsistent performance In-Reply-To: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com> Message-ID: Simon Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all. You need to add lines like score __RCVD_IN_NJABL 0.0 To the above file to turn each one off individually for the ones you don't want Also in MailScanner.conf check which one's you're running there as well Spam List = And Spam Domain List = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Simon Jones > Sent: 08 July 2008 09:30 > To: MailScanner discussion > Subject: Re: inconsistent performance > > mate, where do i find what rbl's spamassassin is checking? I > thought they were in spam.lists.conf only > > Simon > > 2008/7/8 Martin.Hepworth : > > Simon > > > > Not only this but what are you running in MailScanner.conf > and also spamassassin. > > > > If you haven't turned any RBL's off in SA you're more than > like running them all which could well account for odd > performance issues. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Simon Jones > >> Sent: 07 July 2008 18:13 > >> To: MailScanner discussion > >> Subject: Re: inconsistent performance > >> > >> here's my spam.lists.conf > >> > >> # This file translates the names of the spam lists and > spam domains > >> lists # into the real DNS domains to search. > >> > >> # There is a far more comprehensive list of these at # > >> http://www.declude.com/JunkMail/Support/ip4r.htm > >> # and you can easily search them all at www.DNSstuff.com. > >> > >> # If you want to search other DNSBL's you will need to define them > >> here first, # before referring to them by name in mailscanner.conf > >> (or a rules file). > >> > >> spamhaus.org sbl.spamhaus.org. > >> spamhaus-XBL xbl.spamhaus.org. > >> spamhaus-PBL pbl.spamhaus.org. > >> spamhaus-ZEN zen.spamhaus.org. > >> SBL+XBL sbl-xbl.spamhaus.org. > >> spamcop.net bl.spamcop.net. > >> NJABL dnsbl.njabl.org. > >> > >> # ORDB has been shut down. > >> # ORDB-RBL relays.ordb.org. > >> > >> #Infinite-Monkeys proxies.relays.monkeys.com. > >> #osirusoft.com relays.osirusoft.com. > >> # These two lists are now dead and must not be used. > >> > >> # MAPS now charge for their services, so you'll have to buy a > >> contract before # attempting to use the next 3 lines. > >> > >> MAPS-RBL blackholes.mail-abuse.org. > >> MAPS-DUL dialups.mail-abuse.org. > >> MAPS-RSS relays.mail-abuse.org. > >> > >> # This next line works for JANET UK Academic sites only > >> > >> MAPS-RBL+ rbl-plus.mail-abuse.ja.net. > >> > >> # And build a similar list for the RBL domains that work > on the name > >> # of the domain rather than the IP address of the exact > machine that > >> # is listed. This way the RBL controllers can blacklist entire # > >> domains very quickly and easily. > >> # These aren't used by default, as they slow down > MailScanner quite a > >> bit. > >> > >> RFC-IGNORANT-DSN dsn.rfc-ignorant.org. > >> RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. > >> RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. > >> RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. > >> RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. > >> RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. > >> > >> # Easynet are closing down, so don't use these any more > >> Easynet-DNSBL blackholes.easynet.nl. > >> Easynet-Proxies proxies.blackholes.easynet.nl. > >> Easynet-Dynablock dynablock.easynet.nl. > >> > >> # This list is now dead and must not be used. > >> #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. > >> > >> # These folks are still going strong > >> SORBS-DNSBL dnsbl.sorbs.net. > >> SORBS-HTTP http.dnsbl.sorbs.net. > >> SORBS-SOCKS socks.dnsbl.sorbs.net. > >> SORBS-MISC misc.dnsbl.sorbs.net. > >> SORBS-SMTP smtp.dnsbl.sorbs.net. > >> SORBS-WEB web.dnsbl.sorbs.net. > >> SORBS-SPAM spam.dnsbl.sorbs.net. > >> SORBS-BLOCK block.dnsbl.sorbs.net. > >> SORBS-ZOMBIE zombie.dnsbl.sorbs.net. > >> SORBS-DUL dul.dnsbl.sorbs.net. > >> SORBS-RHSBL rhsbl.sorbs.net. > >> # These next 2 are "Spam Domain List" entries and not "Spam List"s > >> SORBS-BADCONF badconf.rhsbl.sorbs.net. > >> SORBS-NOMAIL nomail.rhsbl.sorbs.net. > >> > >> # Some other good lists > >> > >> CBL cbl.abuseat.org. > >> DSBL list.dsbl.org. > >> > >> 2008/7/7 Martin.Hepworth : > >> > Simon > >> > > >> > What RBL's you using? Could be one of them backing up - eg > >> spamhaus tend to slow down their feed if you go over the > 'free' limit. > >> > > >> > -- > >> > Martin Hepworth > >> > Snr Systems Administrator > >> > Solid State Logic > >> > Tel: +44 (0)1865 842300 > >> > > >> >> -----Original Message----- > >> >> From: mailscanner-bounces@lists.mailscanner.info > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of > >> >> Simon Jones > >> >> Sent: 07 July 2008 17:46 > >> >> To: MailScanner discussion > >> >> Subject: Re: inconsistent performance > >> >> > >> >> Could be I guess, netstat just shows up the usual mass of smtp > >> >> connections - it's just really odd why it's ok on the most > >> part but > >> >> as soon as somthing triggers a choke they all start > >> backing the queue > >> >> up with messages. > >> >> > >> >> I'll do some more checking around. > >> >> > >> >> thanks Richard > >> >> > >> >> SMJ > >> >> > >> >> 2008/7/7 Richard Frovarp : > >> >> > Simon Jones wrote: > >> >> >> > >> >> >> hello chaps, > >> >> >> > >> >> >> anyone have an idea why i'm seeing inconsistent > >> >> performance on all 3 > >> >> >> of my gateway servers? Nothing shows up errors in the > >> maillog and > >> >> >> MailScanner --Lint checks out ok but from time to time the > >> >> machines > >> >> >> will choke and i'll stack 2k and rising messages up in the > >> >> hold queue. > >> >> >> > >> >> >> one day they'll work fine and the hold queue will be > >> >> normal, then all > >> >> >> of a sudden they'll start backing up. > >> >> >> > >> >> >> I have postfix reading from mysql for the relay_domains / > >> >> >> relay_recipients and transport maps as well as logging to > >> >> a seperate > >> >> >> db on the same seperate db server for mailwatch. > >> >> >> > >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty > >> >> beefy and > >> >> >> doesn't seem to be maxed at all. > >> >> >> > >> >> >> the gateways run fairly heavy but are by no means topping > >> >> out. I've > >> >> >> tried dropping max children and the batch processing > >> >> settings but to > >> >> >> no avail. > >> >> >> > >> >> >> any ideas would be really appreciated. > >> >> >> > >> >> >> thanks > >> >> >> > >> >> >> SMJ > >> >> >> > >> >> > > >> >> > What about mail volume? Is it consistent across the days in > >> >> question? > >> >> > Or, even if the numbers are the same, you might end up > >> with bursty > >> >> > traffic on the days you backup, causing everything to > >> fall behind. > >> >> > Botnets, mailing lists, all of that sort can drop > >> traffic on you in > >> >> > one heck of a hurry at times. > >> >> > -- > >> >> > MailScanner mailing list > >> >> > mailscanner@lists.mailscanner.info > >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > > >> >> > Before posting, read http://wiki.mailscanner.info/posting > >> >> > > >> >> > Support MailScanner development - buy the book off > the website! > >> >> > > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner@lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> >> Before posting, read http://wiki.mailscanner.info/posting > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> >> > >> > > >> > > >> > > >> > > >> > > >> > ********************************************************************* > >> * > >> > Confidentiality : This e-mail and any attachments are > >> intended for the > >> > addressee only and may be confidential. If they come to you > >> in error > >> > you must take no action based on them, nor must you copy or > >> show them > >> > to anyone. Please advise the sender by replying to this e-mail > >> > immediately and then delete the original from your computer. > >> > Opinion : Any opinions expressed in this e-mail are > >> entirely those of > >> > the author and unless specifically stated to the > contrary, are not > >> > necessarily those of the author's employer. > >> > Security Warning : Internet e-mail is not necessarily a secure > >> > communications medium and can be subject to data > >> corruption. We advise > >> > that you consider this fact when e-mailing us. > >> > Viruses : We have taken steps to ensure that this e-mail and any > >> > attachments are free from known viruses but in keeping with good > >> > computing practice, you should ensure that they are virus free. > >> > > >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > >> > company in England and Wales (Company > >> > No:5362730) Registered Office: 25 Spring Hill Road, > >> Begbroke, Oxford > >> > OX5 1RU, United Kingdom > >> > > >> > ********************************************************************* > >> * > >> > > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 1RU, United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From list-mailscanner at linguaphone.com Tue Jul 8 09:26:23 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jul 8 09:54:24 2008 Subject: Feature request: logical AND in rulesets Message-ID: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk> My setup: I have MailScanner running on a machine and fetchmail pulls mail down from a pop3 server and delivers it to postfix and then MailScanner picks it up and processes it. I have fetchmail deliver the mail to the servers real IP address and not the loopback address. So I can create a ruleset to bypass scannig for mail from 127.0.0.1 and this enables me to release mesages from quarantine and stops logwatch reports from being detected as spam or viruses. The problem however is that if people use webmail it bypasses all checks since webmail calls sendmail directly and cannot be configured to send to the real IP address. What would be perfect would be if I could do something like :- From: 127.0.0.1 AND root@myserver.mydomain.com no From craig at csfs.co.za Tue Jul 8 09:45:32 2008 From: craig at csfs.co.za (Craig Retief) Date: Tue Jul 8 10:01:04 2008 Subject: About spam attack In-Reply-To: References: Message-ID: <1215506732.9713.6.camel@cX> On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote: > Correct > > I suggest you pass you're outgoing via the mailscanner then the watermarking will mark. I agree with Martin. I think this will be the best and easiest way to stop the back scatter emails. Cheers Craig > > You can put a rule against the spam scanning etc to not scan email from the mailserver, but at least you'll get the watermarks in there. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/e79ea2d7/attachment.html From fabien.garziano at caliseo.com Tue Jul 8 10:04:18 2008 From: fabien.garziano at caliseo.com (Fabien GARZIANO) Date: Tue Jul 8 10:04:49 2008 Subject: Mailscanner / postfix Timeout in the SMTP dialog Message-ID: Hi people ! I think this might not be the right place to ask for this, as it seems more like a postfix issue. But that's driving me mad. I got this mail relay : Running on Linux califw3.caliseo.fr 2.6.16-1.2108_FC4 #1 Thu May 4 23:52:01 EDT 2006 i686 i686 i386 GNU/Linux This is Fedora Core release 4 (Stentz) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.53.8 And postfix 2.2.2 Some time ago, I found that some of the incoming SMTP connections were interrupted with this kind of message : postfix/smtpd[12529]: timeout after DATA from host.domain.ext[x.x.x.x] And this seems more and more frequent. Some googling drove me to some MTU or network troubleshoot which didn't solve anything (I've tried to lower MTU or even to raise it, the server is in a DMZ behind a FW and next is the ISP router). I've checked everything outside the mail server (Firewall, network) but I came to the conclusion that the problem was coming for the server. Once again, I know this might not be the right place for what I guess is a pure Postfix issue (as it happens during SMTP exchange), but if anyone here have experienced the same behaviour, I would be happy to hear about it. I also guess I'll have to update the whole server cause it's now quite old (postfix, MailScanner, etc...). Thanks. From J.Ede at birchenallhowden.co.uk Tue Jul 8 09:59:16 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jul 8 10:05:24 2008 Subject: inconsistent performance In-Reply-To: References: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com>, Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B85A0@server02.bhl.local> Is there an easy way of finding out all the lists that spamassassin uses? I've got most of them still turned on. The most variation I had across MailScanner servers was before I started using a common bayes in MySQL. I know there are plenty of arguments for and against having a common bayes list, but it seems for me to work best on a common list. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth [martinh@solidstatelogic.com] Sent: 08 July 2008 09:41 To: MailScanner discussion Subject: RE: inconsistent performance Simon Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all. You need to add lines like score __RCVD_IN_NJABL 0.0 To the above file to turn each one off individually for the ones you don't want Also in MailScanner.conf check which one's you're running there as well Spam List = And Spam Domain List = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Simon Jones > Sent: 08 July 2008 09:30 > To: MailScanner discussion > Subject: Re: inconsistent performance > > mate, where do i find what rbl's spamassassin is checking? I > thought they were in spam.lists.conf only > > Simon > > 2008/7/8 Martin.Hepworth : > > Simon > > > > Not only this but what are you running in MailScanner.conf > and also spamassassin. > > > > If you haven't turned any RBL's off in SA you're more than > like running them all which could well account for odd > performance issues. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Simon Jones > >> Sent: 07 July 2008 18:13 > >> To: MailScanner discussion > >> Subject: Re: inconsistent performance > >> > >> here's my spam.lists.conf > >> > >> # This file translates the names of the spam lists and > spam domains > >> lists # into the real DNS domains to search. > >> > >> # There is a far more comprehensive list of these at # > >> http://www.declude.com/JunkMail/Support/ip4r.htm > >> # and you can easily search them all at www.DNSstuff.com. > >> > >> # If you want to search other DNSBL's you will need to define them > >> here first, # before referring to them by name in mailscanner.conf > >> (or a rules file). > >> > >> spamhaus.org sbl.spamhaus.org. > >> spamhaus-XBL xbl.spamhaus.org. > >> spamhaus-PBL pbl.spamhaus.org. > >> spamhaus-ZEN zen.spamhaus.org. > >> SBL+XBL sbl-xbl.spamhaus.org. > >> spamcop.net bl.spamcop.net. > >> NJABL dnsbl.njabl.org. > >> > >> # ORDB has been shut down. > >> # ORDB-RBL relays.ordb.org. > >> > >> #Infinite-Monkeys proxies.relays.monkeys.com. > >> #osirusoft.com relays.osirusoft.com. > >> # These two lists are now dead and must not be used. > >> > >> # MAPS now charge for their services, so you'll have to buy a > >> contract before # attempting to use the next 3 lines. > >> > >> MAPS-RBL blackholes.mail-abuse.org. > >> MAPS-DUL dialups.mail-abuse.org. > >> MAPS-RSS relays.mail-abuse.org. > >> > >> # This next line works for JANET UK Academic sites only > >> > >> MAPS-RBL+ rbl-plus.mail-abuse.ja.net. > >> > >> # And build a similar list for the RBL domains that work > on the name > >> # of the domain rather than the IP address of the exact > machine that > >> # is listed. This way the RBL controllers can blacklist entire # > >> domains very quickly and easily. > >> # These aren't used by default, as they slow down > MailScanner quite a > >> bit. > >> > >> RFC-IGNORANT-DSN dsn.rfc-ignorant.org. > >> RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. > >> RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. > >> RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. > >> RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. > >> RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. > >> > >> # Easynet are closing down, so don't use these any more > >> Easynet-DNSBL blackholes.easynet.nl. > >> Easynet-Proxies proxies.blackholes.easynet.nl. > >> Easynet-Dynablock dynablock.easynet.nl. > >> > >> # This list is now dead and must not be used. > >> #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. > >> > >> # These folks are still going strong > >> SORBS-DNSBL dnsbl.sorbs.net. > >> SORBS-HTTP http.dnsbl.sorbs.net. > >> SORBS-SOCKS socks.dnsbl.sorbs.net. > >> SORBS-MISC misc.dnsbl.sorbs.net. > >> SORBS-SMTP smtp.dnsbl.sorbs.net. > >> SORBS-WEB web.dnsbl.sorbs.net. > >> SORBS-SPAM spam.dnsbl.sorbs.net. > >> SORBS-BLOCK block.dnsbl.sorbs.net. > >> SORBS-ZOMBIE zombie.dnsbl.sorbs.net. > >> SORBS-DUL dul.dnsbl.sorbs.net. > >> SORBS-RHSBL rhsbl.sorbs.net. > >> # These next 2 are "Spam Domain List" entries and not "Spam List"s > >> SORBS-BADCONF badconf.rhsbl.sorbs.net. > >> SORBS-NOMAIL nomail.rhsbl.sorbs.net. > >> > >> # Some other good lists > >> > >> CBL cbl.abuseat.org. > >> DSBL list.dsbl.org. > >> > >> 2008/7/7 Martin.Hepworth : > >> > Simon > >> > > >> > What RBL's you using? Could be one of them backing up - eg > >> spamhaus tend to slow down their feed if you go over the > 'free' limit. > >> > > >> > -- > >> > Martin Hepworth > >> > Snr Systems Administrator > >> > Solid State Logic > >> > Tel: +44 (0)1865 842300 > >> > > >> >> -----Original Message----- > >> >> From: mailscanner-bounces@lists.mailscanner.info > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of > >> >> Simon Jones > >> >> Sent: 07 July 2008 17:46 > >> >> To: MailScanner discussion > >> >> Subject: Re: inconsistent performance > >> >> > >> >> Could be I guess, netstat just shows up the usual mass of smtp > >> >> connections - it's just really odd why it's ok on the most > >> part but > >> >> as soon as somthing triggers a choke they all start > >> backing the queue > >> >> up with messages. > >> >> > >> >> I'll do some more checking around. > >> >> > >> >> thanks Richard > >> >> > >> >> SMJ > >> >> > >> >> 2008/7/7 Richard Frovarp : > >> >> > Simon Jones wrote: > >> >> >> > >> >> >> hello chaps, > >> >> >> > >> >> >> anyone have an idea why i'm seeing inconsistent > >> >> performance on all 3 > >> >> >> of my gateway servers? Nothing shows up errors in the > >> maillog and > >> >> >> MailScanner --Lint checks out ok but from time to time the > >> >> machines > >> >> >> will choke and i'll stack 2k and rising messages up in the > >> >> hold queue. > >> >> >> > >> >> >> one day they'll work fine and the hold queue will be > >> >> normal, then all > >> >> >> of a sudden they'll start backing up. > >> >> >> > >> >> >> I have postfix reading from mysql for the relay_domains / > >> >> >> relay_recipients and transport maps as well as logging to > >> >> a seperate > >> >> >> db on the same seperate db server for mailwatch. > >> >> >> > >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty > >> >> beefy and > >> >> >> doesn't seem to be maxed at all. > >> >> >> > >> >> >> the gateways run fairly heavy but are by no means topping > >> >> out. I've > >> >> >> tried dropping max children and the batch processing > >> >> settings but to > >> >> >> no avail. > >> >> >> > >> >> >> any ideas would be really appreciated. > >> >> >> > >> >> >> thanks > >> >> >> > >> >> >> SMJ > >> >> >> > >> >> > > >> >> > What about mail volume? Is it consistent across the days in > >> >> question? > >> >> > Or, even if the numbers are the same, you might end up > >> with bursty > >> >> > traffic on the days you backup, causing everything to > >> fall behind. > >> >> > Botnets, mailing lists, all of that sort can drop > >> traffic on you in > >> >> > one heck of a hurry at times. > >> >> > -- > >> >> > MailScanner mailing list > >> >> > mailscanner@lists.mailscanner.info > >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > > >> >> > Before posting, read http://wiki.mailscanner.info/posting > >> >> > > >> >> > Support MailScanner development - buy the book off > the website! > >> >> > > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner@lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> >> Before posting, read http://wiki.mailscanner.info/posting > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> >> > >> > > >> > > >> > > >> > > >> > > >> > ********************************************************************* > >> * > >> > Confidentiality : This e-mail and any attachments are > >> intended for the > >> > addressee only and may be confidential. If they come to you > >> in error > >> > you must take no action based on them, nor must you copy or > >> show them > >> > to anyone. Please advise the sender by replying to this e-mail > >> > immediately and then delete the original from your computer. > >> > Opinion : Any opinions expressed in this e-mail are > >> entirely those of > >> > the author and unless specifically stated to the > contrary, are not > >> > necessarily those of the author's employer. > >> > Security Warning : Internet e-mail is not necessarily a secure > >> > communications medium and can be subject to data > >> corruption. We advise > >> > that you consider this fact when e-mailing us. > >> > Viruses : We have taken steps to ensure that this e-mail and any > >> > attachments are free from known viruses but in keeping with good > >> > computing practice, you should ensure that they are virus free. > >> > > >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > >> > company in England and Wales (Company > >> > No:5362730) Registered Office: 25 Spring Hill Road, > >> Begbroke, Oxford > >> > OX5 1RU, United Kingdom > >> > > >> > ********************************************************************* > >> * > >> > > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 1RU, United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Tue Jul 8 11:48:34 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 11:48:46 2008 Subject: inconsistent performance In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B85A0@server02.bhl.local> Message-ID: Jason Yeah have a look in the 20_dnsbl_tests.cf file in /var/lib/spamassassin//updates_spamassassin_org -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jason Ede > Sent: 08 July 2008 09:59 > To: MailScanner discussion > Subject: RE: inconsistent performance > > Is there an easy way of finding out all the lists that > spamassassin uses? I've got most of them still turned on. > > The most variation I had across MailScanner servers was > before I started using a common bayes in MySQL. I know there > are plenty of arguments for and against having a common bayes > list, but it seems for me to work best on a common list. > > Jason > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth [martinh@solidstatelogic.com] > Sent: 08 July 2008 09:41 > To: MailScanner discussion > Subject: RE: inconsistent performance > > Simon > > Like I said - if you've not disabled them in > /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) > then you're running them all. > > You need to add lines like > > score __RCVD_IN_NJABL 0.0 > > To the above file to turn each one off individually for the > ones you don't want > > Also in MailScanner.conf check which one's you're running > there as well > > Spam List = > > And > > Spam Domain List = > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Simon > > Jones > > Sent: 08 July 2008 09:30 > > To: MailScanner discussion > > Subject: Re: inconsistent performance > > > > mate, where do i find what rbl's spamassassin is checking? > I thought > > they were in spam.lists.conf only > > > > Simon > > > > 2008/7/8 Martin.Hepworth : > > > Simon > > > > > > Not only this but what are you running in MailScanner.conf > > and also spamassassin. > > > > > > If you haven't turned any RBL's off in SA you're more than > > like running them all which could well account for odd performance > > issues. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > >> Simon Jones > > >> Sent: 07 July 2008 18:13 > > >> To: MailScanner discussion > > >> Subject: Re: inconsistent performance > > >> > > >> here's my spam.lists.conf > > >> > > >> # This file translates the names of the spam lists and > > spam domains > > >> lists # into the real DNS domains to search. > > >> > > >> # There is a far more comprehensive list of these at # > > >> http://www.declude.com/JunkMail/Support/ip4r.htm > > >> # and you can easily search them all at www.DNSstuff.com. > > >> > > >> # If you want to search other DNSBL's you will need to > define them > > >> here first, # before referring to them by name in > mailscanner.conf > > >> (or a rules file). > > >> > > >> spamhaus.org sbl.spamhaus.org. > > >> spamhaus-XBL xbl.spamhaus.org. > > >> spamhaus-PBL pbl.spamhaus.org. > > >> spamhaus-ZEN zen.spamhaus.org. > > >> SBL+XBL sbl-xbl.spamhaus.org. > > >> spamcop.net bl.spamcop.net. > > >> NJABL dnsbl.njabl.org. > > >> > > >> # ORDB has been shut down. > > >> # ORDB-RBL relays.ordb.org. > > >> > > >> #Infinite-Monkeys proxies.relays.monkeys.com. > > >> #osirusoft.com relays.osirusoft.com. > > >> # These two lists are now dead and must not be used. > > >> > > >> # MAPS now charge for their services, so you'll have to buy a > > >> contract before # attempting to use the next 3 lines. > > >> > > >> MAPS-RBL blackholes.mail-abuse.org. > > >> MAPS-DUL dialups.mail-abuse.org. > > >> MAPS-RSS relays.mail-abuse.org. > > >> > > >> # This next line works for JANET UK Academic sites only > > >> > > >> MAPS-RBL+ rbl-plus.mail-abuse.ja.net. > > >> > > >> # And build a similar list for the RBL domains that work > > on the name > > >> # of the domain rather than the IP address of the exact > > machine that > > >> # is listed. This way the RBL controllers can blacklist entire # > > >> domains very quickly and easily. > > >> # These aren't used by default, as they slow down > > MailScanner quite a > > >> bit. > > >> > > >> RFC-IGNORANT-DSN dsn.rfc-ignorant.org. > > >> RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. > > >> RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. > > >> RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. > > >> RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. > > >> RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. > > >> > > >> # Easynet are closing down, so don't use these any more > > >> Easynet-DNSBL blackholes.easynet.nl. > > >> Easynet-Proxies proxies.blackholes.easynet.nl. > > >> Easynet-Dynablock dynablock.easynet.nl. > > >> > > >> # This list is now dead and must not be used. > > >> #OSIRUSOFT-SPEWS > spews.relays.osirusoft.com. > > >> > > >> # These folks are still going strong > > >> SORBS-DNSBL dnsbl.sorbs.net. > > >> SORBS-HTTP http.dnsbl.sorbs.net. > > >> SORBS-SOCKS socks.dnsbl.sorbs.net. > > >> SORBS-MISC misc.dnsbl.sorbs.net. > > >> SORBS-SMTP smtp.dnsbl.sorbs.net. > > >> SORBS-WEB web.dnsbl.sorbs.net. > > >> SORBS-SPAM spam.dnsbl.sorbs.net. > > >> SORBS-BLOCK block.dnsbl.sorbs.net. > > >> SORBS-ZOMBIE zombie.dnsbl.sorbs.net. > > >> SORBS-DUL dul.dnsbl.sorbs.net. > > >> SORBS-RHSBL rhsbl.sorbs.net. > > >> # These next 2 are "Spam Domain List" entries and not > "Spam List"s > > >> SORBS-BADCONF badconf.rhsbl.sorbs.net. > > >> SORBS-NOMAIL nomail.rhsbl.sorbs.net. > > >> > > >> # Some other good lists > > >> > > >> CBL cbl.abuseat.org. > > >> DSBL list.dsbl.org. > > >> > > >> 2008/7/7 Martin.Hepworth : > > >> > Simon > > >> > > > >> > What RBL's you using? Could be one of them backing up - eg > > >> spamhaus tend to slow down their feed if you go over the > > 'free' limit. > > >> > > > >> > -- > > >> > Martin Hepworth > > >> > Snr Systems Administrator > > >> > Solid State Logic > > >> > Tel: +44 (0)1865 842300 > > >> > > > >> >> -----Original Message----- > > >> >> From: mailscanner-bounces@lists.mailscanner.info > > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of > > >> >> Simon Jones > > >> >> Sent: 07 July 2008 17:46 > > >> >> To: MailScanner discussion > > >> >> Subject: Re: inconsistent performance > > >> >> > > >> >> Could be I guess, netstat just shows up the usual > mass of smtp > > >> >> connections - it's just really odd why it's ok on the most > > >> part but > > >> >> as soon as somthing triggers a choke they all start > > >> backing the queue > > >> >> up with messages. > > >> >> > > >> >> I'll do some more checking around. > > >> >> > > >> >> thanks Richard > > >> >> > > >> >> SMJ > > >> >> > > >> >> 2008/7/7 Richard Frovarp : > > >> >> > Simon Jones wrote: > > >> >> >> > > >> >> >> hello chaps, > > >> >> >> > > >> >> >> anyone have an idea why i'm seeing inconsistent > > >> >> performance on all 3 > > >> >> >> of my gateway servers? Nothing shows up errors in the > > >> maillog and > > >> >> >> MailScanner --Lint checks out ok but from time to time the > > >> >> machines > > >> >> >> will choke and i'll stack 2k and rising messages up in the > > >> >> hold queue. > > >> >> >> > > >> >> >> one day they'll work fine and the hold queue will be > > >> >> normal, then all > > >> >> >> of a sudden they'll start backing up. > > >> >> >> > > >> >> >> I have postfix reading from mysql for the relay_domains / > > >> >> >> relay_recipients and transport maps as well as logging to > > >> >> a seperate > > >> >> >> db on the same seperate db server for mailwatch. > > >> >> >> > > >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty > > >> >> beefy and > > >> >> >> doesn't seem to be maxed at all. > > >> >> >> > > >> >> >> the gateways run fairly heavy but are by no means topping > > >> >> out. I've > > >> >> >> tried dropping max children and the batch processing > > >> >> settings but to > > >> >> >> no avail. > > >> >> >> > > >> >> >> any ideas would be really appreciated. > > >> >> >> > > >> >> >> thanks > > >> >> >> > > >> >> >> SMJ > > >> >> >> > > >> >> > > > >> >> > What about mail volume? Is it consistent across the days in > > >> >> question? > > >> >> > Or, even if the numbers are the same, you might end up > > >> with bursty > > >> >> > traffic on the days you backup, causing everything to > > >> fall behind. > > >> >> > Botnets, mailing lists, all of that sort can drop > > >> traffic on you in > > >> >> > one heck of a hurry at times. > > >> >> > -- > > >> >> > MailScanner mailing list > > >> >> > mailscanner@lists.mailscanner.info > > >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> >> > > > >> >> > Before posting, read http://wiki.mailscanner.info/posting > > >> >> > > > >> >> > Support MailScanner development - buy the book off > > the website! > > >> >> > > > >> >> -- > > >> >> MailScanner mailing list > > >> >> mailscanner@lists.mailscanner.info > > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> >> > > >> >> Before posting, read http://wiki.mailscanner.info/posting > > >> >> > > >> >> Support MailScanner development - buy the book off > the website! > > >> >> > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > ********************************************************************* > > >> * > > >> > Confidentiality : This e-mail and any attachments are > > >> intended for the > > >> > addressee only and may be confidential. If they come to you > > >> in error > > >> > you must take no action based on them, nor must you copy or > > >> show them > > >> > to anyone. Please advise the sender by replying to this e-mail > > >> > immediately and then delete the original from your computer. > > >> > Opinion : Any opinions expressed in this e-mail are > > >> entirely those of > > >> > the author and unless specifically stated to the > > contrary, are not > > >> > necessarily those of the author's employer. > > >> > Security Warning : Internet e-mail is not necessarily a secure > > >> > communications medium and can be subject to data > > >> corruption. We advise > > >> > that you consider this fact when e-mailing us. > > >> > Viruses : We have taken steps to ensure that this > e-mail and any > > >> > attachments are free from known viruses but in keeping > with good > > >> > computing practice, you should ensure that they are virus free. > > >> > > > >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > > >> > company in England and Wales (Company > > >> > No:5362730) Registered Office: 25 Spring Hill Road, > > >> Begbroke, Oxford > > >> > OX5 1RU, United Kingdom > > >> > > > >> > > > ********************************************************************* > > >> * > > >> > > > >> > -- > > >> > MailScanner mailing list > > >> > mailscanner@lists.mailscanner.info > > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> > > > >> > Before posting, read http://wiki.mailscanner.info/posting > > >> > > > >> > Support MailScanner development - buy the book off the website! > > >> > > > >> -- > > >> MailScanner mailing list > > >> mailscanner@lists.mailscanner.info > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> > > >> Before posting, read http://wiki.mailscanner.info/posting > > >> > > >> Support MailScanner development - buy the book off the website! > > >> > > > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are > > intended for the > > > addressee only and may be confidential. If they come to you > > in error > > > you must take no action based on them, nor must you copy or > > show them > > > to anyone. Please advise the sender by replying to this e-mail > > > immediately and then delete the original from your computer. > > > Opinion : Any opinions expressed in this e-mail are > > entirely those of > > > the author and unless specifically stated to the > contrary, are not > > > necessarily those of the author's employer. > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data > > corruption. We advise > > > that you consider this fact when e-mailing us. > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > > > company in England and Wales (Company > > > No:5362730) Registered Office: 25 Spring Hill Road, > > Begbroke, Oxford > > > OX5 1RU, United Kingdom > > > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the addressee only and may be confidential. If > they come to you in error you must take no action based on > them, nor must you copy or show them to anyone. Please advise > the sender by replying to this e-mail immediately and then > delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely > those of the author and unless specifically stated to the > contrary, are not necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a > secure communications medium and can be subject to data > corruption. We advise that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and > any attachments are free from known viruses but in keeping > with good computing practice, you should ensure that they are > virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, > Oxford OX5 1RU, United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Jul 8 12:21:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 12:22:37 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: Message-ID: <48734DAE.4060209@ecs.soton.ac.uk> Gareth wrote: > My setup: > I have MailScanner running on a machine and fetchmail pulls mail down > from a pop3 server and delivers it to postfix and then MailScanner picks > it up and processes it. > I have fetchmail deliver the mail to the servers real IP address and not > the loopback address. > > So I can create a ruleset to bypass scannig for mail from 127.0.0.1 and > this enables me to release mesages from quarantine and stops logwatch > reports from being detected as spam or viruses. The problem however is > that if people use webmail it bypasses all checks since webmail calls > sendmail directly and cannot be configured to send to the real IP > address. > > What would be perfect would be if I could do something like :- > From: 127.0.0.1 AND root@myserver.mydomain.com no > You just missed a "From" after the "AND". But otherwise you got it right. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jul 8 12:26:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 12:26:40 2008 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.93.3] In-Reply-To: References: Message-ID: <48734ECC.6090502@ecs.soton.ac.uk> I have just uploaded a new ClamAV+SpamAssassin package incorporating 0.93.3. Lars Kristiansen wrote: > FYI > > -------- Opprinnelig melding -------- > Emne: [Clamav-announce] announcing ClamAV 0.93.3 > Dato: Mon, 7 Jul 2008 21:42:35 +0200 > Fra: Luca Gibelli > Svar-Til: noreply@clamav.net > Til: ClamAV Announce > Referanser: <20080707155612.GA28395@adsl.nervous.it> > > > Dear ClamAV users, > > This release fixes a problem in handling of .cld files introduced in > 0.93.2. > > -- > The ClamAV team (http://www.clamav.net/team) > > > Best regards Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamlists at coders.co.uk Tue Jul 8 13:14:55 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Tue Jul 8 13:15:55 2008 Subject: Run MScanner in a virtualized environment. In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us> References: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us> Message-ID: <48735A3F.7040308@coders.co.uk> Ghetti, Ron wrote: > Well I will say that it could be my impementation > Of clam, I've heard tell that it can be setup as a > Daemon and that will reduce overhead, however I've no idea how. > At the time we went with the defaults. > I think this brought the overhead up past the breaking point for us. > > Again, I would like to re-enable it if I could find > A good resource on how to set it up for my specifics. > Assuming that your are running a RedHat esque linux...... http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd From weinhold+mailscanner at rccsoftware.de Tue Jul 8 14:03:26 2008 From: weinhold+mailscanner at rccsoftware.de (Norbert Weinhold) Date: Tue Jul 8 14:03:50 2008 Subject: Problems using Archiv Mail Message-ID: <4873659E.3000803@rccsoftware.de> Hi, We are using the Archive Mail option with a rules file. The problem is that emails using CC recipients which are not in this rules file the email is not processed how we want. We want as soon as an archive rule matches the TO or CC the specified action is taken. Is this a bug? If not how can I make Mailscanner work like we want. norbert -- RCC Software GmbH HR: B-104357 Steuernummer: 37/167/21214 USt-ID: DE814784953 Geschaeftsfuehrer: Rene Otto, Mario Scheliga Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929 Schoenhauser Allee 51, 10437 Berlin From shuttlebox at gmail.com Tue Jul 8 14:17:48 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jul 8 14:17:59 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <48734DAE.4060209@ecs.soton.ac.uk> References: <48734DAE.4060209@ecs.soton.ac.uk> Message-ID: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field wrote: >> What would be perfect would be if I could do something like :- >> From: 127.0.0.1 AND root@myserver.mydomain.com no >> > > You just missed a "From" after the "AND". But otherwise you got it right. So "from AND from" is legal? I have never tried it, I have just used "from AND to". -- EB White - "Be obscure clearly." From martinh at solidstatelogic.com Tue Jul 8 14:20:28 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 14:20:41 2008 Subject: Problems using Archiv Mail In-Reply-To: <4873659E.3000803@rccsoftware.de> Message-ID: Norbert Only way you can do this is to split the email into individual recipients otherwise as you can see, mailscanner has no idea what rule to obey. There's ways to do this in the wiki for exim, sendmail and postfix. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Norbert Weinhold > Sent: 08 July 2008 14:03 > To: mailscanner@lists.mailscanner.info > Subject: Problems using Archiv Mail > > Hi, > > We are using the Archive Mail option with a rules file. The > problem is that emails using CC recipients which are not in > this rules file the email is not processed how we want. > > We want as soon as an archive rule matches the TO or CC the > specified action is taken. > > Is this a bug? If not how can I make Mailscanner work like we want. > > > norbert > > -- > RCC Software GmbH HR: B-104357 > Steuernummer: 37/167/21214 USt-ID: DE814784953 > Geschaeftsfuehrer: Rene Otto, Mario Scheliga > Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929 Schoenhauser > Allee 51, 10437 Berlin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From alex at rtpty.com Tue Jul 8 14:33:27 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 8 14:33:49 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> Message-ID: I believe you can go deeper than that, using from and from and from, for example. Sent from my iPhone On Jul 8, 2008, at 8:17 AM, shuttlebox wrote: > On Tue, Jul 8, 2008 at 1:21 PM, Julian Field > wrote: >>> What would be perfect would be if I could do something like :- >>> From: 127.0.0.1 AND root@myserver.mydomain.com no >>> >> >> You just missed a "From" after the "AND". But otherwise you got it >> right. > > So "from AND from" is legal? I have never tried it, I have just used > "from AND to". > > -- > EB White - "Be obscure clearly." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 8 14:37:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 14:37:46 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: <48734DAE.4060209@ecs.soton.ac.uk> Message-ID: <48736D7F.5060504@ecs.soton.ac.uk> shuttlebox wrote: > On Tue, Jul 8, 2008 at 1:21 PM, Julian Field > wrote: > >>> What would be perfect would be if I could do something like :- >>> From: 127.0.0.1 AND root@myserver.mydomain.com no >>> >>> >> You just missed a "From" after the "AND". But otherwise you got it right. >> > > So "from AND from" is legal? I have never tried it, I have just used > "from AND to". > Yes, from and from is quite legal, as they are testing for different things (the IP address and the sender's email address). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marco.mangione at gmail.com Tue Jul 8 14:53:26 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Tue Jul 8 14:53:35 2008 Subject: [M] how can i delete footer? Message-ID: Hello, how can i delete footer text: This message has been scanned for viruses and dangerous content by *MailScanner* , and is believed to be clean thanks Marco -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/1ed3073c/attachment.html From Ron.Ghetti at town.barnstable.ma.us Tue Jul 8 14:58:39 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Tue Jul 8 14:57:47 2008 Subject: Run MScanner in a virtualized environment. Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us> Thanks for that Matt, running postfix & MailScanner on ubuntu w/400+ users. I'm not even sure how I ended up with this version, I think it was based on an article I'd read somewhere... -Ron -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton Sent: Tuesday, July 08, 2008 8:15 AM To: MailScanner discussion Subject: Re: Run MScanner in a virtualized environment. Ghetti, Ron wrote: > Well I will say that it could be my impementation > Of clam, I've heard tell that it can be setup as a > Daemon and that will reduce overhead, however I've no idea how. > At the time we went with the defaults. > I think this brought the overhead up past the breaking point for us. > > Again, I would like to re-enable it if I could find > A good resource on how to set it up for my specifics. > Assuming that your are running a RedHat esque linux...... http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav :switch_to_rpm_clamd -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Tue Jul 8 15:01:33 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jul 8 15:01:46 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> Message-ID: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman wrote: > I believe you can go deeper than that, using from and from and from, for > example. No, "and" can only occur once per line according to the docs and it makes sense since a mail can only come from one server and from one address. What would the third "from" match? -- George Burns - "Don't stay in bed, unless you can make money in bed." From shuttlebox at gmail.com Tue Jul 8 15:05:37 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jul 8 15:05:46 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <48736D7F.5060504@ecs.soton.ac.uk> References: <48734DAE.4060209@ecs.soton.ac.uk> <48736D7F.5060504@ecs.soton.ac.uk> Message-ID: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com> On Tue, Jul 8, 2008 at 3:37 PM, Julian Field wrote: > shuttlebox wrote: >> >> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field >> wrote: >> >>>> >>>> What would be perfect would be if I could do something like :- >>>> From: 127.0.0.1 AND root@myserver.mydomain.com no >>>> >>>> >>> >>> You just missed a "From" after the "AND". But otherwise you got it right. >>> >> >> So "from AND from" is legal? I have never tried it, I have just used >> "from AND to". >> > > Yes, from and from is quite legal, as they are testing for different things > (the IP address and the sender's email address). Excellent! I have use for it where I had to exclude mail from an internal (Microsoft) server from all scanning since its MIME can't be unpacked. It felt risky to exclude an address from scanning since it can be faked so easily but now I can add the relay it should come from. :-) -- Paul Lynde - "I sang in the choir for years, even though my family belonged to another church." From jra at baylink.com Tue Jul 8 15:06:33 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jul 8 15:06:47 2008 Subject: Non-English testers? In-Reply-To: References: <20080707122658.GB19043@cgi.jachomes.com> Message-ID: <20080708140633.GB24418@cgi.jachomes.com> On Mon, Jul 07, 2008 at 10:44:29AM -0800, Kevin Miller wrote: > > easy to parse. Right? I mean, that's what Microsoft has been telling > > us... > > Yeah. And I have a nice bridge in Brooklyn that I'll sell you real > cheap! Worked for Lake Havasu City, AZ... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From alex at rtpty.com Tue Jul 8 15:06:46 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 8 15:07:18 2008 Subject: [M] how can i delete footer? In-Reply-To: References: Message-ID: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com> Don't add it! ;-) Look for "sign clean messages" in MailScanner.conf and take it from there... On Jul 8, 2008, at 8:53 AM, Marco mangione wrote: > Hello, > > how can i delete footer text: > > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean > > thanks > > Marco > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Tue Jul 8 15:10:47 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 15:11:00 2008 Subject: [M] how can i delete footer? In-Reply-To: Message-ID: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com> Marko This is the "Signature" so in MailScanner.conf Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Change those files or set the two setting to blank - eg Inline HTML Signature = Inline Text Signature = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marco mangione > Sent: 08 July 2008 14:53 > To: mailscanner@lists.mailscanner.info > Subject: [M] how can i delete footer? > > Hello, > > how can i delete footer text: > > This message has been scanned for viruses and dangerous > content by MailScanner , and > is believed to be clean > > thanks > > Marco > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ecasarero at gmail.com Tue Jul 8 15:10:40 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Jul 8 15:11:04 2008 Subject: About spam attack In-Reply-To: <1215506732.9713.6.camel@cX> References: <1215506732.9713.6.camel@cX> Message-ID: <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com> 2008/7/8 Craig Retief : > > On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote: > > Correct > > I suggest you pass you're outgoing via the mailscanner then the watermarking > will mark. > > I agree with Martin. > > I think this will be the best and easiest way to stop the back scatter > emails. Or you could use milter-null if youre using sendmail. Use less resources. > > Cheers > > Craig > > You can put a rule against the spam scanning etc to not scan email from the > mailserver, but at least you'll get the watermarks in there. > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From martinh at solidstatelogic.com Tue Jul 8 15:11:37 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 15:11:56 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com> Message-ID: <6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com> Paul Or use the ip-address for the From part. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of shuttlebox > Sent: 08 July 2008 15:06 > To: MailScanner discussion > Subject: Re: Feature request: logical AND in rulesets > > On Tue, Jul 8, 2008 at 3:37 PM, Julian Field > wrote: > > shuttlebox wrote: > >> > >> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field > >> wrote: > >> > >>>> > >>>> What would be perfect would be if I could do something like :- > >>>> From: 127.0.0.1 AND root@myserver.mydomain.com no > >>>> > >>>> > >>> > >>> You just missed a "From" after the "AND". But otherwise > you got it right. > >>> > >> > >> So "from AND from" is legal? I have never tried it, I > have just used > >> "from AND to". > >> > > > > Yes, from and from is quite legal, as they are testing for > different > > things (the IP address and the sender's email address). > > Excellent! I have use for it where I had to exclude mail from > an internal (Microsoft) server from all scanning since its > MIME can't be unpacked. It felt risky to exclude an address > from scanning since it can be faked so easily but now I can > add the relay it should come from. :-) > > -- > Paul Lynde - "I sang in the choir for years, even though my > family belonged to another church." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From spamlists at coders.co.uk Tue Jul 8 15:12:01 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Tue Jul 8 15:13:23 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> Message-ID: <487375B1.2060500@coders.co.uk> shuttlebox wrote: > On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman wrote: > >> I believe you can go deeper than that, using from and from and from, for >> example. >> > > No, "and" can only occur once per line according to the docs and it > makes sense since a mail can only come from one server and from one > address. What would the third "from" match? > > From and from and from makes no sense but From and from and to does matt From MailScanner at ecs.soton.ac.uk Tue Jul 8 15:12:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 15:13:25 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> Message-ID: <487375E6.9080008@ecs.soton.ac.uk> I don't :-) Alex Neuman wrote: > I believe you can go deeper than that, using from and from and from, > for example. > > Sent from my iPhone > > On Jul 8, 2008, at 8:17 AM, shuttlebox wrote: > >> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field >> wrote: >>>> What would be perfect would be if I could do something like :- >>>> From: 127.0.0.1 AND root@myserver.mydomain.com no >>>> >>> >>> You just missed a "From" after the "AND". But otherwise you got it >>> right. >> >> So "from AND from" is legal? I have never tried it, I have just used >> "from AND to". >> >> -- >> EB White - "Be obscure clearly." >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jul 8 15:13:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 15:14:04 2008 Subject: [M] how can i delete footer? In-Reply-To: References: Message-ID: <48737603.6010007@ecs.soton.ac.uk> Check out the "Sign Clean Messages" configuration setting in MailScanner.conf. Marco mangione wrote: > Hello, > > how can i delete footer text: > > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean > > thanks > > Marco Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marco.mangione at gmail.com Tue Jul 8 15:15:27 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Tue Jul 8 15:15:37 2008 Subject: [M] how can i delete footer? In-Reply-To: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com> References: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com> Message-ID: ehm yes :) but in standard configuration i have it.. probably i can disable in mailscanner.conf ? 2008/7/8 Alex Neuman : > Don't add it! ;-) > > Look for "sign clean messages" in MailScanner.conf and take it from > there... > > > On Jul 8, 2008, at 8:53 AM, Marco mangione wrote: > > Hello, >> >> how can i delete footer text: >> >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean >> >> thanks >> >> Marco >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/cdda49ef/attachment.html From gmatt at nerc.ac.uk Tue Jul 8 15:17:35 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Jul 8 15:17:59 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> Message-ID: <487376FF.4050107@nerc.ac.uk> sorry to revive such an old thread, but... David Lee wrote: > Scott Beck has released version 0.22 of Mail::ClamAV in the last few days. > > Could I suggest that some of us with test facilities and with a little > technical experience try the various combinations of the older and newer > versions of ClamAV and Mail::ClamAV and verify which combinations work and > fail? was this ever confirmed? I think Jules still uses clamavmodule so I'm guessing its probably ok, just not seen it confirmed on the list. thanks GREG > > 1. Old+old: We know that the combined earlier versions work. > > 2. New ClamAV + old Mail::ClamAV: It has been reported that the new > ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21). Could > someone provide details of what this breakage is? Is there a quick > recipe to reproduce the problem that ClamAV 0.93 had introduced? > > 3. New + new: Julian's Clam+SA package would ultimately be new+new. Can > we verify that this fixes any previously verified breakage? Also that > it does not seem to introduce any new problems. > > 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use > other sources (not Julian's package). Can we check what happens with > if someone were to upgrade their Mail::ClamAV module but leave the > main ClamAV software back on 0.92? (Probably not too important, but > it would be a nice data point to complete the set...) > > Given Julian's sadly enforced absence from work, I'm sure he would > appreciate it if we can do this tabulation for him. > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From alex at rtpty.com Tue Jul 8 15:19:35 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 8 15:19:49 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> Message-ID: Destination? Then it would be From and From and To, right? Just playing with the notion, that's all... On Jul 8, 2008, at 9:01 AM, shuttlebox wrote: > On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman wrote: >> I believe you can go deeper than that, using from and from and >> from, for >> example. > > No, "and" can only occur once per line according to the docs and it > makes sense since a mail can only come from one server and from one > address. What would the third "from" match? > > -- > George Burns - "Don't stay in bed, unless you can make money in bed." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From marco.mangione at gmail.com Tue Jul 8 15:21:29 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Tue Jul 8 15:21:38 2008 Subject: [M] how can i delete footer? In-Reply-To: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com> References: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com> Message-ID: i done that! but after mailscanner restart: root@filtro1:/# /etc/init.d/mailscanner restart * Restarting mail spam/virus scanner MailScanner Syntax error(s) in configuration file: at /usr/share/MailScanner//MailScanner/Config.pm line 1918 Unrecognised keyword "inlinehtmlsignature" at line 1163 at /usr/share/MailScanner//MailScanner/Config.pm line 1921 Unrecognised keyword "inlinetextsignature" at line 1164 at /usr/share/MailScanner//MailScanner/Config.pm line 1921 Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/share/MailScanner//MailScanner/Config.pm line 1926 [ OK ] 2008/7/8 Martin.Hepworth : > Marko > > This is the "Signature" so in MailScanner.conf > > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > > Change those files or set the two setting to blank - eg > > Inline HTML Signature = > Inline Text Signature = > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Marco mangione > > Sent: 08 July 2008 14:53 > > To: mailscanner@lists.mailscanner.info > > Subject: [M] how can i delete footer? > > > > Hello, > > > > how can i delete footer text: > > > > This message has been scanned for viruses and dangerous > > content by MailScanner , and > > is believed to be clean > > > > thanks > > > > Marco > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/1610f69d/attachment.html From weinhold+mailscanner at rccsoftware.de Tue Jul 8 15:21:56 2008 From: weinhold+mailscanner at rccsoftware.de (Norbert Weinhold) Date: Tue Jul 8 15:22:16 2008 Subject: Problems using Archiv Mail In-Reply-To: References: Message-ID: <48737804.3050003@rccsoftware.de> Martin.Hepworth schrieb: > Norbert > > Only way you can do this is to split the email into individual recipients otherwise as you can see, mailscanner has no idea what rule to obey. > > There's ways to do this in the wiki for exim, sendmail and postfix. Ok I found it. But I wondering if there is a simpler solution? Because if an email ist sent to several recipients of the same domain (we have domain-based rules) mailscanner will just do as designated. Norbert -- RCC Software GmbH HR: B-104357 Steuernummer: 37/167/21214 USt-ID: DE814784953 Geschaeftsfuehrer: Rene Otto, Mario Scheliga Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929 Schoenhauser Allee 51, 10437 Berlin From list-mailscanner at linguaphone.com Tue Jul 8 15:22:29 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jul 8 15:22:41 2008 Subject: About spam attack In-Reply-To: <7ADC5C5F17A64174941F6F76C0A84EC5@pc> References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> <20080707122437.GA19043@cgi.jachomes.com> <8F928109DCEB4E4984F8EF3B3CD84019@pc> <1215499738.9506.1.camel@cX> <7ADC5C5F17A64174941F6F76C0A84EC5@pc> Message-ID: <1215526949.28805.76.camel@gblades-suse.linguaphone-intranet.co.uk> You could always use the spamassassin VBounce ruleset:- http://wiki.apache.org/spamassassin/VBounceRuleset On Tue, 2008-07-08 at 08:10, Ismail OZATAY wrote: > ? > Hi Craig; > > I know Watermark but my mail server and mailscanner gateway are > running on different servers. My domain's mx records point mailscanner > gateway then it sends mails to mail server. mail server sends outgoing > mails itself. so mailscanner can not put watermark tag in outgoing > mails. so if i enable watermak for this topology it do not work , is > not it ? > > Thanks > ----- Original Message ----- > From: Craig Retief > To: MailScanner discussion > Sent: Tuesday, July 08, 2008 9:48 AM > Subject: Re: About spam attack > > On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: > > Hi there; > > > > I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my > > mailserver with lots of bad mails that include these subjects: > > > > Delivery failure. > > Undeliverable mail. > > failure notice. > > > > And also these e-mails have no sender. > > > > How can i block them ? > Take a look at Jule's watermark feature that is included in > the newest MailScanner for Download.... > > Cheers > > Craig > > Thanks > > > > > > ______________________________________________________________ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jra at baylink.com Tue Jul 8 15:24:57 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jul 8 15:25:06 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> Message-ID: <20080708142457.GC24418@cgi.jachomes.com> On Tue, Jul 08, 2008 at 03:17:48PM +0200, shuttlebox wrote: > > You just missed a "From" after the "AND". But otherwise you got it right. > > So "from AND from" is legal? I have never tried it, I have just used > "from AND to". It would seem to be contradictory, but if the "From" parser can independently recognize the different forms of address each time it's called, then yeah, I can see how it would work. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From sandrews at andrewscompanies.com Tue Jul 8 15:35:16 2008 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jul 8 15:35:29 2008 Subject: About spam attack In-Reply-To: <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com> References: <1215506732.9713.6.camel@cX> <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com> You would also need to have your outbound mail pass through the mailscanner box for milter-null, correct? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Tuesday, July 08, 2008 10:11 AM To: MailScanner discussion Subject: Re: About spam attack 2008/7/8 Craig Retief : > > On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote: > > Correct > > I suggest you pass you're outgoing via the mailscanner then the watermarking > will mark. > > I agree with Martin. > > I think this will be the best and easiest way to stop the back scatter > emails. Or you could use milter-null if youre using sendmail. Use less resources. > > Cheers > > Craig > > You can put a rule against the spam scanning etc to not scan email from the > mailserver, but at least you'll get the watermarks in there. > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From marco.mangione at gmail.com Tue Jul 8 15:41:03 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Tue Jul 8 15:41:12 2008 Subject: [M] how can i delete footer? In-Reply-To: <48737603.6010007@ecs.soton.ac.uk> References: <48737603.6010007@ecs.soton.ac.uk> Message-ID: ok i commented and now it is OK but.. commit ineffective with AutoCommit enabled at /etc/MailScanner/CustomFunctions/MailWatch.pm line 93 and if i try to receive email the signature are always here. 2008/7/8 Julian Field : > Check out the "Sign Clean Messages" configuration setting in > MailScanner.conf. > > Marco mangione wrote: > >> Hello, >> >> how can i delete footer text: >> >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean >> >> thanks >> >> Marco >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/9c83e86c/attachment.html From shuttlebox at gmail.com Tue Jul 8 15:43:50 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jul 8 15:44:00 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com> References: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com> <6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com> Message-ID: <625385e30807080743k6c00d230h674904addc7e4ab6@mail.gmail.com> On Tue, Jul 8, 2008 at 4:11 PM, Martin.Hepworth wrote: > Paul > > Or use the ip-address for the From part. Paul is the guy who was randomly quoted, my name is Peter. :-) Since all internal mail from a variety of poorly configured (Microsoft) systems pass through that relay I can't exclude based on ip-address. Now that I know that I can use "from and from" I'm good. -- Emo Philips - "I got some new underwear the other day. Well, new to me." From john at tradoc.fr Tue Jul 8 15:48:35 2008 From: john at tradoc.fr (John Wilcock) Date: Tue Jul 8 15:48:47 2008 Subject: ClamAV 0.93 released In-Reply-To: <487376FF.4050107@nerc.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <487376FF.4050107@nerc.ac.uk> Message-ID: <48737E43.9010307@tradoc.fr> Greg Matthews a ?crit : > sorry to revive such an old thread, but... > > David Lee wrote: >> Scott Beck has released version 0.22 of Mail::ClamAV in the last few >> days. >> >> Could I suggest that some of us with test facilities and with a little >> technical experience try the various combinations of the older and newer >> versions of ClamAV and Mail::ClamAV and verify which combinations work >> and >> fail? > > was this ever confirmed? I think Jules still uses clamavmodule so I'm > guessing its probably ok, just not seen it confirmed on the list. Mail::ClamAV 0.22 certainly works fine with ClamAV 0.93.x and current versions of MailScanner. I'm not sure if anyone ever confirmed whether it worked with 0.92, but then again I don't see why you would want to run it with an older version. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Tue Jul 8 16:01:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 16:01:48 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com> Message-ID: <4873812F.2010400@ecs.soton.ac.uk> Just in case you didn't see my earlier post, you can only have 2 conditions in a rule. Alex Neuman wrote: > Destination? Then it would be From and From and To, right? Just > playing with the notion, that's all... > > On Jul 8, 2008, at 9:01 AM, shuttlebox wrote: > >> On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman wrote: >>> I believe you can go deeper than that, using from and from and from, >>> for >>> example. >> >> No, "and" can only occur once per line according to the docs and it >> makes sense since a mail can only come from one server and from one >> address. What would the third "from" match? >> >> -- >> George Burns - "Don't stay in bed, unless you can make money in bed." >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jul 8 16:02:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 8 16:02:58 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: References: <48734DAE.4060209@ecs.soton.ac.uk> <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com> Message-ID: <4873817B.7040403@ecs.soton.ac.uk> Jay R. Ashworth wrote: > On Tue, Jul 08, 2008 at 03:17:48PM +0200, shuttlebox wrote: > >>> You just missed a "From" after the "AND". But otherwise you got it right. >>> >> So "from AND from" is legal? I have never tried it, I have just used >> "from AND to". >> > > It would seem to be contradictory, but if the "From" parser can > independently recognize the different forms of address each time it's > called, Which it can :-) > then yeah, I can see how it would work. > So it does :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Tue Jul 8 16:03:15 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 16:03:26 2008 Subject: [M] how can i delete footer? In-Reply-To: Message-ID: Marko Hmm interesting.. What version of MailScanner? Also what happens if you put the mailScanner.conf back as it was and then just have empty files for the signatures. This should work. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marco mangione > Sent: 08 July 2008 15:21 > To: MailScanner discussion > Subject: Re: [M] how can i delete footer? > > i done that! but after mailscanner restart: > > root@filtro1:/# /etc/init.d/mailscanner restart > * Restarting mail spam/virus scanner MailScanner > > > Syntax error(s) in configuration file: at > /usr/share/MailScanner//MailScanner/Config.pm line 1918 > Unrecognised keyword "inlinehtmlsignature" at line 1163 at > /usr/share/MailScanner//MailScanner/Config.pm line 1921 > Unrecognised keyword "inlinetextsignature" at line 1164 at > /usr/share/MailScanner//MailScanner/Config.pm line 1921 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. > at /usr/share/MailScanner//MailScanner/Config.pm line 1926 > > > > [ OK ] > > > > > > 2008/7/8 Martin.Hepworth : > > > Marko > > This is the "Signature" so in MailScanner.conf > > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > > Change those files or set the two setting to blank - eg > > Inline HTML Signature = > Inline Text Signature = > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Marco mangione > > Sent: 08 July 2008 14:53 > > To: mailscanner@lists.mailscanner.info > > Subject: [M] how can i delete footer? > > > > Hello, > > > > how can i delete footer text: > > > > This message has been scanned for viruses and dangerous > > > content by MailScanner , and > > > is believed to be clean > > > > thanks > > > > Marco > > > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the > addressee only and may be confidential. If they come to > you in error > you must take no action based on them, nor must you > copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are > entirely those of > the author and unless specifically stated to the > contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data > corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, > Oxford OX5 1RU, > United Kingdom > > ********************************************************************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jonas at vrt.dk Tue Jul 8 16:03:16 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Jul 8 16:03:30 2008 Subject: ClamAV 0.93 released In-Reply-To: <487376FF.4050107@nerc.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <487376FF.4050107@nerc.ac.uk> Message-ID: <00b401c8e10b$c02bb980$40832c80$@dk> I can confirm the module works with the 0.93.1 version of clam and newer Mailscanner's. Best regards Jonas -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Greg Matthews Sent: 8. juli 2008 16:18 To: MailScanner discussion Subject: Re: ClamAV 0.93 released sorry to revive such an old thread, but... David Lee wrote: > Scott Beck has released version 0.22 of Mail::ClamAV in the last few days. > > Could I suggest that some of us with test facilities and with a little > technical experience try the various combinations of the older and newer > versions of ClamAV and Mail::ClamAV and verify which combinations work and > fail? was this ever confirmed? I think Jules still uses clamavmodule so I'm guessing its probably ok, just not seen it confirmed on the list. thanks From martinh at solidstatelogic.com Tue Jul 8 16:03:58 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jul 8 16:04:09 2008 Subject: [M] how can i delete footer? In-Reply-To: Message-ID: <857630f34c051945a235e670ff7fa278@solidstatelogic.com> Marko Commenting out will just go defaults in another file.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marco mangione > Sent: 08 July 2008 15:41 > To: MailScanner discussion > Subject: Re: [M] how can i delete footer? > > ok i commented and now it is OK but.. > > commit ineffective with AutoCommit enabled at > /etc/MailScanner/CustomFunctions/MailWatch.pm line 93 > > and if i try to receive email the signature are always here. > > > > 2008/7/8 Julian Field : > > > Check out the "Sign Clean Messages" configuration > setting in MailScanner.conf. > > > Marco mangione wrote: > > > Hello, > > how can i delete footer text: > > This message has been scanned for viruses and > dangerous content by *MailScanner* > , and is > believed to be clean > > thanks > > Marco > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements > from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > believed to be clean. > > -- > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Carl.Andrews at crackerbarrel.com Tue Jul 8 16:16:48 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Tue Jul 8 16:17:04 2008 Subject: OT: Sendmail(?) Help Message-ID: I realize this is not MS related but if someone can help or point me in right direction .... THANKS I have a smtp proxy in the DMZ which passes email to my MS box (mdaemon2). USERNAME@DOMAIN.com is an external address sending to my domain. I have been trying to find what defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but without any luck. I found one result on experts exchange which oddly enough concluded that the message was not accepted because of a quota policy. Not a great deal of help there. I have checked my sendmail.cf(mc) and do not see where I have defined any quotas, but then I honestly do not know what option I am looking for either. Log extract: Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: to=, delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: to=, delay=00:08:52, xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Thanks! Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/64d88fc0/attachment.html From Denis.Beauchemin at USherbrooke.ca Tue Jul 8 16:38:55 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 8 16:39:34 2008 Subject: Mailscanner / postfix Timeout in the SMTP dialog In-Reply-To: References: Message-ID: <48738A0F.1040702@USherbrooke.ca> Fabien GARZIANO a ?crit : > Hi people ! > > I think this might not be the right place to ask for this, as it seems > more like a postfix issue. But that's driving me mad. > I got this mail relay : > Running on > Linux califw3.caliseo.fr 2.6.16-1.2108_FC4 #1 Thu May 4 23:52:01 EDT > 2006 i686 i686 i386 GNU/Linux > This is Fedora Core release 4 (Stentz) > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.53.8 > > And postfix 2.2.2 > > Some time ago, I found that some of the incoming SMTP connections were > interrupted with this kind of message : > postfix/smtpd[12529]: timeout after DATA from host.domain.ext[x.x.x.x] > > And this seems more and more frequent. Some googling drove me to some > MTU or network troubleshoot which didn't solve anything (I've tried to > lower MTU or even to raise it, the server is in a DMZ behind a FW and > next is the ISP router). > I've checked everything outside the mail server (Firewall, network) but > I came to the conclusion that the problem was coming for the server. > > Once again, I know this might not be the right place for what I guess is > a pure Postfix issue (as it happens during SMTP exchange), but if anyone > here have experienced the same behaviour, I would be happy to hear about > it. > > I also guess I'll have to update the whole server cause it's now quite > old (postfix, MailScanner, etc...). > > Thanks. > Fabien, I don't know it this applies to you but I had to apply the following patch to my kernel setup on RHEL 5 to stop that knid of problems: tail /etc/sysctl.conf # Fix for tcp window scaling issue related to broken Internet routers net.ipv4.tcp_wmem = 4096 16384 131072 net.ipv4.tcp_rmem = 4096 87380 174760 # From S. Freegard fsl.com # increase Linux autotuning TCP buffer limits # min, default, and max number of bytes to use #net.ipv4.tcp_rmem = 4096 87380 16777216 #net.ipv4.tcp_wmem = 4096 65536 16777216 I also included the values Steeve Freegard is using. You will have to restart your server after modifying your sysctl.conf file (or you could use the sysctl command to make the changes dynamically). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From alex at rtpty.com Tue Jul 8 16:16:34 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 8 16:48:14 2008 Subject: Problems using Archiv Mail In-Reply-To: <48737804.3050003@rccsoftware.de> References: <48737804.3050003@rccsoftware.de> Message-ID: <465B8F0F-757D-48ED-8B7F-90494326C064@rtpty.com> Not because of the logic involved. If you run it in your head you'll see how it's not possible to do it besides splitting every message into individual components within the MTA. If what you understood was that you need to split them "at the sender", then no, that's not it. The idea is that if you configure your MTA in a certain fashion, you can have it receive messages that are addressed to multiple people and "split them" into individual messages that look just like the original but are addressed individually instead of collectively. On Jul 8, 2008, at 9:21 AM, Norbert Weinhold wrote: > Ok I found it. But I wondering if there is a simpler solution? From simonmjones at gmail.com Tue Jul 8 17:27:35 2008 From: simonmjones at gmail.com (Simon Jones) Date: Tue Jul 8 17:27:46 2008 Subject: inconsistent performance In-Reply-To: References: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com> Message-ID: <70572c510807080927m16480382y4e5e5ebf4ab3a9c2@mail.gmail.com> Hello chaps, thanks to all who offered assistance. I noticed trouble with DNS lookups with spamassassin 3.2.3 as documented on ttp://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips so I upgraded to 3.2.5 which seems to have stopped the lag on the hold queue. SMJ 2008/7/8 Martin.Hepworth : > Simon > > Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all. > > You need to add lines like > > score __RCVD_IN_NJABL 0.0 > > To the above file to turn each one off individually for the ones you don't want > > Also in MailScanner.conf check which one's you're running there as well > > Spam List = > > And > > Spam Domain List = > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Simon Jones >> Sent: 08 July 2008 09:30 >> To: MailScanner discussion >> Subject: Re: inconsistent performance >> >> mate, where do i find what rbl's spamassassin is checking? I >> thought they were in spam.lists.conf only >> >> Simon >> >> 2008/7/8 Martin.Hepworth : >> > Simon >> > >> > Not only this but what are you running in MailScanner.conf >> and also spamassassin. >> > >> > If you haven't turned any RBL's off in SA you're more than >> like running them all which could well account for odd >> performance issues. >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> >> Simon Jones >> >> Sent: 07 July 2008 18:13 >> >> To: MailScanner discussion >> >> Subject: Re: inconsistent performance >> >> >> >> here's my spam.lists.conf >> >> >> >> # This file translates the names of the spam lists and >> spam domains >> >> lists # into the real DNS domains to search. >> >> >> >> # There is a far more comprehensive list of these at # >> >> http://www.declude.com/JunkMail/Support/ip4r.htm >> >> # and you can easily search them all at www.DNSstuff.com. >> >> >> >> # If you want to search other DNSBL's you will need to define them >> >> here first, # before referring to them by name in mailscanner.conf >> >> (or a rules file). >> >> >> >> spamhaus.org sbl.spamhaus.org. >> >> spamhaus-XBL xbl.spamhaus.org. >> >> spamhaus-PBL pbl.spamhaus.org. >> >> spamhaus-ZEN zen.spamhaus.org. >> >> SBL+XBL sbl-xbl.spamhaus.org. >> >> spamcop.net bl.spamcop.net. >> >> NJABL dnsbl.njabl.org. >> >> >> >> # ORDB has been shut down. >> >> # ORDB-RBL relays.ordb.org. >> >> >> >> #Infinite-Monkeys proxies.relays.monkeys.com. >> >> #osirusoft.com relays.osirusoft.com. >> >> # These two lists are now dead and must not be used. >> >> >> >> # MAPS now charge for their services, so you'll have to buy a >> >> contract before # attempting to use the next 3 lines. >> >> >> >> MAPS-RBL blackholes.mail-abuse.org. >> >> MAPS-DUL dialups.mail-abuse.org. >> >> MAPS-RSS relays.mail-abuse.org. >> >> >> >> # This next line works for JANET UK Academic sites only >> >> >> >> MAPS-RBL+ rbl-plus.mail-abuse.ja.net. >> >> >> >> # And build a similar list for the RBL domains that work >> on the name >> >> # of the domain rather than the IP address of the exact >> machine that >> >> # is listed. This way the RBL controllers can blacklist entire # >> >> domains very quickly and easily. >> >> # These aren't used by default, as they slow down >> MailScanner quite a >> >> bit. >> >> >> >> RFC-IGNORANT-DSN dsn.rfc-ignorant.org. >> >> RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. >> >> RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. >> >> RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. >> >> RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. >> >> RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. >> >> >> >> # Easynet are closing down, so don't use these any more >> >> Easynet-DNSBL blackholes.easynet.nl. >> >> Easynet-Proxies proxies.blackholes.easynet.nl. >> >> Easynet-Dynablock dynablock.easynet.nl. >> >> >> >> # This list is now dead and must not be used. >> >> #OSIRUSOFT-SPEWS spews.relays.osirusoft.com. >> >> >> >> # These folks are still going strong >> >> SORBS-DNSBL dnsbl.sorbs.net. >> >> SORBS-HTTP http.dnsbl.sorbs.net. >> >> SORBS-SOCKS socks.dnsbl.sorbs.net. >> >> SORBS-MISC misc.dnsbl.sorbs.net. >> >> SORBS-SMTP smtp.dnsbl.sorbs.net. >> >> SORBS-WEB web.dnsbl.sorbs.net. >> >> SORBS-SPAM spam.dnsbl.sorbs.net. >> >> SORBS-BLOCK block.dnsbl.sorbs.net. >> >> SORBS-ZOMBIE zombie.dnsbl.sorbs.net. >> >> SORBS-DUL dul.dnsbl.sorbs.net. >> >> SORBS-RHSBL rhsbl.sorbs.net. >> >> # These next 2 are "Spam Domain List" entries and not "Spam List"s >> >> SORBS-BADCONF badconf.rhsbl.sorbs.net. >> >> SORBS-NOMAIL nomail.rhsbl.sorbs.net. >> >> >> >> # Some other good lists >> >> >> >> CBL cbl.abuseat.org. >> >> DSBL list.dsbl.org. >> >> >> >> 2008/7/7 Martin.Hepworth : >> >> > Simon >> >> > >> >> > What RBL's you using? Could be one of them backing up - eg >> >> spamhaus tend to slow down their feed if you go over the >> 'free' limit. >> >> > >> >> > -- >> >> > Martin Hepworth >> >> > Snr Systems Administrator >> >> > Solid State Logic >> >> > Tel: +44 (0)1865 842300 >> >> > >> >> >> -----Original Message----- >> >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On >> Behalf Of >> >> >> Simon Jones >> >> >> Sent: 07 July 2008 17:46 >> >> >> To: MailScanner discussion >> >> >> Subject: Re: inconsistent performance >> >> >> >> >> >> Could be I guess, netstat just shows up the usual mass of smtp >> >> >> connections - it's just really odd why it's ok on the most >> >> part but >> >> >> as soon as somthing triggers a choke they all start >> >> backing the queue >> >> >> up with messages. >> >> >> >> >> >> I'll do some more checking around. >> >> >> >> >> >> thanks Richard >> >> >> >> >> >> SMJ >> >> >> >> >> >> 2008/7/7 Richard Frovarp : >> >> >> > Simon Jones wrote: >> >> >> >> >> >> >> >> hello chaps, >> >> >> >> >> >> >> >> anyone have an idea why i'm seeing inconsistent >> >> >> performance on all 3 >> >> >> >> of my gateway servers? Nothing shows up errors in the >> >> maillog and >> >> >> >> MailScanner --Lint checks out ok but from time to time the >> >> >> machines >> >> >> >> will choke and i'll stack 2k and rising messages up in the >> >> >> hold queue. >> >> >> >> >> >> >> >> one day they'll work fine and the hold queue will be >> >> >> normal, then all >> >> >> >> of a sudden they'll start backing up. >> >> >> >> >> >> >> >> I have postfix reading from mysql for the relay_domains / >> >> >> >> relay_recipients and transport maps as well as logging to >> >> >> a seperate >> >> >> >> db on the same seperate db server for mailwatch. >> >> >> >> >> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty >> >> >> beefy and >> >> >> >> doesn't seem to be maxed at all. >> >> >> >> >> >> >> >> the gateways run fairly heavy but are by no means topping >> >> >> out. I've >> >> >> >> tried dropping max children and the batch processing >> >> >> settings but to >> >> >> >> no avail. >> >> >> >> >> >> >> >> any ideas would be really appreciated. >> >> >> >> >> >> >> >> thanks >> >> >> >> >> >> >> >> SMJ >> >> >> >> >> >> >> > >> >> >> > What about mail volume? Is it consistent across the days in >> >> >> question? >> >> >> > Or, even if the numbers are the same, you might end up >> >> with bursty >> >> >> > traffic on the days you backup, causing everything to >> >> fall behind. >> >> >> > Botnets, mailing lists, all of that sort can drop >> >> traffic on you in >> >> >> > one heck of a hurry at times. >> >> >> > -- >> >> >> > MailScanner mailing list >> >> >> > mailscanner@lists.mailscanner.info >> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > >> >> >> > Before posting, read http://wiki.mailscanner.info/posting >> >> >> > >> >> >> > Support MailScanner development - buy the book off >> the website! >> >> >> > >> >> >> -- >> >> >> MailScanner mailing list >> >> >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > >> >> >> ********************************************************************* >> >> * >> >> > Confidentiality : This e-mail and any attachments are >> >> intended for the >> >> > addressee only and may be confidential. If they come to you >> >> in error >> >> > you must take no action based on them, nor must you copy or >> >> show them >> >> > to anyone. Please advise the sender by replying to this e-mail >> >> > immediately and then delete the original from your computer. >> >> > Opinion : Any opinions expressed in this e-mail are >> >> entirely those of >> >> > the author and unless specifically stated to the >> contrary, are not >> >> > necessarily those of the author's employer. >> >> > Security Warning : Internet e-mail is not necessarily a secure >> >> > communications medium and can be subject to data >> >> corruption. We advise >> >> > that you consider this fact when e-mailing us. >> >> > Viruses : We have taken steps to ensure that this e-mail and any >> >> > attachments are free from known viruses but in keeping with good >> >> > computing practice, you should ensure that they are virus free. >> >> > >> >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >> >> > company in England and Wales (Company >> >> > No:5362730) Registered Office: 25 Spring Hill Road, >> >> Begbroke, Oxford >> >> > OX5 1RU, United Kingdom >> >> > >> >> >> ********************************************************************* >> >> * >> >> > >> >> > -- >> >> > MailScanner mailing list >> >> > mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > >> >> > Before posting, read http://wiki.mailscanner.info/posting >> >> > >> >> > Support MailScanner development - buy the book off the website! >> >> > >> >> -- >> >> MailScanner mailing list >> >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> Support MailScanner development - buy the book off the website! >> >> >> > >> > >> > >> > >> > >> ********************************************************************** >> > Confidentiality : This e-mail and any attachments are >> intended for the >> > addressee only and may be confidential. If they come to you >> in error >> > you must take no action based on them, nor must you copy or >> show them >> > to anyone. Please advise the sender by replying to this e-mail >> > immediately and then delete the original from your computer. >> > Opinion : Any opinions expressed in this e-mail are >> entirely those of >> > the author and unless specifically stated to the contrary, are not >> > necessarily those of the author's employer. >> > Security Warning : Internet e-mail is not necessarily a secure >> > communications medium and can be subject to data >> corruption. We advise >> > that you consider this fact when e-mailing us. >> > Viruses : We have taken steps to ensure that this e-mail and any >> > attachments are free from known viruses but in keeping with good >> > computing practice, you should ensure that they are virus free. >> > >> > Red Lion 49 Ltd T/A Solid State Logic >> > Registered as a limited company in England and Wales (Company >> > No:5362730) Registered Office: 25 Spring Hill Road, >> Begbroke, Oxford >> > OX5 1RU, United Kingdom >> > >> ********************************************************************** >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From pal at mssl.ucl.ac.uk Tue Jul 8 17:39:25 2008 From: pal at mssl.ucl.ac.uk (Paul Lamb) Date: Tue Jul 8 17:39:36 2008 Subject: Mailscanner is not detecting eicar Message-ID: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk> MailScanner version 4.69.9 is not detecting the eicar test "virus". (This has not worked previously; I downloaded it a couple of weeks ago but have only just configured it.) Eicar is forwarded whether included in the message text mail pal < /etc/mail/EICAR-TEST-FILE or as at attachment echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal I have tested with eicar included in the parameter Non-Forging Viruses and with it not included. Please note that MailScanner does detect and quarantine the virus W32/MyDoom-O and Sophos sweep does detect eicar /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE [snip] >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE Any suggestions would be appreciated. Paul Lamb From peter at farrows.org Tue Jul 8 18:39:52 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jul 8 18:40:13 2008 Subject: OT: Sendmail(?) Help In-Reply-To: References: Message-ID: <4873A668.6020903@farrows.org> Andrews Carl 455 wrote: > I realize this is not MS related but if someone can help or point me > in right direction .... THANKS > > I have a smtp proxy in the DMZ which passes email to my MS box > (mdaemon2). USERNAME@DOMAIN.com is an > external address sending to my domain. I have been trying to find what > defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but > without any luck. I found one result on experts exchange which oddly > enough concluded that the message was not accepted because of a quota > policy. Not a great deal of help there. I have checked my > sendmail.cf(mc) and do not see where I have defined any quotas, but > then I honestly do not know what option I am looking for either. > > Log extract: > > Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: > to=>, delay=00:00:09, > xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: > to=>, delay=00:08:52, > xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > > Thanks! > Carl > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Whats in your sendmail mc file? P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/4a4781a7/attachment.html From peter at farrows.org Tue Jul 8 18:44:49 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jul 8 18:45:08 2008 Subject: OT: Sendmail(?) Help In-Reply-To: References: Message-ID: <4873A791.1080700@farrows.org> Andrews Carl 455 wrote: > I realize this is not MS related but if someone can help or point me > in right direction .... THANKS > > I have a smtp proxy in the DMZ which passes email to my MS box > (mdaemon2). USERNAME@DOMAIN.com is an > external address sending to my domain. I have been trying to find what > defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but > without any luck. I found one result on experts exchange which oddly > enough concluded that the message was not accepted because of a quota > policy. Not a great deal of help there. I have checked my > sendmail.cf(mc) and do not see where I have defined any quotas, but > then I honestly do not know what option I am looking for either. > > Log extract: > > Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: > to=>, delay=00:00:09, > xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: > to=>, delay=00:08:52, > xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > > Thanks! > Carl > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Also - what is your local mailer (delivery agent). P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/b12c245d/attachment.html From steve.freegard at fsl.com Tue Jul 8 18:50:59 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jul 8 18:51:14 2008 Subject: OT: Sendmail(?) Help In-Reply-To: References: Message-ID: <4873A903.7060609@fsl.com> Andrews Carl 455 wrote: > I realize this is not MS related but if someone can help or point me in > right direction .... THANKS > > I have a smtp proxy in the DMZ which passes email to my MS box > (mdaemon2). USERNAME@DOMAIN.com is an > external address sending to my domain. I have been trying to find what > defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but without > any luck. I found one result on experts exchange which oddly enough > concluded that the message was not accepted because of a quota policy. > Not a great deal of help there. I have checked my sendmail.cf(mc) and do > not see where I have defined any quotas, but then I honestly do not know > what option I am looking for either. > > Log extract: > > Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: > to=>, delay=00:00:09, > xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: > to=>, delay=00:08:52, > xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > Nothing wrong with your sendmail. The "Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded" tempfail is coming from 65.182.102.90 when Sendmail is attempting to deliver the message. Maybe you've messed up your mailertable - is DOMAIN.com mail (obfuscating the domain really doesn't help on a list like this) supposed to go to 65.182.102.90? Or should it have been delivered locally? Regards, Steve. From steve.freegard at fsl.com Tue Jul 8 18:59:28 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jul 8 18:59:56 2008 Subject: Mailscanner is not detecting eicar In-Reply-To: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk> References: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk> Message-ID: <4873AB00.4070709@fsl.com> Paul Lamb wrote: > MailScanner version 4.69.9 is not detecting the eicar test "virus". > > (This has not worked previously; I downloaded it a couple of weeks ago > but have only just configured it.) > > Eicar is forwarded whether included in the message text > > mail pal < /etc/mail/EICAR-TEST-FILE > > or as at attachment > > echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal > > I have tested with eicar included in the parameter Non-Forging Viruses > and with it not included. > > Please note that MailScanner does detect and quarantine the virus > W32/MyDoom-O and Sophos sweep does detect eicar > > /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE > [snip] > >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE > > Any suggestions would be appreciated. I'm not really sure when you say 'MailScanner' doesn't detect it; MailScanner is not a virus scanner itself - it runs external virus scanners and reports the results. The EICAR attachment you created will get detected as text/plain by the filetype checks (as it isn't an executable). If you name it .com/.exe etc. then the filename checks will trigger. MailScanner doesn't specifically look for the EICAR sting. So what you are seeing isn't a problem. Kind regards, Steve From pal at mssl.ucl.ac.uk Tue Jul 8 19:20:17 2008 From: pal at mssl.ucl.ac.uk (Paul Lamb) Date: Tue Jul 8 19:20:30 2008 Subject: Mailscanner is not detecting eicar (Paul Lamb) Message-ID: <200807081820.m68IKHRS790849@alpha2.mssl.ucl.ac.uk> From pal at mssl.ucl.ac.uk Tue Jul 8 19:20:37 2008 From: pal at mssl.ucl.ac.uk (Paul Lamb) Date: Tue Jul 8 19:20:47 2008 Subject: Mailscanner is not detecting eicar (Paul Lamb) Message-ID: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk> Steve Freegard wrote: >Paul Lamb wrote: >> MailScanner version 4.69.9 is not detecting the eicar test "virus". >> >> (This has not worked previously; I downloaded it a couple of weeks ago >> but have only just configured it.) >> >> Eicar is forwarded whether included in the message text >> >> mail pal < /etc/mail/EICAR-TEST-FILE >> >> or as at attachment >> >> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal >> >> I have tested with eicar included in the parameter Non-Forging Viruses >> and with it not included. >> >> Please note that MailScanner does detect and quarantine the virus >> W32/MyDoom-O and Sophos sweep does detect eicar >> >> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE >> [snip] >> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE >> >> Any suggestions would be appreciated. > >I'm not really sure when you say 'MailScanner' doesn't detect it; >MailScanner is not a virus scanner itself - it runs external virus >scanners and reports the results. > >The EICAR attachment you created will get detected as text/plain by the >filetype checks (as it isn't an executable). If you name it .com/.exe >etc. then the filename checks will trigger. MailScanner doesn't >specifically look for the EICAR sting. > >So what you are seeing isn't a problem. > >Kind regards, >Steve Steve, My first sentence was imprecise but I do have a problem. The system has the Sophos sweep AV software installed. Sweep _does_ detect EICAR. When MailScanner invokes sweep, sweep does _not_ detect EICAR or. if it does, this is not correctly handled by MailScanner. (However, MailScanner + sweep _does_ detect at least one real virus.) Regards, Paul From gregg at mochabomb.com Tue Jul 8 20:14:18 2008 From: gregg at mochabomb.com (Gregg Lain) Date: Tue Jul 8 20:16:38 2008 Subject: Run MScanner in a virtualized environment. In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us> References: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us> Message-ID: <4873BC8A.6050700@mochabomb.com> I have used it on various 200-1GB RAM all-in one CentOS Xen guests (Apache/MySQL/PHP/dns/email XEN VPS) on AMD 2.4GHz/software RAID for months - set the time for 60+sec, 1 child for the minimal configs, better for the higher configs - lag is at most around a minute. Obviously for the lower configs performance/speediness was not an issue. Running clam 0.92.. Gregg Ghetti, Ron wrote: > Thanks for that Matt, > > running postfix & MailScanner on ubuntu w/400+ users. > I'm not even sure how I ended up with this version, > I think it was based on an article I'd read somewhere... > > -Ron > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Hampton > Sent: Tuesday, July 08, 2008 8:15 AM > To: MailScanner discussion > Subject: Re: Run MScanner in a virtualized environment. > > > Ghetti, Ron wrote: >> Well I will say that it could be my impementation >> Of clam, I've heard tell that it can be setup as a >> Daemon and that will reduce overhead, however I've no idea how. >> At the time we went with the defaults. >> I think this brought the overhead up past the breaking point for us. >> >> Again, I would like to re-enable it if I could find >> A good resource on how to set it up for my specifics. >> > Assuming that your are running a RedHat esque linux...... > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav > :switch_to_rpm_clamd > > From Carl.Andrews at crackerbarrel.com Tue Jul 8 21:03:06 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Tue Jul 8 21:03:18 2008 Subject: OT: Sendmail(?) Help In-Reply-To: <4873A668.6020903@farrows.org> Message-ID: sendmail.mc (with comments removed - lines beginning with 'dnl' or '#') define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.13.5. 2006-08-14 08:49:38 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl include(`/etc/mail/tls/starttls.m4')dnl undefine(`confHOST_STATUS_DIRECTORY')dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=0.0.0.0')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, Addr=0.0.0.0')dnl define(`confPRIVACY_FLAGS',dnl `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobo dyreturn,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`greet_pause', `10000')dnl 10 seconds FEATURE(`delay_checks', `friend', `n')dnl define(`confBAD_RCPT_THROTTLE',`3')dnl FEATURE(`conncontrol', `nodelay', `terminate')dnl FEATURE(`ratecontrol', `nodelay', `terminate')dnl MAILER_DEFINITIONS MAILER(`local')dnl MAILER(`smtp')dnl ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: Tuesday, July 08, 2008 12:40 PM To: MailScanner discussion Subject: Re: OT: Sendmail(?) Help Andrews Carl 455 wrote: I realize this is not MS related but if someone can help or point me in right direction .... THANKS I have a smtp proxy in the DMZ which passes email to my MS box (mdaemon2). USERNAME@DOMAIN.com is an external address sending to my domain. I have been trying to find what defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but without any luck. I found one result on experts exchange which oddly enough concluded that the message was not accepted because of a quota policy. Not a great deal of help there. I have checked my sendmail.cf(mc) and do not see where I have defined any quotas, but then I honestly do not know what option I am looking for either. Log extract: Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: to=, delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: to=, delay=00:08:52, xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Thanks! Carl -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. Whats in your sendmail mc file? P. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. From Carl.Andrews at crackerbarrel.com Tue Jul 8 21:10:44 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Tue Jul 8 21:10:55 2008 Subject: OT: Sendmail(?) Help In-Reply-To: <4873A791.1080700@farrows.org> Message-ID: Ashamed to say, I do not know. sendmail.mc just lists "MILER(`local')dnl". procmail is installed but I have no idea ...? Nothing is delivered locally, this is just a gateway to the exchange server. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: Tuesday, July 08, 2008 12:45 PM To: MailScanner discussion Subject: Re: OT: Sendmail(?) Help Andrews Carl 455 wrote: I realize this is not MS related but if someone can help or point me in right direction .... THANKS I have a smtp proxy in the DMZ which passes email to my MS box (mdaemon2). USERNAME@DOMAIN.com is an external address sending to my domain. I have been trying to find what defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but without any luck. I found one result on experts exchange which oddly enough concluded that the message was not accepted because of a quota policy. Not a great deal of help there. I have checked my sendmail.cf(mc) and do not see where I have defined any quotas, but then I honestly do not know what option I am looking for either. Log extract: Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: to=, delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: to=, delay=00:08:52, xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 : Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded. Thanks! Carl -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. Also - what is your local mailer (delivery agent). P. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/5787555e/attachment.html From Carl.Andrews at crackerbarrel.com Tue Jul 8 21:21:32 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Tue Jul 8 21:21:51 2008 Subject: OT: Sendmail(?) Help In-Reply-To: <4873A903.7060609@fsl.com> Message-ID: USERNAME@DOMAIN.com is mrobbins@synergyconsultingteam.com and account and domain external to ours - crackerbarrel.com. As we have incoming email separated from outgoing email I assumed (yeah I know) that this was a very odd incoming message. I completely missed the to=... This message is MS reporting to mrobbins that an attachment in their message was not accepted. I thought this was my server reporting the "quota limit" but as you said it is not. I was not expecting an outgoing message on this server so I got confused. Thanks! Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Freegard Sent: Tuesday, July 08, 2008 12:51 PM To: MailScanner discussion Subject: Re: OT: Sendmail(?) Help Andrews Carl 455 wrote: > I realize this is not MS related but if someone can help or point me > in right direction .... THANKS > > I have a smtp proxy in the DMZ which passes email to my MS box > (mdaemon2). USERNAME@DOMAIN.com is an > external address sending to my domain. I have been trying to find what > defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but > without any luck. I found one result on experts exchange which oddly > enough concluded that the message was not accepted because of a quota policy. > Not a great deal of help there. I have checked my sendmail.cf(mc) and > do not see where I have defined any quotas, but then I honestly do not > know what option I am looking for either. > > Log extract: > > Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: > to=>, delay=00:00:09, > xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > > Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: > to=>, delay=00:08:52, > xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. > [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >: Recipient address rejected: Policy > Rejection- 274 -- Sender Quota Exceeded. > Nothing wrong with your sendmail. The "Recipient address rejected: Policy Rejection- 274 -- Sender Quota Exceeded" tempfail is coming from 65.182.102.90 when Sendmail is attempting to deliver the message. Maybe you've messed up your mailertable - is DOMAIN.com mail (obfuscating the domain really doesn't help on a list like this) supposed to go to 65.182.102.90? Or should it have been delivered locally? Regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From peter at farrows.org Tue Jul 8 21:23:13 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jul 8 21:23:34 2008 Subject: OT: Sendmail(?) Help In-Reply-To: References: Message-ID: <4873CCB1.4050403@farrows.org> Andrews Carl 455 wrote: > Ashamed to say, I do not know. sendmail.mc just lists > "MILER(`local')dnl". procmail is installed but I have no idea ...? > > Nothing is delivered locally, this is just a gateway to the exchange > server. > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Peter Farrow > *Sent:* Tuesday, July 08, 2008 12:45 PM > *To:* MailScanner discussion > *Subject:* Re: OT: Sendmail(?) Help > > > > Andrews Carl 455 wrote: >> I realize this is not MS related but if someone can help or point me >> in right direction .... THANKS >> >> I have a smtp proxy in the DMZ which passes email to my MS box >> (mdaemon2). USERNAME@DOMAIN.com is an >> external address sending to my domain. I have been trying to find >> what defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but >> without any luck. I found one result on experts exchange which oddly >> enough concluded that the message was not accepted because of a quota >> policy. Not a great deal of help there. I have checked my >> sendmail.cf(mc) and do not see where I have defined any quotas, but >> then I honestly do not know what option I am looking for either. >> >> Log extract: >> >> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: >> to=>, >> delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=120991, >> relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >> >: Recipient address >> rejected: Policy Rejection- 274 -- Sender Quota Exceeded. >> >> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: >> to=>, >> delay=00:08:52, xdelay=00:00:01, mailer=esmtp, pri=210991, >> relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 >> >: Recipient address >> rejected: Policy Rejection- 274 -- Sender Quota Exceeded. >> >> >> Thanks! >> Carl >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* system >> scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [-]. > Also - what is your local mailer (delivery agent). > > P. > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Ok, then its the downstream relay that is 450 deferring the message, the problem is probably on that server as I think has been mentioned. You should telnet to port 25 on the downstream machine from your mailscanner box, and type through the smtp process, to see exactly the returned error, as follows: telnet 65.182.102.90 25 (wait for greeting) helo (wait for response) mail from: (wait for response) rcpt to: (wait for response) data (enter data with a '.' on line by itself to end) Its unlikely that you will get all the way to the end, before the downstream box comes back with the rejection, this will prove its the downstream box, here is an example: [root@mail ~]# *telnet lionel.farrows.org 25* Trying 212.21.120.10... Connected to lionel.farrows.org (212.21.120.10). Escape character is '^]'. 220 lionel.farrows.org ESMTP Sendmail 8.13.1/8.13.1; Tue, 8 Jul 2008 21:19:30 +0100 *helo mail.skeltongroup.com* 250 lionel.farrows.org Hello mail.skeltongroup.com [212.46.155.18], pleased to meet you *mail from:administrator@skeltongroup.com* 250 2.1.0 administrator@skeltongroup.com... Sender ok *rcpt to:peter@farrows.org* 250 2.1.5 peter@farrows.org... Recipient ok *data* 354 Enter mail, end with "." on a line by itself *test .* 250 2.0.0 m68KJUCO027572 Message accepted for delivery The stuff I typed is in bold...I receive an email from administrator@skeltongroup.com with the word "test" in the body.... Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/7ebd42a1/attachment.html From ssilva at sgvwater.com Wed Jul 9 00:28:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 00:29:12 2008 Subject: [M] how can i delete footer? In-Reply-To: References: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com> Message-ID: on 7-8-2008 7:15 AM Marco mangione spake the following: > ehm yes :) but in standard configuration i have it.. probably i can > disable in mailscanner.conf ? > The "standard" configuration is just a set that should work out of the box for 99% of the people installing MailScanner. You are free to customize it as much as you want. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/72740551/signature.bin From ssilva at sgvwater.com Wed Jul 9 00:35:16 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 00:35:51 2008 Subject: [M] how can i delete footer? In-Reply-To: References: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com> Message-ID: on 7-8-2008 7:21 AM Marco mangione spake the following: > i done that! but after mailscanner restart: > > root@filtro1:/# /etc/init.d/mailscanner restart > * Restarting mail spam/virus scanner > MailScanner > Syntax error(s) in configuration file: at > /usr/share/MailScanner//MailScanner/Config.pm line 1918 > Unrecognised keyword "inlinehtmlsignature" at line 1163 at > /usr/share/MailScanner//MailScanner/Config.pm line 1921 > Unrecognised keyword "inlinetextsignature" at line 1164 at > /usr/share/MailScanner//MailScanner/Config.pm line 1921 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at > /usr/share/MailScanner//MailScanner/Config.pm line 1926 > > [ OK ] Did you have blank entries, or comment out the entries with a #? Inline HTML Signature = Inline Text Signature = is valid but #Inline HTML Signature = #Inline Text Signature = probably isn't -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/122341e2/signature.bin From ssilva at sgvwater.com Wed Jul 9 00:43:25 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 00:43:55 2008 Subject: Mailscanner is not detecting eicar (Paul Lamb) In-Reply-To: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk> References: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk> Message-ID: on 7-8-2008 11:20 AM Paul Lamb spake the following: > Steve Freegard wrote: > >> Paul Lamb wrote: >>> MailScanner version 4.69.9 is not detecting the eicar test "virus". >>> >>> (This has not worked previously; I downloaded it a couple of weeks ago >>> but have only just configured it.) >>> >>> Eicar is forwarded whether included in the message text >>> >>> mail pal < /etc/mail/EICAR-TEST-FILE >>> >>> or as at attachment >>> >>> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal >>> >>> I have tested with eicar included in the parameter Non-Forging Viruses >>> and with it not included. >>> >>> Please note that MailScanner does detect and quarantine the virus >>> W32/MyDoom-O and Sophos sweep does detect eicar >>> >>> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE >>> [snip] >>> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE >>> >>> Any suggestions would be appreciated. >> I'm not really sure when you say 'MailScanner' doesn't detect it; >> MailScanner is not a virus scanner itself - it runs external virus >> scanners and reports the results. >> >> The EICAR attachment you created will get detected as text/plain by the >> filetype checks (as it isn't an executable). If you name it .com/.exe >> etc. then the filename checks will trigger. MailScanner doesn't >> specifically look for the EICAR sting. >> >> So what you are seeing isn't a problem. >> >> Kind regards, >> Steve > > > Steve, > > My first sentence was imprecise but I do have a problem. > > The system has the Sophos sweep AV software installed. > > Sweep _does_ detect EICAR. > > When MailScanner invokes sweep, sweep does _not_ detect EICAR or. if it > does, this is not correctly handled by MailScanner. (However, > MailScanner + sweep _does_ detect at least one real virus.) > > Regards, > Paul I would install clamav as a backup until you get this sorted out. If it is not hitting on eicar, it might miss some other virus. While you are working on the problem, who knows what might get through. Just my 2c, which is more than clamav will cost you! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/3b4c0551/signature.bin From indunil75 at gmail.com Wed Jul 9 06:02:29 2008 From: indunil75 at gmail.com (Indunil Jayasooriya) Date: Wed Jul 9 06:02:54 2008 Subject: unwanted mails in the queue Message-ID: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> Dear ALL, I am running MailScanner with Postfix. I have a lot of mails in the queue. sender is mailer-daemon. Destination varies. How does it happen? has it become an openrelay? Could you pls let me know what causes such problems. How to slove this ? -- Thank you Indunil Jayasooriya From ram at netcore.co.in Wed Jul 9 07:33:28 2008 From: ram at netcore.co.in (ram) Date: Wed Jul 9 07:34:08 2008 Subject: unwanted mails in the queue In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> References: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> Message-ID: <1215585208.25204.33.camel@localhost.localdomain> On Wed, 2008-07-09 at 10:32 +0530, Indunil Jayasooriya wrote: > Dear ALL, > > I am running MailScanner with Postfix. I have a lot of mails in the > queue. sender is mailer-daemon. Destination varies. How does it > happen? > > has it become an openrelay? > > Could you pls let me know what causes such problems. If you are a mail admin , you should atleast be able to say if the mails in queue are legitimate Look up your mailserver ips on blacklists, Read the mails you suspect in queue ( postcat -q ) , Check for open relays. It may also be that someones mail account in your organization is compromised, just check. Thanks Ram From ms-list at alexb.ch Wed Jul 9 07:46:10 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jul 9 07:46:21 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning Message-ID: <48745EB2.8050404@alexb.ch> Multiple DNS implementations vulnerable to cache poisoning http://www.kb.cert.org/vuls/id/800113 Centos 4.x and 5.x provide udates yum update bind happy updating... Alex From gmatt at nerc.ac.uk Wed Jul 9 08:57:56 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jul 9 08:58:20 2008 Subject: About spam attack In-Reply-To: <1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com> References: <1215506732.9713.6.camel@cX> <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com> <1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com> Message-ID: <48746F84.1050509@nerc.ac.uk> Steven Andrews wrote: > You would also need to have your outbound mail pass through the > mailscanner box for milter-null, correct? not entirely - you need outbound mail to pass through an MTA with milter-null configured with the same secret. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Wed Jul 9 08:59:46 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jul 9 09:00:11 2008 Subject: ClamAV 0.93 released In-Reply-To: <00b401c8e10b$c02bb980$40832c80$@dk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <487376FF.4050107@nerc.ac.uk> <00b401c8e10b$c02bb980$40832c80$@dk> Message-ID: <48746FF2.8020909@nerc.ac.uk> Jonas Akrouh Larsen wrote: > I can confirm the module works with the 0.93.1 version of clam and newer > Mailscanner's. great - thanks guys. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Wed Jul 9 09:06:33 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jul 9 09:06:45 2008 Subject: unwanted mails in the queue In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> Message-ID: <48da73f322e7b040a85d0447190cf75e@solidstatelogic.com> Hi Check they aren't undeliverable 'bounces' from people / challenge response type stuff. Check you aren't accepting all incoming recipients reguardless of if they are valid or not. Look at the optimizsation tips section of the wiki. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Indunil Jayasooriya > Sent: 09 July 2008 06:02 > To: MailScanner discussion > Subject: unwanted mails in the queue > > Dear ALL, > > I am running MailScanner with Postfix. I have a lot of mails > in the queue. sender is mailer-daemon. Destination varies. > How does it happen? > > has it become an openrelay? > > Could you pls let me know what causes such problems. > > How to slove this ? > > > > > > > > > -- > Thank you > Indunil Jayasooriya > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Sylvain.Phaneuf at imsu.ox.ac.uk Wed Jul 9 10:03:48 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Wed Jul 9 10:04:05 2008 Subject: filename checks = wrong filename report In-Reply-To: <48709609.9050202@ecs.soton.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> Message-ID: <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> Hi all, I have been alerted by a user that we're blocking attachments that they feel should be allowed through. Basically we want to block attachments with multiple extensions, and this works as designed. However, sometimes the report generated by MailScanner appears to contain the wrong file name, which in this case clearly has a single, perfectly acceptable extension. Our maillog shows this: ---------------------------- Jul 4 09:25:56 mailscn1 MailScanner[30927]: Filename Checks: (m648PtwN031886 CNU0701SF00084(Sent200807041022)2.mail.pdf) Jul 4 09:25:56 mailscn1 MailScanner[30927]: Other Checks: Found 1 problems Jul 4 09:25:56 mailscn1 MailScanner[30927]: Virus Scanning completed at 237901 bytes per second Jul 4 09:25:56 mailscn1 MailScanner[30927]: Saved entire message to /var/spool/MailScanner/quarantine/20080704/m648PtwN031886 Jul 4 09:25:56 mailscn1 MailScanner[30927]: Saved infected "CNU0701SF00084.pdf" to /var/spool/MailScanner/quarantine/20080704/m648PtwN031886 Jul 4 09:25:56 mailscn1 MailScanner[30927]: Cleaned: Delivered 1 cleaned messages ---------------------------- which is exactly what we want. The mime message shows this: ---------------------------- Content-Type: application/pdf; name="CNU0701SF00084(Sent200807041022)2.mail.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="CNU0701SF00084(Sent200807041022)2.mail.pdf" ---------------------------- But the user gets this in the report that is produced: ---------------------------- Warning: This message has had one or more attachments removed: CNU0701SF00084.pdf The original e-mail attachment "CNU0701SF00084.pdf" is on the list of unacceptable attachments and has been replaced by this warning message by the IMSU MailScanner E-Mail Protection Service. On Fri Jul 4 09:25:55 2008 the virus scanner said: Found possible filename hiding (CNU0701SF00084.pdf) ---------------------------- So my question is why is there a discrepancy between the filename reported by MailScanner to the user and that in maillog? I looked at the MailScanner archives and something similar was reported last November, but the issue could not be reproduced apparently. ----- from Rose, Bobby date Sat, Nov 10, 2007 at 3:37 PM subject Mailscanner filename check and report ----- I could sent you the message if it can help diagnose the problem. The pdf contains personal information, so it is not appropriate to post it here... Regards, Sylvain Our system: MailScanner -v Running on Linux mailscn1 2.6.16.21-0.13-smp #1 SMP Mon Jul 17 17:22:44 UTC 2006 i686 i686 i386 GNU/Linux This is SUSE LINUX 10.1 (i586) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.70.6 Module versions are: ... removed ... I will add this if you think it can help - I hate long messages... (!!!) -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============================================ From james at gray.net.au Wed Jul 9 10:11:49 2008 From: james at gray.net.au (James Gray) Date: Wed Jul 9 10:12:02 2008 Subject: Feature request: logical AND in rulesets In-Reply-To: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: On 08/07/2008, at 6:26 PM, Gareth wrote: > My setup: > I have MailScanner running on a machine and fetchmail pulls mail down > from a pop3 server and delivers it to postfix and then MailScanner > picks > it up and processes it. > I have fetchmail deliver the mail to the servers real IP address and > not > the loopback address. > > So I can create a ruleset to bypass scannig for mail from 127.0.0.1 > and > this enables me to release mesages from quarantine and stops logwatch > reports from being detected as spam or viruses. The problem however is > that if people use webmail it bypasses all checks since webmail calls > sendmail directly and cannot be configured to send to the real IP > address. > > What would be perfect would be if I could do something like :- > From: 127.0.0.1 AND root@myserver.mydomain.com no Erm, it's already there....here's a snippet from my WORKING rules: From: 127.0.1.1 AND From: root@myserver.mydomain no HTH, James From shuttlebox at gmail.com Wed Jul 9 10:26:48 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jul 9 10:26:57 2008 Subject: filename checks = wrong filename report In-Reply-To: <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> On Wed, Jul 9, 2008 at 11:03 AM, Sylvain Phaneuf wrote: > But the user gets this in the report that is produced: > ---------------------------- > Warning: This message has had one or more attachments removed: CNU0701SF00084.pdf The filename in the report is the sanitized version. I've had the same problem explaining to users that the original filename was longer than 150 characters when the reported one is clearly shorter. I just added a few explaining words to the reports to solve the problem. -- Emo Philips - "I got some new underwear the other day. Well, new to me." From peter at farrows.org Wed Jul 9 10:31:22 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jul 9 10:31:46 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <48745EB2.8050404@alexb.ch> References: <48745EB2.8050404@alexb.ch> Message-ID: <4874856A.5000605@farrows.org> Alex Broens wrote: > Multiple DNS implementations vulnerable to cache poisoning > > http://www.kb.cert.org/vuls/id/800113 > > Centos 4.x and 5.x provide udates > > yum update bind > > happy updating... > > Alex > > > thanks Alex! Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From Sylvain.Phaneuf at imsu.ox.ac.uk Wed Jul 9 10:43:12 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Wed Jul 9 10:43:28 2008 Subject: filename checks = wrong filename report In-Reply-To: <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> Message-ID: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> >>> On 09/07/2008 at 10:26, shuttlebox wrote: > The filename in the report is the sanitized version. I've had the same > problem explaining to users that the original filename was longer than > 150 characters when the reported one is clearly shorter. I just added > a few explaining words to the reports to solve the problem. I would rather have a report that is not using a "sanitized version" if it were possible. I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. And in the case I am reporting, the filename is less than 150 characters long anyway... Sylvain From pedro.hoffmann at gmail.com Wed Jul 9 14:54:08 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Wed Jul 9 14:54:45 2008 Subject: Phishing Links In-Reply-To: References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> <20080707122437.GA19043@cgi.jachomes.com> Message-ID: <21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com> If it removes some important link I can't do nothing. My client should go after the link with the contact. I don't think is the best ideia to remove the links, but my client want. Is there a way to do that? (stupied people click on the links with the message or not, can 2008/7/7 Nick Phillips : > On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote: > >> >> Indeed; this is a topic the RISKS Digest covers fairly often: lots of >> legitimate organizations sub out their emailing, to companies that >> aren't smart enough to not make legit emails *look* like phishes. >> > > Or indeed who *are* smart enough to realise that we care about this more > than they do, which allows them to shit all over their own doorstep and have > us clean up the mess :-( > > In other words, block the buggers and they might think about stopping. > > > Cheers, > > > Nick > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/926df655/attachment.html From pedro.hoffmann at gmail.com Wed Jul 9 14:54:36 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Wed Jul 9 14:54:46 2008 Subject: Phishing Links In-Reply-To: <21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com> References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com> <20080707122437.GA19043@cgi.jachomes.com> <21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com> Message-ID: <21be6cae0807090654u64412345s89c3061ada8b3a59@mail.gmail.com> If it removes some important link I can't do nothing. My client should go after the link with the contact. I don't think is the best ideia to remove the links, but my client want. Is there a way to do that? (stupied people click on the links with the message or not, cant do much about it, just remove the links) > 2008/7/7 Nick Phillips : > > On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote: >> >>> >>> Indeed; this is a topic the RISKS Digest covers fairly often: lots of >>> legitimate organizations sub out their emailing, to companies that >>> aren't smart enough to not make legit emails *look* like phishes. >>> >> >> Or indeed who *are* smart enough to realise that we care about this more >> than they do, which allows them to shit all over their own doorstep and have >> us clean up the mess :-( >> >> In other words, block the buggers and they might think about stopping. >> >> >> Cheers, >> >> >> Nick >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/fc2736a7/attachment.html From gordon at itnt.co.za Wed Jul 9 15:42:33 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Wed Jul 9 15:43:09 2008 Subject: Sendmail/mailscanner intermittent problem with sendmail acceptingmessages but not being handed to mailscanner References: Message-ID: Hi, Is anyone experiencing problems where mail is just disappearing. We get the initial mail coming in but then it seems to just disappear... Jul 9 16:00:30 mx01 sendmail[25610]: m69DxOSG025610: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=host134-57-static.82-213-b.business.telecomitalia.it [213.82.57.134]No more records.... ----- Original Message ----- From: "Gordon Colyn" To: "MailScanner discussion" Sent: Friday, June 20, 2008 3:16 PM Subject: Sendmail/mailscanner intermittent problem with sendmail acceptingmessages but not being handed to mailscanner ITNT BannerI have a problem where I am getting mail delivered to our servers (problem is on all 4) and showing up in the log but not being handled by Mailscanner. I only see one line in the log confirming that the mail was accepted by sendmail, but then nothing after that; Anyone have any ideas? Example; sendmail[8388]: m5K9VKpL008388: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114] and sendmail[7246]: m5K9S7tF007246: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114] I should see this; sentinal sendmail[21377]: m5KDF2r7021377: from=, size=2534, class=0, nrcpts=1, msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA, relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged) sendmail[21377]: m5KDF2r7021377: to=, delay=00:00:01, mailer=esmtp, pri=32534, stat=queued MailScanner[13169]: Logging message m5KDF2r7021377 to SQL MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL I have this issue on a number of emails from different senders, this is just 2 of many examples. I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd 0.93 Regards Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn Confidentiality: This e-mail including any attachments is intended for the above named addressee(s) only and contains confidential information. If you have received this email in error you must take no action based on its contents, nor must you reproduce or show the e-mail or any attachments or any part thereof or communicate the contents to anyone; please reply to the sender of this e-mail informing them of the error. Viruses: We recommend that in keeping with good computing practice the recipient should ensure that e-mails received are virus free before opening. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From fabien.garziano at caliseo.com Wed Jul 9 16:10:30 2008 From: fabien.garziano at caliseo.com (Fabien GARZIANO) Date: Wed Jul 9 16:10:57 2008 Subject: Mailscanner / postfix Timeout in the SMTP dialog Message-ID: Thanks for your answer Denis. I'll apply this patch ASAP and send feedback in this list if it's not misplaced. > Fabien, > > I don't know it this applies to you but I had to apply the > following patch to my kernel setup on RHEL 5 to stop that > knid of problems: > tail /etc/sysctl.conf > # Fix for tcp window scaling issue related to broken Internet > routers net.ipv4.tcp_wmem = 4096 16384 131072 > net.ipv4.tcp_rmem = 4096 87380 174760 > > # From S. Freegard fsl.com > # increase Linux autotuning TCP buffer limits # min, default, > and max number of bytes to use #net.ipv4.tcp_rmem = 4096 > 87380 16777216 #net.ipv4.tcp_wmem = 4096 65536 16777216 > > I also included the values Steeve Freegard is using. You > will have to restart your server after modifying your > sysctl.conf file (or you could use the sysctl command to make > the changes dynamically). > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ka at pacific.net Wed Jul 9 16:21:04 2008 From: ka at pacific.net (Ken A) Date: Wed Jul 9 16:21:07 2008 Subject: Sendmail/mailscanner intermittent problem with sendmail acceptingmessages but not being handed to mailscanner In-Reply-To: References: Message-ID: <4874D760.8080202@pacific.net> Gordon Colyn wrote: > Hi, > > Is anyone experiencing problems where mail is just disappearing. We get the > initial mail coming in but then it seems to just disappear... > Jul 9 16:00:30 mx01 sendmail[25610]: m69DxOSG025610: > from=, size=0, class=0, nrcpts=1, proto=ESMTP, > daemon=MTA, relay=host134-57-static.82-213-b.business.telecomitalia.it > [213.82.57.134]No more records.... I assume you added that "No more records...." to the end. That log entry (minus the "No more records....") just means that 213.82.57.134 connected, then quit. You can duplicate this on the server with this: telnet localhost 25 helo localhost mail from: rcpt to: quit You can turn up the logging in sendmail if you want more info, or use tcpdump to see this happening. Ken > > ----- Original Message ----- > From: "Gordon Colyn" > To: "MailScanner discussion" > Sent: Friday, June 20, 2008 3:16 PM > Subject: Sendmail/mailscanner intermittent problem with sendmail > acceptingmessages but not being handed to mailscanner > > > ITNT BannerI have a problem where I am getting mail delivered to our servers > (problem is on all 4) and showing up in the log but not being handled by > Mailscanner. I only see one line in the log confirming that the mail was > accepted by sendmail, but then nothing after that; > > Anyone have any ideas? > > Example; > sendmail[8388]: m5K9VKpL008388: from=, size=0, class=0, > nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114] > and > sendmail[7246]: m5K9S7tF007246: from=, size=0, class=0, > nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114] > > I should see this; > sentinal sendmail[21377]: m5KDF2r7021377: from=, > size=2534, class=0, nrcpts=1, > msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA, > relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged) > sendmail[21377]: m5KDF2r7021377: to=, delay=00:00:01, > mailer=esmtp, pri=32534, stat=queued > MailScanner[13169]: Logging message m5KDF2r7021377 to SQL > MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL > > I have this issue on a number of emails from different senders, this is just > 2 of many examples. > > I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd > 0.93 > > > Regards > Gordon Colyn > Office : 086 123 ITNT (4868) > Cell : 083 296 7534 > Fax : 086 520 0885 > InTheNet Technologies > www.itnt.co.za > MSN:gordoncolyn@hotmail.com > SKYPE:gordoncolyn > > Confidentiality: This e-mail including any attachments is intended for the > above named addressee(s) only and contains confidential information. If you > have received this email in error you must take no action based on its > contents, nor must you reproduce or show the e-mail or any attachments or > any part thereof or communicate the contents to anyone; please reply to the > sender of this e-mail informing them of the error. > > Viruses: We recommend that in keeping with good computing practice the > recipient should ensure that e-mails received are virus free before opening. > -- Ken Anderson Pacific.Net From paul.hutchings at mira.co.uk Wed Jul 9 20:46:47 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed Jul 9 20:46:58 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? Message-ID: As subject, there's a major bunch of updates been released for CentOS 5 recently. I know nothing is concrete, but has anyone here taken the plunge and do you know if there there any known/major issues between these, and MailScanner 4.70? Thanks in advance. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From dnsadmin at 1bigthink.com Wed Jul 9 21:43:36 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Jul 9 21:43:59 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? In-Reply-To: References: Message-ID: <200807092043.m69KhiL4016816@mxt.1bigthink.com> At 03:46 PM 7/9/2008, you wrote: >As subject, there's a major bunch of updates been released for CentOS 5 >recently. > >I know nothing is concrete, but has anyone here taken the plunge and do >you know if there there any known/major issues between these, and >MailScanner 4.70? > >Thanks in advance. Been lurking on both list groups.. waiting for the dust to settle, still. Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Jul 9 22:08:36 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jul 9 22:08:51 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? In-Reply-To: References: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Paul Hutchings > Sent: Wednesday, July 09, 2008 3:47 PM > To: MailScanner discussion > Subject: MailScanner 4.70 and latest raft of CentOS5 updates? > > As subject, there's a major bunch of updates been released > for CentOS 5 > recently. > > I know nothing is concrete, but has anyone here taken the > plunge and do > you know if there there any known/major issues between these, and > MailScanner 4.70? > > Thanks in advance. > > I have not as of yet let yum do the updates as it updates from 5.1 to 5.2. I would look at the recent thread regarding 5.2, perl and MailScanner Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bbecken at aafp.org Wed Jul 9 22:24:39 2008 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Jul 9 22:25:07 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? In-Reply-To: References: Message-ID: <4874E642.D87E.0068.3@aafp.org> I'm running CentOS release 5.2 (Final), but I have *not* upgraded mysql or the perl packages as shown below. This box is a basic MailScanner server without the GUI. # uname -a Linux xxx.aafp.org 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 13:49:24 EDT 2008 i686 i686 i386 GNU/Linux Everything is running fine for the last couple of days. Here's the output of my system after I removed ALL the excludes from the yum.conf file. # yum update Loading "fastestmirror" plugin Loading mirror speeds from cached hostfile * rpmforge: mirror.cpsc.ucalgary.ca * base: mirrors.liquidweb.com * updates: mirrors.liquidweb.com * addons: dist1.800hosting.com * extras: dist1.800hosting.com rpmforge 100% |=========================| 1.1 kB 00:04 base 100% |=========================| 1.1 kB 00:00 updates 100% |=========================| 951 B 00:00 addons 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package perl-DBI.i386 0:1.605-1.el5.rf set to be updated ---> Package perl-IO.i386 0:1.2301-1.el5.rf set to be updated ---> Package perl-OLE-Storage_Lite.noarch 0:0.17-1.el5.rf set to be updated ---> Package mysql-server.i386 0:5.0.45-7.el5 set to be updated ---> Package perl-IO-Compress-Zlib.noarch 0:2.011-1.el5.rf set to be updated ---> Package perl-bignum.noarch 0:0.23-1.el5.rf set to be updated ---> Package perl-File-Temp.noarch 0:0.20-1.el5.rf set to be updated ---> Package mysql.i386 0:5.0.45-7.el5 set to be updated ---> Package perl-Compress-Zlib.noarch 0:2.011-1.el5.rf set to be updated ---> Package perl-Math-BigInt.noarch 0:1.89-1.el5.rf set to be updated ---> Package perl-IO-Compress-Base.noarch 0:2.011-1.el5.rf set to be updated ---> Package perl-Compress-Raw-Zlib.i386 0:2.011-1.el5.rf set to be updated ---> Package perl-Math-BigRat.noarch 0:0.22-1.el5.rf set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: mysql i386 5.0.45-7.el5 base 4.1 M mysql-server i386 5.0.45-7.el5 base 9.7 M perl-Compress-Raw-Zlib i386 2.011-1.el5.rf rpmforge 163 k perl-Compress-Zlib noarch 2.011-1.el5.rf rpmforge 34 k perl-DBI i386 1.605-1.el5.rf rpmforge 864 k perl-File-Temp noarch 0.20-1.el5.rf rpmforge 46 k perl-IO i386 1.2301-1.el5.rf rpmforge 99 k perl-IO-Compress-Base noarch 2.011-1.el5.rf rpmforge 56 k perl-IO-Compress-Zlib noarch 2.011-1.el5.rf rpmforge 142 k perl-Math-BigInt noarch 1.89-1.el5.rf rpmforge 174 k perl-Math-BigRat noarch 0.22-1.el5.rf rpmforge 30 k perl-OLE-Storage_Lite noarch 0.17-1.el5.rf rpmforge 21 k perl-bignum noarch 0.23-1.el5.rf rpmforge 40 k Transaction Summary ============================================================================= Install 0 Package(s) Update 13 Package(s) Remove 0 Package(s) Total download size: 15 M Is this ok [y/N]: n >>> "Paul Hutchings" 7/9/2008 2:46 PM >>> As subject, there's a major bunch of updates been released for CentOS 5 recently. I know nothing is concrete, but has anyone here taken the plunge and do you know if there there any known/major issues between these, and MailScanner 4.70? Thanks in advance. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Wed Jul 9 22:39:05 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jul 9 22:39:50 2008 Subject: filename checks = wrong filename report In-Reply-To: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <48752FF9.2010700@evi-inc.com> Sylvain Phaneuf wrote: >>>> On 09/07/2008 at 10:26, shuttlebox wrote: >> The filename in the report is the sanitized version. I've had the same >> problem explaining to users that the original filename was longer than >> 150 characters when the reported one is clearly shorter. I just added >> a few explaining words to the reports to solve the problem. > > I would rather have a report that is not using a "sanitized version" if it were possible. > > I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. > > And in the case I am reporting, the filename is less than 150 characters long anyway... I don't think that's possible at present. You could edit the report template to indicate that the filename is sanitized and may have some characters stripped out, but I don't see a way to get the un-sanitized name into the report. From ssilva at sgvwater.com Wed Jul 9 23:02:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 23:03:06 2008 Subject: filename checks = wrong filename report In-Reply-To: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following: >>>> On 09/07/2008 at 10:26, shuttlebox wrote: >> The filename in the report is the sanitized version. I've had the same >> problem explaining to users that the original filename was longer than >> 150 characters when the reported one is clearly shorter. I just added >> a few explaining words to the reports to solve the problem. > > I would rather have a report that is not using a "sanitized version" if it were possible. > > I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. > > And in the case I am reporting, the filename is less than 150 characters long anyway... > > Sylvain > But if the un-sanitized name has some buffer overflow or other attack in it, you have a possible problem for the user. That is one reason why filenames are sanitized. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/a10bdda8/signature.bin From ssilva at sgvwater.com Wed Jul 9 23:04:54 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 23:10:16 2008 Subject: unwanted mails in the queue In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> References: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com> Message-ID: on 7-8-2008 10:02 PM Indunil Jayasooriya spake the following: > Dear ALL, > > I am running MailScanner with Postfix. I have a lot of mails in the > queue. sender is mailer-daemon. Destination varies. How does it > happen? > > has it become an openrelay? > > Could you pls let me know what causes such problems. > > How to slove this ? > Learn how to tell what is legitimate for YOUR system. What we might find objectionable or bad, might be very important to your organization. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/ebaba698/signature.bin From mkettler at evi-inc.com Wed Jul 9 23:19:56 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jul 9 23:20:16 2008 Subject: filename checks = wrong filename report In-Reply-To: References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <4875398C.5010207@evi-inc.com> Scott Silva wrote: > on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following: >>>>> On 09/07/2008 at 10:26, shuttlebox wrote: >>> The filename in the report is the sanitized version. I've had the same >>> problem explaining to users that the original filename was longer than >>> 150 characters when the reported one is clearly shorter. I just added >>> a few explaining words to the reports to solve the problem. >> >> I would rather have a report that is not using a "sanitized version" >> if it were possible. >> I would prefer not saying to the user: trust us, we know this >> attachment is not good for you, even if the filename appears OK. >> And in the case I am reporting, the filename is less than 150 >> characters long anyway... >> >> Sylvain >> > But if the un-sanitized name has some buffer overflow or other attack in > it, you have a possible problem for the user. That is one reason why > filenames are sanitized. And this would be feasible in the body text of a text/plain message section? (which is ultimately what the report is) At that point they could just send the exploit in a message body and not bother with a file in the first place. ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe See, nothing happened, did it? Even if it was thousands of characters long, it would be no different, because it's in the body text. From ssilva at sgvwater.com Wed Jul 9 23:43:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 9 23:43:48 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? In-Reply-To: References: Message-ID: on 7-9-2008 12:46 PM Paul Hutchings spake the following: > As subject, there's a major bunch of updates been released for CentOS 5 > recently. > > I know nothing is concrete, but has anyone here taken the plunge and do > you know if there there any known/major issues between these, and > MailScanner 4.70? > > Thanks in advance. > > I have one system that seems to be fine. MailScanner running great. All other mailscanner servers I have are on 4.6. You have to jump through some hoops to get everything installed though. Search the list for answers. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/ea599509/signature.bin From ka at pacific.net Wed Jul 9 23:50:11 2008 From: ka at pacific.net (Ken A) Date: Wed Jul 9 23:50:14 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <4874856A.5000605@farrows.org> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> Message-ID: <487540A3.7050701@pacific.net> This nice little tool was posted to the dns operations list. Cut and paste this into your linux or BSD (Mac) to check your configured DNS resolver for cache poisoning vulnerability. dig +short porttest.dns-oarc.net TXT In windows you can use nslookup > nslookup > set type=txt > porttest.dns-oarc.net Might be good to know how spoofable the DNS you are using is! Ken Peter Farrow wrote: > > > > Alex Broens wrote: >> Multiple DNS implementations vulnerable to cache poisoning >> >> http://www.kb.cert.org/vuls/id/800113 >> >> Centos 4.x and 5.x provide udates >> >> yum update bind >> >> happy updating... >> >> Alex >> >> >> > thanks Alex! > > Pete > -- Ken Anderson Pacific.Net From ssilva at sgvwater.com Thu Jul 10 00:00:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 10 00:01:22 2008 Subject: filename checks = wrong filename report In-Reply-To: <4875398C.5010207@evi-inc.com> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com> Message-ID: on 7-9-2008 3:19 PM Matt Kettler spake the following: > Scott Silva wrote: >> on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following: >>>>>> On 09/07/2008 at 10:26, shuttlebox wrote: >>>> The filename in the report is the sanitized version. I've had the same >>>> problem explaining to users that the original filename was longer than >>>> 150 characters when the reported one is clearly shorter. I just added >>>> a few explaining words to the reports to solve the problem. >>> >>> I would rather have a report that is not using a "sanitized version" >>> if it were possible. >>> I would prefer not saying to the user: trust us, we know this >>> attachment is not good for you, even if the filename appears OK. >>> And in the case I am reporting, the filename is less than 150 >>> characters long anyway... >>> >>> Sylvain >>> >> But if the un-sanitized name has some buffer overflow or other attack >> in it, you have a possible problem for the user. That is one reason >> why filenames are sanitized. > > And this would be feasible in the body text of a text/plain message > section? (which is ultimately what the report is) > > At that point they could just send the exploit in a message body and not > bother with a file in the first place. > > ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe > > > > See, nothing happened, did it? Even if it was thousands of characters > long, it would be no different, because it's in the body text. How about when that longscaryfilename..... gets sent to syslog. That is another reason to sanitize the names. Julian didn't set it that way to be easier, or to mess with users. He has listed all the reasons in the past, I just can't remember them all. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/72e10116/signature.bin From shuttlebox at gmail.com Thu Jul 10 00:47:40 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 10 00:48:02 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <487540A3.7050701@pacific.net> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> Message-ID: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: > This nice little tool was posted to the dns operations list. > Cut and paste this into your linux or BSD (Mac) to check your configured DNS > resolver for cache poisoning vulnerability. > > dig +short porttest.dns-oarc.net TXT What's a good result supposed to look like? I understand that this is not good since it's classified as poor and comes from only one source port: "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00" But why is this also classified as poor when all 44 queries come from new ports? "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43" By the way, I don't know if server e.f.g.h is updated or not, I'm just curious about the result. -- Emo Philips - "I got some new underwear the other day. Well, new to me." From ka at pacific.net Thu Jul 10 02:54:53 2008 From: ka at pacific.net (Ken A) Date: Thu Jul 10 02:54:59 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> Message-ID: <48756BED.30608@pacific.net> shuttlebox wrote: > On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: >> This nice little tool was posted to the dns operations list. >> Cut and paste this into your linux or BSD (Mac) to check your configured DNS >> resolver for cache poisoning vulnerability. >> >> dig +short porttest.dns-oarc.net TXT > > What's a good result supposed to look like? > # dig +short porttest.dns-oarc.net TXT z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. "208.106.118.3 is GOOD: 26 queries in 0.2 seconds from 26 ports with std dev 17159.50" > I understand that this is not good since it's classified as poor and > comes from only one source port: > > "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00" > > But why is this also classified as poor when all 44 queries come from new ports? > They are probably not random enough. You can look at them with netstat or lsof -i Ken > "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43" > > By the way, I don't know if server e.f.g.h is updated or not, I'm just > curious about the result. > -- Ken Anderson Pacific.Net From rcooper at dwford.com Thu Jul 10 04:36:50 2008 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jul 10 04:37:07 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of shuttlebox > Sent: Wednesday, July 09, 2008 7:48 PM > To: MailScanner discussion > Subject: Re: Watch it: Multiple DNS implementations > vulnerable to cachepoisoning > > On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: > > This nice little tool was posted to the dns operations list. > > Cut and paste this into your linux or BSD (Mac) to check > your configured DNS > > resolver for cache poisoning vulnerability. > > > > dig +short porttest.dns-oarc.net TXT > > What's a good result supposed to look like? > > I understand that this is not good since it's classified as poor and > comes from only one source port: > > "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports > with std dev 0.00" > > But why is this also classified as poor when all 44 queries > come from new ports? > > "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports > with std dev 165.43" > > By the way, I don't know if server e.f.g.h is updated or > not, I'm just > curious about the result. > Look at the standard deviation on yours above then look at this one is GOOD: 26 queries in 1.6 seconds from 26 ports with std dev 19681.46 Huge difference and would be virutaly impossible to "guess" Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at designmedia.com Thu Jul 10 07:25:10 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jul 10 07:25:36 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? References: Message-ID: Paul Hutchings mira.co.uk> writes: > > As subject, there's a major bunch of updates been released for CentOS 5 > recently. > > I know nothing is concrete, but has anyone here taken the plunge and do > you know if there there any known/major issues between these, and > MailScanner 4.70? > I took the plunge a few weeks ago and aside from one hiccup (see the "Can't install CentOS 5.2 update?" thread), everything seems to be running fine (with 4.70.7-1). From mailing_lists+mailscanner at caleotech.com Thu Jul 10 07:32:49 2008 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jul 10 07:33:02 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> Message-ID: <53875.172.16.1.42.1215671569.squirrel@www.caleotech.com> > On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: >> This nice little tool was posted to the dns operations list. >> Cut and paste this into your linux or BSD (Mac) to check your configured >> DNS >> resolver for cache poisoning vulnerability. >> >> dig +short porttest.dns-oarc.net TXT > > What's a good result supposed to look like? > > I understand that this is not good since it's classified as poor and > comes from only one source port: > > "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev > 0.00" > > But why is this also classified as poor when all 44 queries come from new > ports? > > "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev > 165.43" > > By the way, I don't know if server e.f.g.h is updated or not, I'm just > curious about the result. > > -- > Emo Philips - "I got some new underwear the other day. Well, new to me." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Hi, Look in your named.conf and remove lines like: query-source port 53; query-source-v6 port 53; and run the test again. The directive above will force your dns to use port 53 which is the source of this vulnerability. Jens From ram at netcore.co.in Thu Jul 10 08:14:02 2008 From: ram at netcore.co.in (ram) Date: Thu Jul 10 08:14:20 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? In-Reply-To: References: Message-ID: <1215674042.5691.26.camel@localhost.localdomain> On Wed, 2008-07-09 at 20:46 +0100, Paul Hutchings wrote: > As subject, there's a major bunch of updates been released for CentOS 5 > recently. > > I know nothing is concrete, but has anyone here taken the plunge and do > you know if there there any known/major issues between these, and > MailScanner 4.70? > > Thanks in advance. > I always do an clean rpm install of mailscanner. ( not using the install script because I have to everything from a yum repository according to rules here :-) ) With mailscanner 4.7.0 , I have to force install of 1 rpm perl-IO-1.2301-1.noarch.rpm because of conflicts with perl 5.8 Rest everything works fine, but systems guys here are not happy Thanks Ram From Sylvain.Phaneuf at imsu.ox.ac.uk Thu Jul 10 08:29:24 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Thu Jul 10 08:29:40 2008 Subject: filename checks = wrong filename report In-Reply-To: References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com><4875398C.5010207@evi-inc.com> Message-ID: <4875C865.FEA8.00EB.0@imsu.ox.ac.uk> >>> Scott Silva 10/07/2008 00:00 >>> > And this would be feasible in the body text of a text/plain message > section? (which is ultimately what the report is) > > At that point they could just send the exploit in a message body and not > bother with a file in the first place. > >> ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe >> >> >> >> See, nothing happened, did it? Even if it was thousands of characters >> long, it would be no different, because it's in the body text. > How about when that longscaryfilename..... gets sent to syslog. That is > another reason to sanitize the names. > > Julian didn't set it that way to be easier, or to mess with users. He has > listed all the reasons in the past, I just can't remember them all. Sorry, I had not realised this had been discussed in the past. I can't keep up with the MailScanner list people! I will try to search the archives... I see the point about 150 characters limit, but the filename I see in my log is CNU0701SF00084(Sent200807041022)2.mail.pdf and it is 42 characters long. This attachment was not > 150 characters and yet it's name was sanitized. That's what is really confusing. The sanitizing hides the real fact that caused it to be blocked: it contains multiple extensions. Could the length of the filename trigger a different report that when an attachment has multiple extensions? Sylvain From shuttlebox at gmail.com Thu Jul 10 08:52:21 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 10 08:52:31 2008 Subject: filename checks = wrong filename report In-Reply-To: <4875C865.FEA8.00EB.0@imsu.ox.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com> <4875C865.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <625385e30807100052h2c18e65dve274890368fbde92@mail.gmail.com> On Thu, Jul 10, 2008 at 9:29 AM, Sylvain Phaneuf wrote: > I see the point about 150 characters limit, but the filename I see in my log is > CNU0701SF00084(Sent200807041022)2.mail.pdf > and it is 42 characters long. This attachment was not > 150 characters and yet it's name was sanitized. That's what is really confusing. The sanitizing hides the real fact that caused it to be blocked: it contains multiple extensions. Could the length of the filename trigger a different report that when an attachment has multiple extensions? I just mentioned the 150 character thing because I've also had some explaining to do to my users. It has nothing to do with why your attachment got blocked, it's a separate test in the filename rules and they all cause the same report. Most of us has solved this by editing the reports, you could for example add "(filename shown may not be the original one)" or something like that. That stopped users asking me why their file was blocked. -- George Burns - "Don't stay in bed, unless you can make money in bed." From peter at farrows.org Thu Jul 10 09:00:49 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jul 10 09:01:15 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <53875.172.16.1.42.1215671569.squirrel@www.caleotech.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <53875.172.16.1.42.1215671569.squirrel@www.caleotech.com> Message-ID: <4875C1B1.2030604@farrows.org> horizontal ruler Jens Ahlin wrote: >> On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: >> >>> This nice little tool was posted to the dns operations list. >>> Cut and paste this into your linux or BSD (Mac) to check your configured >>> DNS >>> resolver for cache poisoning vulnerability. >>> >>> dig +short porttest.dns-oarc.net TXT >>> >> What's a good result supposed to look like? >> >> I understand that this is not good since it's classified as poor and >> comes from only one source port: >> >> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev >> 0.00" >> >> But why is this also classified as poor when all 44 queries come from new >> ports? >> >> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev >> 165.43" >> >> By the way, I don't know if server e.f.g.h is updated or not, I'm just >> curious about the result. >> >> -- >> Emo Philips - "I got some new underwear the other day. Well, new to me." >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Hi, > > Look in your named.conf and remove lines like: > query-source port 53; > query-source-v6 port 53; > > and run the test again. The directive above will force your dns to use > port 53 which is the source of this vulnerability. > > Jens > Just for the record my DNS server returned: dig +short porttest.dns-oarc.net TXT z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. "212.21.120.10 is GOOD: 26 queries in 4.5 seconds from 26 ports with std dev 19299.85" But I patched it yesterday... P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From a.peacock at chime.ucl.ac.uk Thu Jul 10 09:15:52 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Jul 10 09:16:06 2008 Subject: Mailscanner is not detecting eicar In-Reply-To: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk> References: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk> Message-ID: <4875C538.1000208@chime.ucl.ac.uk> Hi Paul, Paul Lamb wrote: > MailScanner version 4.69.9 is not detecting the eicar test "virus". > > (This has not worked previously; I downloaded it a couple of weeks ago > but have only just configured it.) > > Eicar is forwarded whether included in the message text > > mail pal < /etc/mail/EICAR-TEST-FILE > > or as at attachment > > echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal > > I have tested with eicar included in the parameter Non-Forging Viruses > and with it not included. > > Please note that MailScanner does detect and quarantine the virus > W32/MyDoom-O and Sophos sweep does detect eicar > > /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE > [snip] > >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE > > Any suggestions would be appreciated. Mailscanner and Sophos are working fine here and detecting EICAR. "The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: a.peacock@chime.ucl.ac.uk IP Address: 128.40.182.49 Recipient: a.peacock@chime.ucl.ac.uk Subject: Test of eicar MessageID: m697INiw012407 Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407 Report: Clamd: eicar.com was infected: ./m697INiw012407/eicar.com: Eicar-Test-Signature FOUND SophosSAVI: eicar.com was infected by EICAR-AV-Test MailScanner: Executable DOS/Windows programs are dangerous in email (eicar.com)" All I can suggest is to run MailScanner in debug mode and see if there is anything obvious in the debug output. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From fabien.garziano at caliseo.com Thu Jul 10 09:22:00 2008 From: fabien.garziano at caliseo.com (Fabien GARZIANO) Date: Thu Jul 10 09:22:27 2008 Subject: Mailscanner / postfix Timeout in the SMTP dialog Message-ID: Hi People, Hi Denis, Unfortunately, I've applied the patch. I've tried the first one. Edit sysctl.conf, then reboot. I still got the same errors in maillog. I did the same with the 2nd fix but got the same result. I'm still digging. Anyway, thanks again for the answer. > -----Message d'origine----- > De : mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] De la > part de Fabien GARZIANO > Envoy? : mercredi 9 juillet 2008 17:11 > ? : MailScanner discussion > Objet : RE: Mailscanner / postfix Timeout in the SMTP dialog > > Thanks for your answer Denis. > > I'll apply this patch ASAP and send feedback in this list if > it's not misplaced. > > > > Fabien, > > > > I don't know it this applies to you but I had to apply the > following > > patch to my kernel setup on RHEL 5 to stop that knid of problems: > > tail /etc/sysctl.conf > > # Fix for tcp window scaling issue related to broken > Internet routers > > net.ipv4.tcp_wmem = 4096 16384 131072 net.ipv4.tcp_rmem = > 4096 87380 > > 174760 > > > > # From S. Freegard fsl.com > > # increase Linux autotuning TCP buffer limits # min, > default, and max > > number of bytes to use #net.ipv4.tcp_rmem = 4096 87380 16777216 > > #net.ipv4.tcp_wmem = 4096 65536 16777216 > > > > I also included the values Steeve Freegard is using. You > will have to > > restart your server after modifying your sysctl.conf file (or you > > could use the sysctl command to make the changes dynamically). > > > > Denis > > > > -- > > _ > > ?v? Denis Beauchemin, analyste > > /(_)\ Universit? de Sherbrooke, S.T.I. > > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Jul 10 09:42:03 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 10 09:42:12 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <48756BED.30608@pacific.net> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> Message-ID: <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: > They are probably not random enough. You can look at them with netstat or > lsof -i OK, it's the standard deviation that is key to the result. Unique ports but all in a row for example is of course not good. I have now patched one server and it shows GOOD with a high std dev. /peter -- Robert Benchley - "Drawing on my fine command of the English language, I said nothing." From seb at esfnet.co.uk Thu Jul 10 09:49:51 2008 From: seb at esfnet.co.uk (Seb James) Date: Thu Jul 10 09:50:23 2008 Subject: CRLF in attachments being replaced by LF Message-ID: <1215679791.16028.16.camel@localhost> Hi list, I have a problem with some attachments being sent to me. I am using postfix and MailScanner and SpamAssassin to process incoming mail. The attachments are raw print data, containing escape characters of various types and also CRLF pairs, as well as formfeeds, and lonely LF characters. Somewhere, the CRLF are being converted to LF, which messes up the print data (test docs sent to me by customers for testing and problem resolution). I suspect spamassassin, am I right? Any way to turn spamassassin off for certain attachment file types, such as any files ending in .prn and .dat? I know I can deny or allow files based on file types, but what about spamassassin scanning depending on file type? Thanks in advance for any help, Seb James From topper at libero.it Thu Jul 10 10:28:42 2008 From: topper at libero.it (topper@libero.it) Date: Thu Jul 10 10:28:51 2008 Subject: Infected message Requeued Message-ID: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost> Hello, I have a trouble using SaneSecurity signature for Phishing and Scam. My installation is Debian Etch with: Postfix 2.3.8-2+b1 Clamav 0.93.1.dfsg-volatile1 MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-4.70.7- 1 from tar.gz. This is the trouble: Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.x. x] Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) with ESMTP id 478BC4C245??for ; Thu, 10 Jul 2008 11:22:39 +0200 (CEST) from unknown[x.x.x.x]; from= to= proto=ESMTP helo= Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-id=<21CD3BE3. 51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> Jul 10 11:23:36 mx1 MailScanner[22482]: /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.Spam. Gen2986.Sanesecurity.08041408 FOUND Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.36DF1. message came from Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to C207D4C264 As you can see the message is recognized as infected, but MailScanner Requeue the message. This occur only when is recognized infected with the Sanesecurity signature. When the message in recognized infected by a virus it is quarantined and not delivered as expected. The same thing occurs with del default package of MailScanner in Debian Stable and with the latest stable versione fro tar.gz. From Neal at Morgan-Systems.com Thu Jul 10 10:34:28 2008 From: Neal at Morgan-Systems.com (Neal Morgan) Date: Thu Jul 10 10:35:15 2008 Subject: CRLF in attachments being replaced by LF In-Reply-To: <1215679791.16028.16.camel@localhost> References: <1215679791.16028.16.camel@localhost> Message-ID: <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net> Seb James wrote: > Hi list, > > I have a problem with some attachments being sent to me. > > I am using postfix and MailScanner and SpamAssassin to process incoming > mail. > > The attachments are raw print data, containing escape characters of > various types and also CRLF pairs, as well as formfeeds, and lonely LF > characters. > > Somewhere, the CRLF are being converted to LF, which messes up the print > data (test docs sent to me by customers for testing and problem > resolution). > > I suspect spamassassin, am I right? > > Any way to turn spamassassin off for certain attachment file types, such > as any files ending in .prn and .dat? I know I can deny or allow files > based on file types, but what about spamassassin scanning depending on > file type? > > Thanks in advance for any help, > > Seb James Just a wild guess - but since SMTP expects . to end the data phase, is it possible that MUA (sending side) is performing this replacement to prevent message truncation during delivery? Try having the sender zip the file or rename to a type that Windows doesn't consider text... From list-mailscanner at linguaphone.com Thu Jul 10 10:42:16 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jul 10 10:42:26 2008 Subject: Infected message Requeued In-Reply-To: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost> References: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost> Message-ID: <1215682936.2680.1.camel@gblades-suse.linguaphone-intranet.co.uk> Dont use the debian stable version of Mailscanner it is not kept up to date and version 4.55 is very old and may not work with with some latter postfix and perl module versions. On Thu, 2008-07-10 at 10:28, topper@libero.it wrote: > Hello, > > I have a trouble using SaneSecurity signature for Phishing and Scam. > > My installation is Debian Etch with: > > Postfix 2.3.8-2+b1 > Clamav 0.93.1.dfsg-volatile1 > MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-4.70.7- > 1 from tar.gz. > > This is the trouble: > > Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.x. > x] > Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header > Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) with > ESMTP id 478BC4C245??for ; Thu, 10 Jul 2008 11:22:39 +0200 (CEST) > from unknown[x.x.x.x]; from= to= it> proto=ESMTP helo= > Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-id=<21CD3BE3. > 51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> > Jul 10 11:23:36 mx1 MailScanner[22482]: > /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.Spam. > Gen2986.Sanesecurity.08041408 FOUND > Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.36DF1. > message came from > Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to > C207D4C264 > > As you can see the message is recognized as infected, but MailScanner Requeue > the message. This occur only when is recognized infected with the Sanesecurity > signature. When the message in recognized infected by a virus it is quarantined > and not delivered as expected. > > The same thing occurs with del default package of MailScanner in Debian > Stable and with the latest stable versione fro tar.gz. From seb at esfnet.co.uk Thu Jul 10 10:48:47 2008 From: seb at esfnet.co.uk (Seb James) Date: Thu Jul 10 10:49:55 2008 Subject: CRLF in attachments being replaced by LF In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net> References: <1215679791.16028.16.camel@localhost> <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net> Message-ID: <1215683327.16028.21.camel@localhost> On Thu, 2008-07-10 at 02:34 -0700, Neal Morgan wrote: > Seb James wrote: > > Hi list, > > > > I have a problem with some attachments being sent to me. > > > > I am using postfix and MailScanner and SpamAssassin to process > incoming > > mail. > > > > The attachments are raw print data, containing escape characters of > > various types and also CRLF pairs, as well as formfeeds, and lonely LF > > characters. > > > > Somewhere, the CRLF are being converted to LF, which messes up the > print > > data (test docs sent to me by customers for testing and problem > > resolution). > > > > I suspect spamassassin, am I right? > > > > Any way to turn spamassassin off for certain attachment file types, > such > > as any files ending in .prn and .dat? I know I can deny or allow files > > based on file types, but what about spamassassin scanning depending on > > file type? > > > > Thanks in advance for any help, > > > > Seb James > > Just a wild guess - but since SMTP expects . to end the data > phase, is it possible that MUA (sending side) is performing this > replacement to prevent message truncation during delivery? > > Try having the sender zip the file or rename to a type that Windows > doesn't consider text... Thanks for the reply Neil, I think the attachment would be base64 encoded, meaning that the sending side wouldn't see any CRLF to strip out. I'm sure this is happening in my MTA, because the same message sent to multiple recipients including me and someone receiving their email via a different chain (including some Linux based MTA for their domain then a Windows mail client) arrived with the attachment different in each case. I really want to avoid asking the sender to do anything if I can possibly get these mails to arrive intact! best, Seb From J.Ede at birchenallhowden.co.uk Thu Jul 10 11:14:43 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Jul 10 11:15:06 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1 Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: 10 July 2008 09:42 > To: MailScanner discussion > Subject: Re: Watch it: Multiple DNS implementations vulnerable to cache > poisoning > > On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: > > They are probably not random enough. You can look at them with > netstat or > > lsof -i > > OK, it's the standard deviation that is key to the result. Unique > ports but all in a row for example is of course not good. > > I have now patched one server and it shows GOOD with a high std dev. > > /peter > -- > Robert Benchley - "Drawing on my fine command of the English > language, I said nothing." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From topper at libero.it Thu Jul 10 11:19:30 2008 From: topper at libero.it (topper@libero.it) Date: Thu Jul 10 11:19:38 2008 Subject: R: Re: Infected message Requeued Message-ID: <14970417.18091215685170170.JavaMail.defaultUser@defaultHost> Yes of course I've installed MailScanner 4.70.7 with no progession. But I've found that all messages (and not only Sanesecurity's one) are delivered also if marked as Infected. The only difference is that I can't see them in the quarantine directory. So actually it seems that MailScanner is only reporting Infected messages but requeue all them and I can't understand why. >----Messaggio originale---- >Da: list-mailscanner@linguaphone.com >Data: 10/07/2008 11.42 >A: "MailScanner discussion" >Ogg: Re: Infected message Requeued > >Dont use the debian stable version of Mailscanner it is not kept up to >date and version 4.55 is very old and may not work with with some latter >postfix and perl module versions. > >On Thu, 2008-07-10 at 10:28, topper@libero.it wrote: >> Hello, >> >> I have a trouble using SaneSecurity signature for Phishing and Scam. >> >> My installation is Debian Etch with: >> >> Postfix 2.3.8-2+b1 >> Clamav 0.93.1.dfsg-volatile1 >> MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner- 4.70.7- >> 1 from tar.gz. >> >> This is the trouble: >> >> Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x. x. >> x] >> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header >> Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) with >> ESMTP id 478BC4C245??for ; Thu, 10 Jul 2008 11:22:39 +0200 (CEST) >> from unknown[x.x.x.x]; from= to=> it> proto=ESMTP helo= >> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message- id=<21CD3BE3. >> 51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> >> Jul 10 11:23:36 mx1 MailScanner[22482]: >> /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email. Spam. >> Gen2986.Sanesecurity.08041408 FOUND >> Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245. 36DF1. >> message came from >> Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to >> C207D4C264 >> >> As you can see the message is recognized as infected, but MailScanner Requeue >> the message. This occur only when is recognized infected with the Sanesecurity >> signature. When the message in recognized infected by a virus it is quarantined >> and not delivered as expected. >> >> The same thing occurs with del default package of MailScanner in Debian >> Stable and with the latest stable versione fro tar.gz. From prandal at herefordshire.gov.uk Thu Jul 10 11:32:06 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jul 10 11:32:29 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> Have you made sure that in named.conf there are no query-source port 53; query-source-v6 port 53; lines? Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 10 July 2008 11:15 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementations vulnerable to cachepoisoning I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1 Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: 10 July 2008 09:42 > To: MailScanner discussion > Subject: Re: Watch it: Multiple DNS implementations vulnerable to > cache poisoning > > On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: > > They are probably not random enough. You can look at them with > netstat or > > lsof -i > > OK, it's the standard deviation that is key to the result. Unique > ports but all in a row for example is of course not good. > > I have now patched one server and it shows GOOD with a high std dev. > > /peter > -- > Robert Benchley - "Drawing on my fine command of the English > language, I said nothing." > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Thu Jul 10 12:03:24 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Jul 10 12:03:45 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49FC@server02.bhl.local> Got it... I commented those lines out from the named.caching-nameserver.conf file and its all happy and reporting as good now... That file is as delivered by Centos yum install caching-nameserver. Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 10 July 2008 11:32 > To: MailScanner discussion > Subject: RE: Watch it: Multiple DNS implementations vulnerable to > cachepoisoning > > Have you made sure that in named.conf there are no > > query-source port 53; > query-source-v6 port 53; > > lines? > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason > Ede > Sent: 10 July 2008 11:15 > To: MailScanner discussion > Subject: RE: Watch it: Multiple DNS implementations vulnerable to > cachepoisoning > > I've patched some servers and they're showing good, but on one behind a > firewall its still showing as poor despite the update being run... Its > running Centos5.1 > > Jason > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > > Sent: 10 July 2008 09:42 > > To: MailScanner discussion > > Subject: Re: Watch it: Multiple DNS implementations vulnerable to > > cache poisoning > > > > On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: > > > They are probably not random enough. You can look at them with > > netstat or > > > lsof -i > > > > OK, it's the standard deviation that is key to the result. Unique > > ports but all in a row for example is of course not good. > > > > I have now patched one server and it shows GOOD with a high std dev. > > > > /peter > > -- > > Robert Benchley - "Drawing on my fine command of the English > > language, I said nothing." > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From cobalt-users1 at fishnet.co.uk Thu Jul 10 12:50:38 2008 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Jul 10 12:50:58 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <487540A3.7050701@pacific.net> References: <48745EB2.8050404@alexb.ch>, <4874856A.5000605@farrows.org>, <487540A3.7050701@pacific.net> Message-ID: <4876059E.6432.350E75@cobalt-users1.fishnet.co.uk> On 9 Jul 2008 at 17:50, Ken A wrote: > This nice little tool was posted to the dns operations list. > Cut and paste this into your linux or BSD (Mac) to check your configured > DNS resolver for cache poisoning vulnerability. > > dig +short porttest.dns-oarc.net TXT > > In windows you can use nslookup > > nslookup > > set type=txt > > porttest.dns-oarc.net > > Might be good to know how spoofable the DNS you are using is! > > Ken Hi, Thanks for this Ken, its helped me fix several configs that I thought were ok! They were patched but still had a query-source set. Had to fiddle with some firewalls too. On windows though I don't see the same results as on linux: nslookup > set type=txt > set timeout=30 > porttest.dns-oarc.net porttest.dns-oarc.net canonical name = z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net ie no actual TXT record Any ideas? Regards Ian -- From peter at farrows.org Thu Jul 10 13:06:55 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jul 10 13:07:19 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> Message-ID: <4875FB5F.8030906@farrows.org> If you're running a public DNS server or a DNS server for your LAN clients then these lines are an extremely good idea... P. Randal, Phil wrote: > Have you made sure that in named.conf there are no > > query-source port 53; > query-source-v6 port 53; > > lines? > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason > Ede > Sent: 10 July 2008 11:15 > To: MailScanner discussion > Subject: RE: Watch it: Multiple DNS implementations vulnerable to > cachepoisoning > > I've patched some servers and they're showing good, but on one behind a > firewall its still showing as poor despite the update being run... Its > running Centos5.1 > > Jason > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of shuttlebox >> Sent: 10 July 2008 09:42 >> To: MailScanner discussion >> Subject: Re: Watch it: Multiple DNS implementations vulnerable to >> cache poisoning >> >> On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: >> >>> They are probably not random enough. You can look at them with >>> >> netstat or >> >>> lsof -i >>> >> OK, it's the standard deviation that is key to the result. Unique >> ports but all in a row for example is of course not good. >> >> I have now patched one server and it shows GOOD with a high std dev. >> >> /peter >> -- >> Robert Benchley - "Drawing on my fine command of the English >> language, I said nothing." >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/cdc71509/attachment.html From seb at esfnet.co.uk Thu Jul 10 13:15:19 2008 From: seb at esfnet.co.uk (Seb James) Date: Thu Jul 10 13:15:38 2008 Subject: CRLF in attachments being replaced by LF In-Reply-To: <1215683327.16028.21.camel@localhost> References: <1215679791.16028.16.camel@localhost> <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net> <1215683327.16028.21.camel@localhost> Message-ID: <1215692119.16028.32.camel@localhost> On Thu, 2008-07-10 at 10:48 +0100, Seb James wrote: > On Thu, 2008-07-10 at 02:34 -0700, Neal Morgan wrote: > > Seb James wrote: > > > Hi list, > > > > > > I have a problem with some attachments being sent to me. > > > > > > I am using postfix and MailScanner and SpamAssassin to process > > incoming > > > mail. > > > > > > The attachments are raw print data, containing escape characters of > > > various types and also CRLF pairs, as well as formfeeds, and lonely LF > > > characters. > > > > > > Somewhere, the CRLF are being converted to LF, which messes up the > > print > > > data (test docs sent to me by customers for testing and problem > > > resolution). > > > > > > I suspect spamassassin, am I right? > > > > > > Any way to turn spamassassin off for certain attachment file types, > > such > > > as any files ending in .prn and .dat? I know I can deny or allow files > > > based on file types, but what about spamassassin scanning depending on > > > file type? > > > > > > Thanks in advance for any help, > > > > > > Seb James > > > > Just a wild guess - but since SMTP expects . to end the data > > phase, is it possible that MUA (sending side) is performing this > > replacement to prevent message truncation during delivery? > > > > Try having the sender zip the file or rename to a type that Windows > > doesn't consider text... > > Thanks for the reply Neil, > > I think the attachment would be base64 encoded, meaning that the sending > side wouldn't see any CRLF to strip out. In fact, now I look back at the messsage source, the attachment transfer encoding was quoted-printable, rather than base64, so the problems with CRLF being modified into LF are quite understandable. &*$&%? MS Outlook (the MUA here) for allowing users to send attachments quoted-printable! > I'm sure this is happening in my MTA, because the same message sent to > multiple recipients including me and someone receiving their email via a > different chain (including some Linux based MTA for their domain then a > Windows mail client) arrived with the attachment different in each case. > > I really want to avoid asking the sender to do anything if I can > possibly get these mails to arrive intact! > > best, > > Seb > > > From prandal at herefordshire.gov.uk Thu Jul 10 13:20:42 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jul 10 13:21:00 2008 Subject: Watch it: Multiple DNS implementations vulnerableto cachepoisoning In-Reply-To: <4875FB5F.8030906@farrows.org> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> query-source defines the IP address (IPv4 or IPv6) and optional port to be used as the source for outgoing queries from the server. The default is a random unprivileged port. There may, of course, be over-zealous firewall rules (or SELinux policies) which mistakenly insist that the source and destination ports are both 53, but that's plain wrong. And dangerous. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: 10 July 2008 13:07 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerableto cachepoisoning If you're running a public DNS server or a DNS server for your LAN clients then these lines are an extremely good idea... P. Randal, Phil wrote: Have you made sure that in named.conf there are no query-source port 53; query-source-v6 port 53; lines? Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 10 July 2008 11:15 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementations vulnerable to cachepoisoning I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1 Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: 10 July 2008 09:42 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerable to cache poisoning On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: They are probably not random enough. You can look at them with netstat or lsof -i OK, it's the standard deviation that is key to the result. Unique ports but all in a row for example is of course not good. I have now patched one server and it shows GOOD with a high std dev. /peter -- Robert Benchley - "Drawing on my fine command of the English language, I said nothing." -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/9ce2c728/attachment.html From davejones70 at gmail.com Thu Jul 10 13:23:17 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Jul 10 13:23:27 2008 Subject: MailScanner 4.70 and latest raft of CentOS5 updates? Message-ID: <67a55ed50807100523y75c6e95dj35794579b3a516ce@mail.gmail.com> >> >> As subject, there's a major bunch of updates been released for CentOS 5 >> recently. >> >> I know nothing is concrete, but has anyone here taken the plunge and do >> you know if there there any known/major issues between these, and >> MailScanner 4.70? >> You will either need to "yum update --exclude=perl*" or force install it. Unrelated to MailScanner and perl, I was bitten by this bug in the CentOS/RHEL 5.2 kernel: http://bugs.centos.org/view.php?id=2912 So don't do this update remotely and expect it to boot back up. You might want to exclude kernel* for now on older AMD K8 and Intel P3 CPUs. My problem box is a P3 500. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/82f5d3ee/attachment.html From peter at farrows.org Thu Jul 10 13:31:03 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jul 10 13:31:54 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning (fwd) In-Reply-To: References: Message-ID: <48760107.8090101@farrows.org> Yeah, I misread the whole thing, so sorry about that, just checked my public name servers and I already have it commented out when I set them up a few years ago... oh how time flies when you're having fun :-) horizontal ruler Res wrote: > I think your confusing what those options do, a properly configured > DNS server does not need those lines, they are a risk. > > > ---------- Forwarded message ---------- > Date: Thu, 10 Jul 2008 13:06:55 +0100 > From: Peter Farrow > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Watch it: Multiple DNS implementations vulnerable to > cachepoisoning > > If you're running a public DNS server or a DNS server for your LAN > clients then these lines are an extremely good idea... > > P. > > > Randal, Phil wrote: >> Have you made sure that in named.conf there are no >> >> query-source port 53; >> query-source-v6 port 53; >> >> lines? >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Networks Engineer >> Herefordshire Council >> Hereford, UK >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason >> Ede >> Sent: 10 July 2008 11:15 >> To: MailScanner discussion >> Subject: RE: Watch it: Multiple DNS implementations vulnerable to >> cachepoisoning >> >> I've patched some servers and they're showing good, but on one behind a >> firewall its still showing as poor despite the update being run... Its >> running Centos5.1 >> >> Jason >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of shuttlebox >>> Sent: 10 July 2008 09:42 >>> To: MailScanner discussion >>> Subject: Re: Watch it: Multiple DNS implementations vulnerable to >>> cache poisoning >>> >>> On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: >>> >>>> They are probably not random enough. You can look at them with >>>> >>> netstat or >>> >>>> lsof -i >>>> >>> OK, it's the standard deviation that is key to the result. Unique >>> ports but all in a row for example is of course not good. >>> >>> I have now patched one server and it shows GOOD with a high std dev. >>> >>> /peter >>> -- >>> Robert Benchley - "Drawing on my fine command of the English >>> language, I said nothing." >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From pal at mssl.ucl.ac.uk Thu Jul 10 15:40:42 2008 From: pal at mssl.ucl.ac.uk (Paul Lamb) Date: Thu Jul 10 15:40:57 2008 Subject: Mailscanner is not detecting eicar Message-ID: <48761F6A.7090100@mssl.ucl.ac.uk> Anthony Peacock wrote >Paul Lamb wrote: >> MailScanner version 4.69.9 is not detecting the eicar test "virus". >> >> (This has not worked previously;I downloaded it a couple of weeks ago >> but have only just configured it.) >> >> Eicar is forwarded whether included in the message text >> >> mail pal < /etc/mail/EICAR-TEST-FILE >> >> or as at attachment >> >> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal >> >>I have tested with eicar included in the parameter Non-Forging Viruses >> and with it not included. >> >> Please note that MailScanner does detect and quarantine the virus >> W32/MyDoom-O and Sophos sweep does detect eicar >> >> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE >> [snip] >> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE >> >> Any suggestions would be appreciated. > >Mailscanner and Sophos are working fine here and detecting EICAR. > >"The following e-mails were found to have: Bad Filename Detected :Virus >Detected > > Sender: a.peacock@chime.ucl.ac.uk >IP Address: 128.40.182.49 > Recipient: a.peacock@chime.ucl.ac.uk > Subject: Test of eicar > MessageID: m697INiw012407 >Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407 > Report: Clamd: eicar.com was infected: ./m697INiw012407/eicar.com: >Eicar-Test-Signature FOUND > SophosSAVI: eicar.com was infected by EICAR-AV-Test > MailScanner: Executable DOS/Windows programs are dangerous >in email (eicar.com)" > >All I can suggest is to run MailScanner in debug mode and see if there >is anything obvious in the debug output. Anthony, Thanks for this. Upon checking, I found that I had enabled debug but had reloaded (rather than restarted the service). In brief, the location of the sophos software (in virus.scanners.conf) was not as on my old mailhub so sweep had never run. I had been fooled by a real virus being rejected but that had been rejected as it is executable. Paul From a.peacock at chime.ucl.ac.uk Thu Jul 10 15:51:24 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Jul 10 15:51:38 2008 Subject: Mailscanner is not detecting eicar In-Reply-To: <48761F6A.7090100@mssl.ucl.ac.uk> References: <48761F6A.7090100@mssl.ucl.ac.uk> Message-ID: <487621EC.1070303@chime.ucl.ac.uk> Paul Lamb wrote: > Anthony Peacock wrote > > >Paul Lamb wrote: > >> MailScanner version 4.69.9 is not detecting the eicar test "virus". > >> > >> (This has not worked previously;I downloaded it a couple of weeks ago > >> but have only just configured it.) > >> > >> Eicar is forwarded whether included in the message text > >> > >> mail pal < /etc/mail/EICAR-TEST-FILE > >> > >> or as at attachment > >> > >> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal > >> > >>I have tested with eicar included in the parameter Non-Forging Viruses > >> and with it not included. > >> > >> Please note that MailScanner does detect and quarantine the virus > >> W32/MyDoom-O and Sophos sweep does detect eicar > >> > >> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE > >> [snip] > >> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE > >> > >> Any suggestions would be appreciated. > > > >Mailscanner and Sophos are working fine here and detecting EICAR. > > > >"The following e-mails were found to have: Bad Filename Detected :Virus > >Detected > > > > Sender: a.peacock@chime.ucl.ac.uk > >IP Address: 128.40.182.49 > > Recipient: a.peacock@chime.ucl.ac.uk > > Subject: Test of eicar > > MessageID: m697INiw012407 > >Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407 > > Report: Clamd: eicar.com was infected: ./m697INiw012407/eicar.com: > >Eicar-Test-Signature FOUND > > SophosSAVI: eicar.com was infected by EICAR-AV-Test > > MailScanner: Executable DOS/Windows programs are dangerous > >in email (eicar.com)" > > > >All I can suggest is to run MailScanner in debug mode and see if there > >is anything obvious in the debug output. > > > Anthony, Thanks for this. Upon checking, I found that I had enabled > debug but had reloaded (rather than restarted the service). In brief, > the location of the sophos software (in virus.scanners.conf) was not as > on my old mailhub so sweep had never run. I had been fooled by a real > virus being rejected but that had been rejected as it is executable. Glad you have got it working. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From mkettler at evi-inc.com Thu Jul 10 18:30:07 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 10 18:29:58 2008 Subject: filename checks = wrong filename report In-Reply-To: References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com> Message-ID: <4876471F.7050200@evi-inc.com> Scott Silva wrote: > on 7-9-2008 3:19 PM Matt Kettler spake the following: >> See, nothing happened, did it? Even if it was thousands of characters >> long, it would be no different, because it's in the body text. > How about when that longscaryfilename..... gets sent to syslog. That is > another reason to sanitize the names. But in the example posted to this thread syslog gets the unsanitized version.. It is only the in-body text report which gets the sanitized version. This seems a bit backwards to me. From ssilva at sgvwater.com Thu Jul 10 18:38:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 10 18:39:03 2008 Subject: filename checks = wrong filename report In-Reply-To: <4876471F.7050200@evi-inc.com> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com> <4876471F.7050200@evi-inc.com> Message-ID: on 7-10-2008 10:30 AM Matt Kettler spake the following: > Scott Silva wrote: >> on 7-9-2008 3:19 PM Matt Kettler spake the following: >>> See, nothing happened, did it? Even if it was thousands of characters >>> long, it would be no different, because it's in the body text. >> How about when that longscaryfilename..... gets sent to syslog. That >> is another reason to sanitize the names. > > But in the example posted to this thread syslog gets the unsanitized > version.. > > It is only the in-body text report which gets the sanitized version. > This seems a bit backwards to me. > > Julian probably just sanitized everything to reduce code complexity. Much easier then another 1000 lines of code to figure out IF something can be bad. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/5d995b62/signature.bin From ssilva at sgvwater.com Thu Jul 10 18:41:27 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 10 18:45:11 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> Message-ID: on 7-9-2008 4:47 PM shuttlebox spake the following: > On Thu, Jul 10, 2008 at 12:50 AM, Ken A wrote: >> This nice little tool was posted to the dns operations list. >> Cut and paste this into your linux or BSD (Mac) to check your configured DNS >> resolver for cache poisoning vulnerability. >> >> dig +short porttest.dns-oarc.net TXT > > What's a good result supposed to look like? > > I understand that this is not good since it's classified as poor and > comes from only one source port: > > "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00" > > But why is this also classified as poor when all 44 queries come from new ports? > > "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43" All my good tests have had a much larger standard deviation. You need more randomness in your dns output. > > By the way, I don't know if server e.f.g.h is updated or not, I'm just > curious about the result. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/c37262e5/signature.bin From jra at baylink.com Thu Jul 10 18:58:18 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Thu Jul 10 18:58:28 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cachepoisoning In-Reply-To: <4875FB5F.8030906@farrows.org> References: <48745EB2.8050404@alexb.ch> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> Message-ID: <20080710175818.GK7665@cgi.jachomes.com> On Thu, Jul 10, 2008 at 01:06:55PM +0100, Peter Farrow wrote: > > Have you made sure that in named.conf there are no > > > > query-source port 53; > > query-source-v6 port 53; > If you're running a public DNS server or a DNS server for your LAN clients > then these lines are an extremely good idea... To clarify Phil's followup: no, they're not. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin) From shuttlebox at gmail.com Thu Jul 10 18:59:56 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 10 19:00:06 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> Message-ID: <625385e30807101059q7793ea04g24c1ccc282bd4502@mail.gmail.com> On Thu, Jul 10, 2008 at 7:41 PM, Scott Silva wrote: >> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev >> 165.43" > > All my good tests have had a much larger standard deviation. You need more > randomness in your dns output. POOR 0-3000 FAIR 3000-10000 GOOD 10000- They have an explanation of the test on their site now. -- Fred Allen - "Television is a medium because anything well done is rare." From seb at esfnet.co.uk Thu Jul 10 21:00:20 2008 From: seb at esfnet.co.uk (Seb James) Date: Thu Jul 10 21:00:34 2008 Subject: CRLF in attachments being replaced by LF In-Reply-To: <1215692119.16028.32.camel@localhost> References: <1215679791.16028.16.camel@localhost> <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net> <1215683327.16028.21.camel@localhost> <1215692119.16028.32.camel@localhost> Message-ID: <1215720020.16028.57.camel@localhost> On Thu, 2008-07-10 at 13:15 +0100, Seb James wrote: > On Thu, 2008-07-10 at 10:48 +0100, Seb James wrote: > > On Thu, 2008-07-10 at 02:34 -0700, Neal Morgan wrote: > > > Seb James wrote: > > > > Hi list, > > > > > > > > I have a problem with some attachments being sent to me. > > > > > > > > I am using postfix and MailScanner and SpamAssassin to process > > > incoming > > > > mail. > > > > > > > > The attachments are raw print data, containing escape characters of > > > > various types and also CRLF pairs, as well as formfeeds, and lonely LF > > > > characters. > > > > > > > > Somewhere, the CRLF are being converted to LF, which messes up the > > > print > > > > data (test docs sent to me by customers for testing and problem > > > > resolution). > > > > > > > > I suspect spamassassin, am I right? > > > > > > > > Any way to turn spamassassin off for certain attachment file types, > > > such > > > > as any files ending in .prn and .dat? I know I can deny or allow files > > > > based on file types, but what about spamassassin scanning depending on > > > > file type? > > > > > > > > Thanks in advance for any help, > > > > > > > > Seb James > > > > > > Just a wild guess - but since SMTP expects . to end the data > > > phase, is it possible that MUA (sending side) is performing this > > > replacement to prevent message truncation during delivery? > > > > > > Try having the sender zip the file or rename to a type that Windows > > > doesn't consider text... > > > > Thanks for the reply Neil, > > > > I think the attachment would be base64 encoded, meaning that the sending > > side wouldn't see any CRLF to strip out. > > In fact, now I look back at the messsage source, the attachment transfer > encoding was quoted-printable, rather than base64, so the problems with > CRLF being modified into LF are quite understandable. > > &*$&%? MS Outlook (the MUA here) for allowing users to send attachments > quoted-printable! I find that other mail user agents will select quoted-printable if they think that an attachment is "native" clear text. Evolution certainly does. So I just have to check the encoding of important print data attachments to make sure it is base64 and if not, ask the customer to re-send a zip file which will protect the data. > > I'm sure this is happening in my MTA, because the same message sent to > > multiple recipients including me and someone receiving their email via a > > different chain (including some Linux based MTA for their domain then a > > Windows mail client) arrived with the attachment different in each case. > > > > I really want to avoid asking the sender to do anything if I can > > possibly get these mails to arrive intact! > > > > best, > > > > Seb > > > > > > > > > From prandal at herefordshire.gov.uk Thu Jul 10 23:52:55 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jul 10 23:53:11 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk><4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> It looks like this vulnerability is rather serious: http://securosis.com/2008/07/09/more-on-the-dns-vulnerability/ RedHat has released updated packages for RedHat 5.x: http://rhn.redhat.com/errata/RHSA-2008-0533.html "[Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports." Hooray! I've posted comments on Dan Kaminsky's blog and elsewhere drawing people's attention to the need to check BIND config files. Cheers, Phil ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 10 July 2008 13:21 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning query-source defines the IP address (IPv4 or IPv6) and optional port to be used as the source for outgoing queries from the server. The default is a random unprivileged port. There may, of course, be over-zealous firewall rules (or SELinux policies) which mistakenly insist that the source and destination ports are both 53, but that's plain wrong. And dangerous. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: 10 July 2008 13:07 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerableto cachepoisoning If you're running a public DNS server or a DNS server for your LAN clients then these lines are an extremely good idea... P. Randal, Phil wrote: Have you made sure that in named.conf there are no query-source port 53; query-source-v6 port 53; lines? Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 10 July 2008 11:15 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementations vulnerable to cachepoisoning I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1 Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: 10 July 2008 09:42 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerable to cache poisoning On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: They are probably not random enough. You can look at them with netstat or lsof -i OK, it's the standard deviation that is key to the result. Unique ports but all in a row for example is of course not good. I have now patched one server and it shows GOOD with a high std dev. /peter -- Robert Benchley - "Drawing on my fine command of the English language, I said nothing." -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/aa0e5b12/attachment-0001.html From J.Ede at birchenallhowden.co.uk Fri Jul 11 07:54:30 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jul 11 07:54:58 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk><4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> Does anyone know if there are any patches available for this for FC7 or do I just need to download and compile a new version of bind? Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 10 July 2008 23:53 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning It looks like this vulnerability is rather serious: http://securosis.com/2008/07/09/more-on-the-dns-vulnerability/ RedHat has released updated packages for RedHat 5.x: http://rhn.redhat.com/errata/RHSA-2008-0533.html "[Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports." Hooray! I've posted comments on Dan Kaminsky's blog and elsewhere drawing people's attention to the need to check BIND config files. Cheers, Phil ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 10 July 2008 13:21 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning query-source defines the IP address (IPv4 or IPv6) and optional port to be used as the source for outgoing queries from the server. The default is a random unprivileged port. There may, of course, be over-zealous firewall rules (or SELinux policies) which mistakenly insist that the source and destination ports are both 53, but that's plain wrong. And dangerous. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: 10 July 2008 13:07 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerableto cachepoisoning If you're running a public DNS server or a DNS server for your LAN clients then these lines are an extremely good idea... P. Randal, Phil wrote: Have you made sure that in named.conf there are no query-source port 53; query-source-v6 port 53; lines? Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 10 July 2008 11:15 To: MailScanner discussion Subject: RE: Watch it: Multiple DNS implementations vulnerable to cachepoisoning I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1 Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: 10 July 2008 09:42 To: MailScanner discussion Subject: Re: Watch it: Multiple DNS implementations vulnerable to cache poisoning On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: They are probably not random enough. You can look at them with netstat or lsof -i OK, it's the standard deviation that is key to the result. Unique ports but all in a row for example is of course not good. I have now patched one server and it shows GOOD with a high std dev. /peter -- Robert Benchley - "Drawing on my fine command of the English language, I said nothing." -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080711/8de023b7/attachment.html From peter at farrows.org Fri Jul 11 09:07:40 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Jul 11 09:08:07 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk><4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> Message-ID: <487714CC.7070509@farrows.org> Interestingly, You can't actually escape this problem/vulnerability, you can only reduce the chances of it happening to a level where is not practical to attempt on the basis of success. The chances are determined by the number of tcp ports available. P. Jason Ede wrote: > > Does anyone know if there are any patches available for this for FC7 > or do I just need to download and compile a new version of bind? > > > > Jason > > > > > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Randal, Phil > *Sent:* 10 July 2008 23:53 > *To:* MailScanner discussion > *Subject:* RE: Watch it: Multiple DNS implementationsvulnerableto > cachepoisoning > > > > It looks like this vulnerability is rather serious: > > > > http://securosis.com/2008/07/09/more-on-the-dns-vulnerability/ > > > > RedHat has released updated packages for RedHat 5.x: > > > > http://rhn.redhat.com/errata/RHSA-2008-0533.html > > > > "[Updated 10th July 2008] > We have updated the Enterprise Linux 5 packages in this advisory. The > default and sample caching-nameserver configuration files have been > updated > so that they do not specify a fixed query-source port. Administrators > wishing to take advantage of randomized UDP source ports should check > their > configuration file to ensure they have not specified fixed > query-source ports." > > > > Hooray! > > > > I've posted comments on Dan Kaminsky's blog and elsewhere drawing > people's attention to the need to check BIND config files. > > > > Cheers, > > > > Phil > > > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Randal, Phil > *Sent:* 10 July 2008 13:21 > *To:* MailScanner discussion > *Subject:* RE: Watch it: Multiple DNS implementationsvulnerableto > cachepoisoning > > query-source defines the IP address (IPv4 or IPv6) and optional port > to be used as the source for *outgoing* queries from the server. > > > > The default is a random unprivileged port. > > > > There may, of course, be over-zealous firewall rules (or SELinux > policies) which mistakenly insist that the source and destination > ports are both 53, but that's plain wrong. > > > > And dangerous. > > > > Cheers, > > > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > > > > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Peter Farrow > *Sent:* 10 July 2008 13:07 > *To:* MailScanner discussion > *Subject:* Re: Watch it: Multiple DNS implementations vulnerableto > cachepoisoning > > If you're running a public DNS server or a DNS server for your LAN > clients then these lines are an extremely good idea... > > P. > > > Randal, Phil wrote: > > Have you made sure that in named.conf there are no > > query-source port 53; > query-source-v6 port 53; > > lines? > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason > Ede > Sent: 10 July 2008 11:15 > To: MailScanner discussion > Subject: RE: Watch it: Multiple DNS implementations vulnerable to > cachepoisoning > > I've patched some servers and they're showing good, but on one behind a > firewall its still showing as poor despite the update being run... Its > running Centos5.1 > > Jason > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info ] On Behalf Of shuttlebox > > Sent: 10 July 2008 09:42 > > To: MailScanner discussion > > Subject: Re: Watch it: Multiple DNS implementations vulnerable to > > cache poisoning > > > > On Thu, Jul 10, 2008 at 3:54 AM, Ken A wrote: > > > > They are probably not random enough. You can look at them with > > > > netstat or > > > > lsof -i > > > > OK, it's the standard deviation that is key to the result. Unique > > ports but all in a row for example is of course not good. > > > > I have now patched one server and it shows GOOD with a high std dev. > > > > /peter > > -- > > Robert Benchley - "Drawing on my fine command of the English > > language, I said nothing." > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080711/b08c674f/attachment.html From lucianog at metline.it Fri Jul 11 10:52:41 2008 From: lucianog at metline.it (Luciano Grego) Date: Fri Jul 11 10:53:26 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> Message-ID: Hi I'm back again, i' ve FC8 + MailScanner ( latest version RPM installed, reinstalled after with -nodeps option ). Queue directory are ok. Like manual. It's possible that my problem is sendmail. It don't queue email for Mailscanner, but delivery automatically on local mailbox. I've setup /etc/init.d/MailScanner for running only the first sendmail process for accept incoming messagges on port 25. StartInSendmail() ... # $SENDMAIL -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID $SENDMAIL -bd -D /var/log/sendmail.dbg -d0-99.2 -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in -OPidFile=$INPID # touch /var/run/sm-client.pid # chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null # $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null -- StartOutSendmail() ... $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) -OPidFile=$OUTPID The messages delivered on local mailbox bypassing MailScanner jobs. Where i must check sendmail? Is /etc/mail/access rules? Thanks at all! -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From gafaith at asdm.net Fri Jul 11 13:59:40 2008 From: gafaith at asdm.net (Gary Faith) Date: Fri Jul 11 13:59:56 2008 Subject: MailScanner: waiting for children to die: Process did not exit cleanly, returned 0 with signal 11 Message-ID: <487720FE.0CE6.002D.0@asdm.net> I just upgraded the server from SLES 10 SP1 to SLES 10 SP2. Ever since the upgrade, I am getting this error constantly in the message log and load average is way above normal with MailScanner taking a lot of CPU %. MailScanner: waiting for children to die: Process did not exit cleanly, returned 0 with signal 11 I figured someone would ask for this so I attached it: syslog:/etc/mail/spamassassin # MailScanner -v Running on Linux syslog 2.6.16.60-0.23-smp #1 SMP Thu May 15 06:38:31 UTC 2008 i686 i686 i386 GNU/Linux This is SUSE Linux Enterprise Server 10 (i586) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.70.7 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 0.21 bignum 1.04 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 0.19 Math::BigRat 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.01 Encode::Detect 0.17014 Error 0.23 ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long missing Inline missing IO::String 1.04 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.33 Net::LDAP 4.007 NetAddr::IP 1.80 Parse::RecDescent missing SAVI 3.12 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7501 version 0.66 YAML Help! Thanks, Gary -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080711/c3fdfdf1/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jul 11 14:37:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 14:38:05 2008 Subject: filename checks = wrong filename report In-Reply-To: References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> Message-ID: <48776228.4070702@ecs.soton.ac.uk> Sylvain Phaneuf wrote: >>>> On 09/07/2008 at 10:26, shuttlebox wrote: >>>> >> The filename in the report is the sanitized version. I've had the same >> problem explaining to users that the original filename was longer than >> 150 characters when the reported one is clearly shorter. I just added >> a few explaining words to the reports to solve the problem. >> > > I would rather have a report that is not using a "sanitized version" if it were possible. > And what happens when someone sends you an attachment whose filename is very long and contains embedded newlines and whitespace and stuff like that. Now you can embed a MIME section in the filename itself. Now you can generate a report that actually has an attachment in it, solely created by the "filename" of the rogue attachment. Now you can actually embed a virus in the report, using the report of the original "filename" as the vector for including it. Oh yes, I want that! :-( Sorry, but this is a *very* bad idea, and I'm not going to write it. I only ever put sanitised versions of filenames in any output produced by MailScanner. Otherwise some bright spark will work out how to do what I describe above. MailScanner has a very good reputation in the software security world, and I intend to keep it. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jul 11 14:48:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 14:49:19 2008 Subject: Mailscanner is not detecting eicar In-Reply-To: References: <48761F6A.7090100@mssl.ucl.ac.uk> Message-ID: <487764C9.3020703@ecs.soton.ac.uk> Anthony Peacock wrote: > Paul Lamb wrote: >> Anthony Peacock wrote >> >> >Paul Lamb wrote: >> >> MailScanner version 4.69.9 is not detecting the eicar test "virus". >> >> >> >> (This has not worked previously;I downloaded it a couple of weeks >> ago >> >> but have only just configured it.) >> >> >> >> Eicar is forwarded whether included in the message text >> >> >> >> mail pal < /etc/mail/EICAR-TEST-FILE >> >> >> >> or as at attachment >> >> >> >> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal >> >> >> >>I have tested with eicar included in the parameter Non-Forging >> Viruses >> >> and with it not included. >> >> >> >> Please note that MailScanner does detect and quarantine the virus >> >> W32/MyDoom-O and Sophos sweep does detect eicar >> >> >> >> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos >> EICAR-TEST-FILE >> >> [snip] >> >> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE >> >> >> >> Any suggestions would be appreciated. >> > >> >Mailscanner and Sophos are working fine here and detecting EICAR. >> > >> >"The following e-mails were found to have: Bad Filename Detected >> :Virus >> >Detected >> > >> > Sender: a.peacock@chime.ucl.ac.uk >> >IP Address: 128.40.182.49 >> > Recipient: a.peacock@chime.ucl.ac.uk >> > Subject: Test of eicar >> > MessageID: m697INiw012407 >> >Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407 >> > Report: Clamd: eicar.com was infected: >> ./m697INiw012407/eicar.com: >> >Eicar-Test-Signature FOUND >> > SophosSAVI: eicar.com was infected by EICAR-AV-Test >> > MailScanner: Executable DOS/Windows programs are >> dangerous >> >in email (eicar.com)" >> > >> >All I can suggest is to run MailScanner in debug mode and see if there >> >is anything obvious in the debug output. >> >> >> Anthony, Thanks for this. Upon checking, I found that I had enabled >> debug but had reloaded (rather than restarted the service). In brief, >> the location of the sophos software (in virus.scanners.conf) was not >> as on my old mailhub so sweep had never run. I had been fooled by a >> real virus being rejected but that had been rejected as it is >> executable. > > Glad you have got it working. > As a note for future reference, remember the "MailScanner --lint" command as this would probably have shown this problem up rather faster. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jul 11 14:54:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 14:55:22 2008 Subject: MailScanner: waiting for children to die: Process did not exit cleanly, returned 0 with signal 11 In-Reply-To: References: Message-ID: <4877661F.6050309@ecs.soton.ac.uk> Have you re-installed MailScanner since your SLES upgrade? If not, then I would advise you do. Also, do a "MailScanner --lint" and a "MailScanner --debug" to see if they print anything suspicious. Gary Faith wrote: > I just upgraded the server from SLES 10 SP1 to SLES 10 SP2. Ever > since the upgrade, I am getting this error constantly in the message > log and load average is way above normal with MailScanner taking a lot > of CPU %. > > MailScanner: waiting for children to die: Process did not exit > cleanly, returned 0 with signal 11 > > I figured someone would ask for this so I attached it: > > syslog:/etc/mail/spamassassin # MailScanner -v > Running on > Linux syslog 2.6.16.60-0.23-smp #1 SMP Thu May 15 06:38:31 UTC 2008 > i686 i686 i386 GNU/Linux > This is SUSE Linux Enterprise Server 10 (i586) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.70.7 > Module versions are: > 1.00 AnyDBM_File > 1.23 Archive::Zip > 0.21 bignum > 1.04 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 0.19 Math::BigRat > 3.07 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.07 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 2.15 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.38 Archive::Tar > 0.21 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.14 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.01 Encode::Detect > 0.17014 Error > 0.23 ExtUtils::CBuilder > missing ExtUtils::ParseXS > 2.36 Getopt::Long > missing Inline > missing IO::String > 1.04 IO::Zlib > 2.23 IP::Country > missing Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.005 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > 0.33 Net::LDAP > 4.007 NetAddr::IP > 1.80 Parse::RecDescent > missing SAVI > 3.12 Test::Harness > missing Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7501 version > 0.66 YAML > Help! Thanks, > > Gary > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jul 11 14:53:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 14:55:24 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> Message-ID: <487765D0.7020001@ecs.soton.ac.uk> Luciano Grego wrote: > Hi > I'm back again, > i' ve FC8 + MailScanner ( latest version RPM installed, reinstalled > after with -nodeps option ). > Queue directory are ok. Like manual. > It's possible that my problem is sendmail. > It don't queue email for Mailscanner, but delivery automatically on local > mailbox. > > I've setup /etc/init.d/MailScanner for running only the first sendmail > process for accept incoming messagges on port 25. What did you change my /etc/init.d script? All you've succeeded in doing is breaking it. I can't see any need to break this file at all. Want a clue? Check out the missing -ODeliveryMode=queueonly option in your "$SENDMAIL -bd" line. Have a nice weekend :-) Jules. > > StartInSendmail() > ... > # $SENDMAIL -bd -OPrivacyOptions=noetrn > -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID > > $SENDMAIL -bd -D /var/log/sendmail.dbg -d0-99.2 > -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in > -OPidFile=$INPID > > # touch /var/run/sm-client.pid > # chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null > # $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null > -- > StartOutSendmail() > ... > $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) > -OPidFile=$OUTPID > > > > The messages delivered on local mailbox bypassing MailScanner jobs. > > Where i must check sendmail? Is /etc/mail/access rules? > Thanks at all! > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lucianog at metline.it Fri Jul 11 15:22:55 2008 From: lucianog at metline.it (Luciano Grego) Date: Fri Jul 11 15:23:43 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> Message-ID: Hi Julian, I've pasted the text without the " -ODeliveryMode=queueonly " in the /etc/init.d/MailScanner, but present in the script. It's a mistake! I'm try to queue the emails that arriving through sendmail in the $INQDIR ( /var/spool/mqueue.in ). Emails are delivered immediately to local mailbox. I've want to see what happens in the queues. I think that MailScanner working OK but sendmail don't. May paste some config file? Thanks. L. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, July 11, 2008 3:53 PM Subject: Re: MailScanner on FC8 don't pickup emails > > > Luciano Grego wrote: >> Hi >> I'm back again, >> i' ve FC8 + MailScanner ( latest version RPM installed, reinstalled after >> with -nodeps option ). >> Queue directory are ok. Like manual. >> It's possible that my problem is sendmail. >> It don't queue email for Mailscanner, but delivery automatically on local >> mailbox. >> >> I've setup /etc/init.d/MailScanner for running only the first sendmail >> process for accept incoming messagges on port 25. > What did you change my /etc/init.d script? All you've succeeded in doing > is breaking it. I can't see any need to break this file at all. > > Want a clue? Check out the missing -ODeliveryMode=queueonly option in your > "$SENDMAIL -bd" line. > > Have a nice weekend :-) > > Jules. >> >> StartInSendmail() >> ... >> # >> $SENDMAIL -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR >> -OPidFile=$INPID >> >> $SENDMAIL -bd -D >> /var/log/sendmail.dbg -d0-99.2 -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in >> -OPidFile=$INPID >> >> # touch /var/run/sm-client.pid >> # chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null >> # $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null >> -- >> StartOutSendmail() >> ... >> $SENDMAIL $([ -n "$QUEUETIME" ] && >> echo -q$QUEUETIME) -OPidFile=$OUTPID >> >> >> >> The messages delivered on local mailbox bypassing MailScanner jobs. >> >> Where i must check sendmail? Is /etc/mail/access rules? >> Thanks at all! >> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From MailScanner at ecs.soton.ac.uk Fri Jul 11 16:31:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 16:32:23 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> Message-ID: <48777CEB.2090406@ecs.soton.ac.uk> But why did you change my supplied init.d script? It works just fine how it is, for everyone else. Jules. Luciano Grego wrote: > Hi Julian, > I've pasted the text without the " -ODeliveryMode=queueonly " in the > /etc/init.d/MailScanner, but present in the script. It's a mistake! > I'm try to queue the emails that arriving through sendmail in the > $INQDIR ( /var/spool/mqueue.in ). > Emails are delivered immediately to local mailbox. > I've want to see what happens in the queues. > I think that MailScanner working OK but sendmail don't. > May paste some config file? > Thanks. > L. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Friday, July 11, 2008 3:53 PM > Subject: Re: MailScanner on FC8 don't pickup emails > > >> >> >> Luciano Grego wrote: >>> Hi >>> I'm back again, >>> i' ve FC8 + MailScanner ( latest version RPM installed, reinstalled >>> after with -nodeps option ). >>> Queue directory are ok. Like manual. >>> It's possible that my problem is sendmail. >>> It don't queue email for Mailscanner, but delivery automatically on >>> local >>> mailbox. >>> >>> I've setup /etc/init.d/MailScanner for running only the first >>> sendmail process for accept incoming messagges on port 25. >> What did you change my /etc/init.d script? All you've succeeded in >> doing is breaking it. I can't see any need to break this file at all. >> >> Want a clue? Check out the missing -ODeliveryMode=queueonly option in >> your "$SENDMAIL -bd" line. >> >> Have a nice weekend :-) >> >> Jules. >>> >>> StartInSendmail() >>> ... >>> # $SENDMAIL -bd -OPrivacyOptions=noetrn >>> -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID >>> >>> $SENDMAIL -bd -D /var/log/sendmail.dbg -d0-99.2 >>> -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in >>> -OPidFile=$INPID >>> >>> # touch /var/run/sm-client.pid >>> # chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null >>> # $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID >>> 2>/dev/null >>> -- >>> StartOutSendmail() >>> ... >>> $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) >>> -OPidFile=$OUTPID >>> >>> >>> >>> The messages delivered on local mailbox bypassing MailScanner jobs. >>> >>> Where i must check sendmail? Is /etc/mail/access rules? >>> Thanks at all! >>> >>> >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> Il messaggio e' stato analizzato alla ricerca di virus o >> contenuti pericolosi da MailScanner, ed e' >> risultato non infetto. >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lucianog at metline.it Fri Jul 11 16:54:34 2008 From: lucianog at metline.it (Luciano Grego) Date: Fri Jul 11 16:55:14 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> <48777CEB.2090406@ecs.soton.ac.uk> Message-ID: I've restored original MailScanner init script ... There is no error in logs file! Mail just arrived at mail server and delivered immediately on local mailbox. No MailScanner signature on emails. No MailScanner jobs on emails. Really i think it's a sendmail issue! I've added debug switch for sendmail ... only! I do not know what to do more .... Thanks L. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, July 11, 2008 5:31 PM Subject: Re: MailScanner on FC8 don't pickup emails > But why did you change my supplied init.d script? It works just fine how > it is, for everyone else. > > Jules. > > Luciano Grego wrote: >> Hi Julian, >> I've pasted the text without the " -ODeliveryMode=queueonly " in the >> /etc/init.d/MailScanner, but present in the script. It's a mistake! >> I'm try to queue the emails that arriving through sendmail in the $INQDIR >> ( /var/spool/mqueue.in ). >> Emails are delivered immediately to local mailbox. >> I've want to see what happens in the queues. >> I think that MailScanner working OK but sendmail don't. >> May paste some config file? >> Thanks. >> L. >> > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From MailScanner at ecs.soton.ac.uk Fri Jul 11 17:04:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 17:05:21 2008 Subject: MailScanner on FC8 don't pickup emails In-Reply-To: References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> <48777CEB.2090406@ecs.soton.ac.uk> Message-ID: <487784A2.3040103@ecs.soton.ac.uk> Do the following: chkconfig sendmail off chkconfig MailScanner on service sendmail stop service MailScanner restart And then see what happens to your new incoming mail. Luciano Grego wrote: > > I've restored original MailScanner init script ... > There is no error in logs file! > Mail just arrived at mail server and delivered immediately on local > mailbox. > No MailScanner signature on emails. > No MailScanner jobs on emails. > Really i think it's a sendmail issue! > I've added debug switch for sendmail ... only! > I do not know what to do more .... > Thanks > L. > > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Friday, July 11, 2008 5:31 PM > Subject: Re: MailScanner on FC8 don't pickup emails > > >> But why did you change my supplied init.d script? It works just fine >> how it is, for everyone else. >> >> Jules. >> >> Luciano Grego wrote: >>> Hi Julian, >>> I've pasted the text without the " -ODeliveryMode=queueonly " in the >>> /etc/init.d/MailScanner, but present in the script. It's a mistake! >>> I'm try to queue the emails that arriving through sendmail in the >>> $INQDIR ( /var/spool/mqueue.in ). >>> Emails are delivered immediately to local mailbox. >>> I've want to see what happens in the queues. >>> I think that MailScanner working OK but sendmail don't. >>> May paste some config file? >>> Thanks. >>> L. >>> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Fri Jul 11 17:25:49 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jul 11 17:25:58 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk><4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> Message-ID: <4877898D.4040505@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Ede wrote: | Does anyone know if there are any patches available for this for FC7 or | do I just need to download and compile a new version of bind? Fedora 7 does not receive updates anymore. So upgrade it to Fedora 8 or better or do your own compilation. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFId4mMBvzDRVjxmYERAo/cAJ9AzY9ynCS5CEowYGJM17K/PezOPQCfT6Nz 1SZv0XbyQ2/2vZjaMWy4jBw= =fD4D -----END PGP SIGNATURE----- From lucianog at metline.it Fri Jul 11 17:26:01 2008 From: lucianog at metline.it (Luciano Grego) Date: Fri Jul 11 17:26:43 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> <48777CEB.2090406@ecs.soton.ac.uk> <487784A2.3040103@ecs.soton.ac.uk> Message-ID: <0CBC870BCE3844A0A484771542ADF12E@LUCIANO> Hi Julian, setup of Mailscanner it's easy! I've first setup sendmail for incoming and outgoing messages for his domain and check if ok, then i've installed MailScanner Ver. 4.69.9-3. I' ve installed Ver. 4.70.7-1 and Ver. 4.71.2-2 after the problem, thinking it a bug of MailScanner. Here : MailScanner --lint Trying to setlogsock(unix) Read 824 hostnames from the phishing whitelist Read 3015 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.71.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ClamAV scanner using unrar command /usr/bin/unrar Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== Virus and Content Scanning: Starting LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *********************************************************** /var/spool/MailScanner/incoming/4988/./1/eicar.com: Eicar-Test-Signature FOUND /var/spool/MailScanner/incoming/4988/./1.message: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1.message came from Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Filetype Checks: Allowing 1 eicar.com Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" -- Here : spamassassin --lint mail root [ /home/repos/src ] spamassassin --lint mail root [ /home/repos/src ] Thanks L. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, July 11, 2008 6:04 PM Subject: Re: MailScanner on FC8 don't pickup emails > Do the following: > > chkconfig sendmail off > chkconfig MailScanner on > service sendmail stop > service MailScanner restart > > And then see what happens to your new incoming mail. > > Luciano Grego wrote: >> >> I've restored original MailScanner init script ... >> There is no error in logs file! >> Mail just arrived at mail server and delivered immediately on local >> mailbox. >> No MailScanner signature on emails. >> No MailScanner jobs on emails. >> Really i think it's a sendmail issue! >> I've added debug switch for sendmail ... only! >> I do not know what to do more .... >> Thanks >> L. >> >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Friday, July 11, 2008 5:31 PM >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> >>> But why did you change my supplied init.d script? It works just fine how >>> it is, for everyone else. >>> >>> Jules. >>> >>> Luciano Grego wrote: >>>> Hi Julian, >>>> I've pasted the text without the " -ODeliveryMode=queueonly " in the >>>> /etc/init.d/MailScanner, but present in the script. It's a mistake! >>>> I'm try to queue the emails that arriving through sendmail in the >>>> $INQDIR ( /var/spool/mqueue.in ). >>>> Emails are delivered immediately to local mailbox. >>>> I've want to see what happens in the queues. >>>> I think that MailScanner working OK but sendmail don't. >>>> May paste some config file? >>>> Thanks. >>>> L. >>>> >>> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From dgreenstein at stillsecure.com Fri Jul 11 19:59:09 2008 From: dgreenstein at stillsecure.com (David Greenstein) Date: Fri Jul 11 20:05:17 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 Message-ID: I've seen a bunch of similar posts but no resolution to my problem. Simply, clamav detects a virus/worm and MailScanner simply requeues the message. I have all MailScanner.conf "Quarantine*" variables set to yes and "Deliver*" set to no. It appears to me that there is a coding error, but I'm no perl expert. Here is the log: Jul 11 14:19:52 utm MailScanner[17527]: New Batch: Scanning 1 messages, 2178 bytes Jul 11 14:19:54 utm MailScanner[17527]: Virus and Content Scanning: Starting Jul 11 14:20:01 utm MailScanner[17527]: /var/spool/MailScanner/incoming/17527/./5DF2686B12.AEF01.message: Eicar-Test-Signature FOUND Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: ClamAV found 1 infections Jul 11 14:20:01 utm MailScanner[17527]: Infected message 5DF2686B12.AEF01.message came from Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: Found 1 viruses Jul 11 14:20:01 utm MailScanner[17527]: MESSAGE virusinfected: 0, 5DF2686B12.AEF01 Jul 11 14:20:02 utm MailScanner[17527]: Requeue: 5DF2686B12.AEF01 to 63BCA86B16 Jul 11 14:20:02 utm MailScanner[17527]: Uninfected: Delivered 1 messages I've tried this with a real virus rather than eicar as well with the same result. I added the log message "MESSAGE virusinfected: 0". From what I can MessageBatch.pm only quarantines messages that have the virusinfected flag set to 1. This is set only in SweepViruses.pm. SweepViruses.pm modifies a local copy of the Message object though and by the time control returns to MessageBatch.pm the original Message object is used which has the virusinfected flag set to 0. Like I said, I'm no perl expert and perhaps I'm missing something. Has anyone else experienced this problem? I hope I am missing something! Thanks in advance, Dave From dgreenstein at stillsecure.com Fri Jul 11 20:36:23 2008 From: dgreenstein at stillsecure.com (David Greenstein) Date: Fri Jul 11 20:36:45 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 Message-ID: I've seen a bunch of similar posts but no resolution to my problem. Simply, clamav detects a virus/worm and MailScanner simply requeues the message. I have all MailScanner.conf "Quarantine*" variables set to yes and "Deliver*" set to no. It appears to me that there is a coding error, but I'm no perl expert. Here is the log: Jul 11 14:19:52 utm MailScanner[17527]: New Batch: Scanning 1 messages, 2178 bytes Jul 11 14:19:54 utm MailScanner[17527]: Virus and Content Scanning: Starting Jul 11 14:20:01 utm MailScanner[17527]: /var/spool/MailScanner/incoming/17527/./5DF2686B12.AEF01.message: Eicar-Test-Signature FOUND Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: ClamAV found 1 infections Jul 11 14:20:01 utm MailScanner[17527]: Infected message 5DF2686B12.AEF01.message came from Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: Found 1 viruses Jul 11 14:20:01 utm MailScanner[17527]: MESSAGE virusinfected: 0, 5DF2686B12.AEF01 Jul 11 14:20:02 utm MailScanner[17527]: Requeue: 5DF2686B12.AEF01 to 63BCA86B16 Jul 11 14:20:02 utm MailScanner[17527]: Uninfected: Delivered 1 messages I've tried this with a real virus rather than eicar as well with the same result. I added the log message "MESSAGE virusinfected: 0". From what I can MessageBatch.pm only quarantines messages that have the virusinfected flag set to 1. This is set only in SweepViruses.pm. SweepViruses.pm modifies a local copy of the Message object though and by the time control returns to MessageBatch.pm the original Message object is used which has the virusinfected flag set to 0. Like I said, I'm no perl expert and perhaps I'm missing something. Has anyone else experienced this problem? I hope I am missing something! Thanks in advance, Dave From MailScanner at ecs.soton.ac.uk Fri Jul 11 20:53:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 11 20:54:40 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 In-Reply-To: References: Message-ID: <4877BA50.1030000@ecs.soton.ac.uk> David Greenstein wrote: > I've seen a bunch of similar posts > but no resolution to my problem. Simply, > clamav detects a virus/worm and MailScanner > simply requeues the message. I have > all MailScanner.conf "Quarantine*" > variables set to yes and "Deliver*" set to > no. It appears to me that there is a > coding error, but I'm no perl expert. > Here is the log: > > Jul 11 14:19:52 utm MailScanner[17527]: New Batch: > Scanning 1 messages, 2178 bytes > Jul 11 14:19:54 utm MailScanner[17527]: Virus and > Content Scanning: Starting > Jul 11 14:20:01 utm MailScanner[17527]: > /var/spool/MailScanner/incoming/17527/./5DF2686B12.AEF01.message: > > Eicar-Test-Signature FOUND > Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: > ClamAV found 1 infections > Jul 11 14:20:01 utm MailScanner[17527]: Infected message > 5DF2686B12.AEF01.message came from > Jul 11 14:20:01 utm MailScanner[17527]: Virus Scanning: Found 1 viruses > Jul 11 14:20:01 utm MailScanner[17527]: > MESSAGE virusinfected: 0, 5DF2686B12.AEF01 > That "0" looks wrong. Exactly what versions of MailScanner and the ClamAV virus scanner are you using? What does "MailScanner --lint" produce? You are presumably using Postfix. What are you printing with your extra "MESSAGE virusinfected: 0" line? No-one else is hitting this problem, as far as I am aware. MailScanner certainly doesn't have any glaringly obvious bugs like this in it, it works fine for many tens of thousands of sites. So something more subtle is going on. > Jul 11 14:20:02 utm MailScanner[17527]: > Requeue: 5DF2686B12.AEF01 to 63BCA86B16 > Jul 11 14:20:02 utm MailScanner[17527]: Uninfected: Delivered 1 messages > > I've tried this with a real virus rather > than eicar as well with the same > result. I added the log message > "MESSAGE virusinfected: 0". From what I can > MessageBatch.pm only quarantines > messages that have the virusinfected flag set > to 1. This is set only in SweepViruses.pm. > SweepViruses.pm modifies a local copy > of the Message object though Perl doesn't do local copies of the Message object. > and by the > time control returns to MessageBatch.pm > the original Message object is used > which has the virusinfected flag set to 0. > That's not how Perl works. > Like I said, I'm no perl expert and perhaps > I'm missing something. Has anyone > else experienced this problem? > I hope I am missing something! > > Thanks in advance, > Dave > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From email at ace.net.au Fri Jul 11 21:04:12 2008 From: email at ace.net.au (Peter Nitschke) Date: Fri Jul 11 21:04:41 2008 Subject: OT: Run MScanner in a virtualized environment. In-Reply-To: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com> Message-ID: <200807120534120890.0461CEFB@web.ace.net.au> I have an AMD X2 6000 with 8Gb RAM running Centos 5/64 as host for VM-Server 1.04. It has 5 guests - 4 x Centos with a mixture of MailScanner, DNS, gateway/firewall, proxy and web servers plus a Win2k pop3 server. The MS pc handled 1,978,400 messages last month, though most were rejected at the MTA level leaving 79,000 actually handled by MS. No problems at all. Total load on the box only goes over about 30 when I do a backup. Peter *********** REPLY SEPARATOR *********** On 1/07/2008 at 3:53 PM Eduardo Casarero wrote: >Hi guys, i know that it's not recomendable to run MS on virtualized HW >because of it's high cpu/io load. However, i'm doing some research >because my boss required it. > >What products do you think that will work best? VMware? Xen? The >objective is that it has to be simple and quick to deploy. Also will >be useful in case the HW dies, so you quickly can have the emails >flowing (may be with delay, but working), until HW gets repaired. > >We all know that installing MS servers takes a while, so having a >pre-installed image will reduce times. > >Any thoughts? > >Everything will be appreciated. > >Eduardo. >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From dgreenstein at stillsecure.com Fri Jul 11 21:20:41 2008 From: dgreenstein at stillsecure.com (David Greenstein) Date: Fri Jul 11 21:21:05 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 References: <4877BA50.1030000@ecs.soton.ac.uk> Message-ID: Thanks for the reply Jules! I agree that this would be too obvious of a bug for someone else not to have run into... so hopefully I'm just doing something silly. For the debug message, I put a loop in MessageBatch::VirusScan after MailScanner::SweepViruses::ScanBatch is called that looks as follows: my($key, $message); #print "In PrintInfections(), this = $this\n"; while(($key, $message) = each %{$this->{messages}}) { #print STDERR "Key is $key and Message is $message\n"; MailScanner::Log::NoticeLog("MESSAGE virusinfected: %d, %s", $message->{virusinfected}, $key); } It seems that it's necessary for this to be set so that the quarantine and other infected operations take place after CombineReports uses this to set the "infected" key in the message.... but I'm likely misreading something in the code. Here are all the versions I have installed (the "ss#" in the rpm is because the rpms have been repackaged these with a slightly different name)... perhaps that is part of the problem. rpm -qa | grep mailscanner mailscanner-4.70.7-ss1 rpm -qa | grep clam clamav-filesystem-0.93.3-1.ss clamav-data-0.93.3-1.ss clamav-update-0.93.3-1.ss clamav-server-sysv-0.93.3-1.ss clamav-data-empty-0.93.3-1.ss clamav-lib-0.93.3-1.ss clamav-0.93.3-1.ss clamav-devel-0.93.3-1.ss clamav-server-0.93.3-1.ss rpm -qa | grep perl perl-TimeDate-1.16-ss4 perl-OLE-Storage_Lite-0.16-ss2 perl-Digest-SHA1-2.11-ss1.2 perl-Digest-HMAC-1.01-ss14.2 perl-Net-DNS-0.55-ss1.1.2 perl-DBD-Pg-1.31-ss7 perl-Filesys-Df-0.90-ss2 perl-MIME-tools-5.425-ss2 perl-Convert-TNEF-0.17-ss2 perl-Pod-Simple-3.05-ss2 perl-5.8.3-ss18 perl-DBI-1.56-ss2 perl-Compress-Zlib-1.41-ss1.2.2 perl-Net-IP-1.24-ss2.2 perl-DBD-SQLite-1.13-ss2 perl-Filter-1.28-ss141 perl-MailTools-2.02-ss2 perl-Convert-BinHex-1.119-ss3 perl-Pod-Escapes-1.04-ss2 perl-HTML-Parser-3.50-ss1 perl-Archive-Zip-1.16-ss2 subversion-perl-1.3.0-ss5 perl-Sys-Hostname-Long-1.4-ss2 perl-IO-stringy-2.110-ss2 perl-Net-CIDR-0.11-ss2 perl-Test-Pod-1.26-ss2 perl-Time-HiRes-1.9707-ss2 perl-URI-1.35-ss2.2 perl-HTML-Tagset-3.10-ss2.1 perl-TermReadKey-2.20-ss17 perl-IO-1.2301-ss3 MailScanner --lint **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! This must be due to the renamed package. I think I'll try to install MailScanner's default rpms right from the download site on a fresh linux install and see what happens. Thanks for your help! Dave From ssilva at sgvwater.com Fri Jul 11 23:27:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jul 11 23:27:36 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <4877898D.4040505@vanderkooij.org> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk><4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> Message-ID: on 7-11-2008 9:25 AM Hugo van der Kooij spake the following: > Jason Ede wrote: > | Does anyone know if there are any patches available for this for FC7 or > | do I just need to download and compile a new version of bind? > > Fedora 7 does not receive updates anymore. > > So upgrade it to Fedora 8 or better or do your own compilation. > > Hugo. > Another good example of why Fedora is not the best choice for a server if it is going to be expected to operate more than 18 months. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080711/da34c419/signature.bin From ssilva at sgvwater.com Fri Jul 11 23:32:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jul 11 23:32:39 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 In-Reply-To: References: <4877BA50.1030000@ecs.soton.ac.uk> Message-ID: on 7-11-2008 1:20 PM David Greenstein spake the following: > Thanks for the reply Jules! I agree that this would be too obvious > of a bug for someone else not to have run into... so hopefully > I'm just doing something silly. > > For the debug message, I put a loop in MessageBatch::VirusScan after > MailScanner::SweepViruses::ScanBatch is called that looks as follows: > > my($key, $message); > > #print "In PrintInfections(), this = $this\n"; > while(($key, $message) = each %{$this->{messages}}) { > #print STDERR "Key is $key and Message is $message\n"; > MailScanner::Log::NoticeLog("MESSAGE virusinfected: %d, %s", > $message->{virusinfected}, $key); > } > > It seems that it's necessary for this to be set so that the > quarantine and other infected operations take place after > CombineReports uses this to set the "infected" key in the > message.... but I'm likely misreading something in the code. > > Here are all the versions I have installed (the "ss#" in the > rpm is because the rpms have been repackaged these with a slightly > different name)... perhaps that is part of the problem. > <> > > > MailScanner --lint > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > > This must be due to the renamed package. I think I'll try to install > MailScanner's default rpms right from the download site on a fresh > linux install and see what happens. > > Thanks for your help! > > Dave Just curious, but why do you need to rebuild all your rpm's? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080711/c62e6ae0/signature.bin From ajcartmell at fonant.com Sat Jul 12 06:40:29 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Sat Jul 12 06:40:04 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> Message-ID: > Another good example of why Fedora is not the best choice for a server > if it > is going to be expected to operate more than 18 months ...unless you're happy to upgrade on a roughly annual basis to benefit from more up-to-date stable versions of the main packages, such as perl, apache, MySQL, PHP, etc. (see problems installing recent MainScanner versions on machines with old perl installations earlier) We've been here before - Fedora is an excellent server OS for people like me, running web servers requiring up-to-date packages. It may not be if your situation means upgrading OS versions is expensive and you have no need for recent software packages installed automatically. Cheers! Anthony -- www.fonant.com - Quality web sites From peter at farrows.org Sat Jul 12 10:04:40 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jul 12 10:05:10 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> Message-ID: <487873A8.3010909@farrows.org> Anthony Cartmell wrote: >> Another good example of why Fedora is not the best choice for a >> server if it >> is going to be expected to operate more than 18 months > > ...unless you're happy to upgrade on a roughly annual basis to benefit > from more up-to-date stable versions of the main packages, such as > perl, apache, MySQL, PHP, etc. > (see problems installing recent MainScanner versions on machines with > old perl installations earlier) > > We've been here before - Fedora is an excellent server OS for people > like me, running web servers requiring up-to-date packages. It may not > be if your situation means upgrading OS versions is expensive and you > have no need for recent software packages installed automatically. > > Cheers! > > Anthony I agree, having some 200 machines "under my wing" means I would be upgrading one almost everyworking day to stay in the picture under this scenario. As much as I like my work, I don't like it that much ;-) -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From J.Ede at birchenallhowden.co.uk Sat Jul 12 10:56:44 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Jul 12 10:57:29 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: <487873A8.3010909@farrows.org> References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> <487873A8.3010909@farrows.org> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4E39@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Farrow > Sent: 12 July 2008 10:05 > To: MailScanner discussion > Subject: Re: Watch it: Multiple DNS implementationsvulnerableto > cachepoisoning > > > > Anthony Cartmell wrote: > >> Another good example of why Fedora is not the best choice for a > >> server if it > >> is going to be expected to operate more than 18 months > > > > ...unless you're happy to upgrade on a roughly annual basis to > benefit > > from more up-to-date stable versions of the main packages, such as > > perl, apache, MySQL, PHP, etc. > > (see problems installing recent MainScanner versions on machines with > > old perl installations earlier) > > > > We've been here before - Fedora is an excellent server OS for people > > like me, running web servers requiring up-to-date packages. It may > not > > be if your situation means upgrading OS versions is expensive and you > > have no need for recent software packages installed automatically. > > > > Cheers! > > > > Anthony > > I agree, having some 200 machines "under my wing" means I would be > upgrading one almost everyworking day to stay in the picture under this > scenario. > As much as I like my work, I don't like it that much ;-) > Its one of the reasons I'm gradually migrating all the servers to CentOS 5... Unfortunately they're not all there yet. Jason From ismail at ismailozatay.net Sat Jul 12 13:51:11 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Sat Jul 12 13:51:16 2008 Subject: About spamassassin cache Message-ID: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> Hi there, Sometimes spamassassin cache goes timeout so some of spam messages come in. It use sqlite and now 20 MB. I think query of this file is slow. Is it possible to export this file into postgre or mysql database or how can i fix spamassassin cache timeout problem ? I do not want to disable it... Thanks ismail From shuttlebox at gmail.com Sat Jul 12 14:00:13 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Jul 12 14:00:31 2008 Subject: About spamassassin cache In-Reply-To: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> References: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> Message-ID: <625385e30807120600p405d24bcv6bfbf9551d8dd0cc@mail.gmail.com> On Sat, Jul 12, 2008 at 2:51 PM, Ismail OZATAY wrote: > Hi there, > > Sometimes spamassassin cache goes timeout so some of spam messages come in. > It use sqlite and now 20 MB. I think query of this file is slow. Is it > possible to export this file into postgre or mysql database or how can i fix > spamassassin cache timeout problem ? I do not want to disable it... For simple tasks like this SQLite should be the fastest option. Is your cache file on a tmpfs file system? /peter -- Vince Lombardi - "Winning is habit. Unfortunately, so is losing." From itdept at fractalweb.com Sat Jul 12 17:29:53 2008 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Jul 12 17:32:07 2008 Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning In-Reply-To: <48745EB2.8050404@alexb.ch> References: <48745EB2.8050404@alexb.ch> Message-ID: <1215880193.6468.5.camel@chris-desktop> On Wed, 2008-07-09 at 08:46 +0200, Alex Broens wrote: > Multiple DNS implementations vulnerable to cache poisoning > It's slightly-off-topic information like this that is precisely why I love this mailing list. While this DNS vulnerability doesn't directly relate to MailScanner, it is very relevant to virtually every one of us here, as I imagine the vast majority of us administer servers. I am continually grateful to everyone here for not only mentioning that there is a vulnerability but also discussing the best ways of patching and testing. Thanks again. Cheers, Chris From mark at msapiro.net Sat Jul 12 17:36:54 2008 From: mark at msapiro.net (Mark Sapiro) Date: Sat Jul 12 17:37:09 2008 Subject: Message body lost when zip file quarantined In-Reply-To: <486D47F2.6050104@ecs.soton.ac.uk> Message-ID: On Thu, 03 Jul 2008 at 22:43:14 +0100.Julian Field wrote: > >Mark Sapiro wrote: >> >> Here's what I have: >> >> -The Postfix queue entry. >> -The raw message received via bcc without passing through MailScanner >> -The {Filename?} message delivered to the recipient after MailScanner >> -The notice sent as a result of 'Send Notices = yes' >> >> Which of these would you like (and may I send it/them off list)? >> >All of the above please. Send them zipped up to mailscanner@ecs.soton.ac.uk. I sent the zip as above to Jules as requested last week. I assume Jules will get to it. I'm only posting now to be sure it didn't fall through the cracks. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From hvdkooij at vanderkooij.org Sun Jul 13 10:03:24 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jul 13 10:03:33 2008 Subject: The long road to yum Message-ID: <4879C4DC.6000409@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I tried to create an up-to-date yum repository. The issue with Centos 5 is that a recent perl upgrade now means that the native IO module (v1.22) results in more conflicts with the seperate v1.23 module. The older ones just had a conflict on the manual pages and I could work around those by splitting the package. But now I have to do something more drastic. I am looking into splitting the default perl package and splitting of the IO stuff in a seperate IO package. Then there should not be a conflict as the seperate but more up-to-date perl-IO package would replace the one created from the main perl package. But it would make the repository a bit harder to maintain. As I need to build perl itself on each upstream update. And I can only maintain Centos 5 i386 that way for now. I think the effort I am willing to put into this makes it clear how much I hate the --force option. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIecTaBvzDRVjxmYERAn4/AKCABtRn27P+IpC1gYhO62/yqlF0OwCcDxVz R/EIf2rqp4ZI+7LP30UrM6g= =9C2/ -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Sun Jul 13 10:13:23 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Sun Jul 13 10:12:06 2008 Subject: About spamassassin cache Message-ID: What's the exact mesg u are getting? Not just spamassassin timeout is it? -- martin -----Original Message----- From: Ismail OZATAY Sent: Saturday, July 12, 2008 1:56 PM To: MailScanner discussion Subject: About spamassassin cache Hi there, Sometimes spamassassin cache goes timeout so some of spam messages come in. It use sqlite and now 20 MB. I think query of this file is slow. Is it possible to export this file into postgre or mysql database or how can i fix spamassassin cache timeout problem ? I do not want to disable it... Thanks ismail -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Sun Jul 13 10:40:55 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jul 13 10:41:04 2008 Subject: About spamassassin cache In-Reply-To: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> References: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> Message-ID: <4879CDA7.1030300@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ismail OZATAY wrote: | Hi there, | | Sometimes spamassassin cache goes timeout so some of spam messages come | in. It use sqlite and now 20 MB. I think query of this file is slow. Is | it possible to export this file into postgre or mysql database or how | can i fix spamassassin cache timeout problem ? I do not want to disable | it... This wouldn't be just another case where SA does it's own maintenance so MS is unaware of this? That is the common issue with people reporting SA issues. See also: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c5.2.1.1.0.20041020093257.01eb7de8@mail.comcast.net%3e Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIec2kBvzDRVjxmYERAiACAKCIjjZW0hmNk4C1sQDMpuqtZqiHSwCfUhot vqL/JlxRacuOPhSViWgAmoY= =7M1C -----END PGP SIGNATURE----- From shuttlebox at gmail.com Sun Jul 13 11:00:11 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Jul 13 11:00:20 2008 Subject: About spamassassin cache In-Reply-To: <4879CDA7.1030300@vanderkooij.org> References: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> <4879CDA7.1030300@vanderkooij.org> Message-ID: <625385e30807130300n449e32fbj98f9f7cca962d206@mail.gmail.com> On Sun, Jul 13, 2008 at 11:40 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ismail OZATAY wrote: > | Hi there, > | > | Sometimes spamassassin cache goes timeout so some of spam messages come > | in. It use sqlite and now 20 MB. I think query of this file is slow. Is > | it possible to export this file into postgre or mysql database or how > | can i fix spamassassin cache timeout problem ? I do not want to disable > | it... > > This wouldn't be just another case where SA does it's own maintenance so > MS is unaware of this? > > That is the common issue with people reporting SA issues. See also: > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c5.2.1.1.0.20041020093257.01eb7de8@mail.comcast.net%3e But that post is about Bayes which is controlled by SA, the OP here is having problems with the SA cache which is controlled by MS. SA is not aware of that cache. /peter -- PJ O'Rourke - "If government were a product, selling it would be illegal." From ricky.boone at gmail.com Sun Jul 13 16:45:50 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Sun Jul 13 16:46:05 2008 Subject: The long road to yum In-Reply-To: <4879C4DC.6000409@vanderkooij.org> References: <4879C4DC.6000409@vanderkooij.org> Message-ID: <487A232E.1010902@gmail.com> Hugo van der Kooij wrote: > ... > I am looking into splitting the default perl package and splitting of > the IO stuff in a seperate IO package. My apologies if this was discussed before, but has anyone contacted Red Hat regarding the matter? Perhaps they could be convinced to split this along with other perl modules installed by the main RPM that the MailScanner install script has issues with into individual RPMs? Just a thought. :) If the idea has already been shot down, forget that I asked. :) From hvdkooij at vanderkooij.org Sun Jul 13 17:00:16 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jul 13 17:00:27 2008 Subject: The long road to yum In-Reply-To: <487A232E.1010902@gmail.com> References: <4879C4DC.6000409@vanderkooij.org> <487A232E.1010902@gmail.com> Message-ID: <487A2690.9070509@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ricky Boone wrote: | Hugo van der Kooij wrote: |> ... |> I am looking into splitting the default perl package and splitting of |> the IO stuff in a seperate IO package. | | My apologies if this was discussed before, but has anyone contacted Red | Hat regarding the matter? Perhaps they could be convinced to split this | along with other perl modules installed by the main RPM that the | MailScanner install script has issues with into individual RPMs? | | Just a thought. :) If the idea has already been shot down, forget that | I asked. :) I think they have sort of done this. For Centos 5 (and RHEL 5) there is a simple solution. By installing in siteperl the new package will not conflict with existing files but the new ones will be loaded before the existing ones. I will see if I can add a clause to the package to prevent people from installing my repackaged perl-IO package on Centos 4 for example. For thos who run Centos 5 and allready use rpmforge I have updated my repository. See also: http://yum.vanderkooij.org/ Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIeiaPBvzDRVjxmYERAjpgAKCsGdge70Q6CROFKAaAMRfzED+5iwCffqjZ GaGNyO4aygiOh5OAyL9qhNs= =5eGh -----END PGP SIGNATURE----- From ismail at ismailozatay.net Sun Jul 13 17:39:05 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Sun Jul 13 18:21:26 2008 Subject: About spamassassin cache References: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> <4879CDA7.1030300@vanderkooij.org> Message-ID: I am trying these timeout options now. Thanks ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner discussion" Sent: Sunday, July 13, 2008 12:40 PM Subject: Re: About spamassassin cache > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ismail OZATAY wrote: > | Hi there, > | > | Sometimes spamassassin cache goes timeout so some of spam messages come > | in. It use sqlite and now 20 MB. I think query of this file is slow. Is > | it possible to export this file into postgre or mysql database or how > | can i fix spamassassin cache timeout problem ? I do not want to disable > | it... > > This wouldn't be just another case where SA does it's own maintenance so > MS is unaware of this? > > That is the common issue with people reporting SA issues. See also: > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c5.2.1.1.0.20041020093257.01eb7de8@mail.comcast.net%3e > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIec2kBvzDRVjxmYERAiACAKCIjjZW0hmNk4C1sQDMpuqtZqiHSwCfUhot > vqL/JlxRacuOPhSViWgAmoY= > =7M1C > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From naolson at gmail.com Mon Jul 14 04:31:07 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Jul 14 04:31:16 2008 Subject: The long road to yum In-Reply-To: <487A2690.9070509@vanderkooij.org> References: <4879C4DC.6000409@vanderkooij.org> <487A232E.1010902@gmail.com> <487A2690.9070509@vanderkooij.org> Message-ID: <8f54b4330807132031m50ba8a9k13e1a03d75212aa4@mail.gmail.com> At NDSU we use Red Hat's package if it exists. If not, we have built a separate RPM. The whole of MailScanner's Perl requirements fall into either category. We have not had a problem with this approach for 3 years. I haven't seen this proposed on the list, so I'm chiming in. This has worked with RHEL 4 and 5. From ismail at ismailozatay.net Mon Jul 14 07:02:50 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Mon Jul 14 08:05:04 2008 Subject: About spamassassin cache References: <9E9F0CD05BA645DEB8DC6B6887132C6B@pc> <4879CDA7.1030300@vanderkooij.org> Message-ID: <8088E51F65E84E8CB64A202E9DB357DE@pc> Hi , When i increased the spamassassin timeouts it seems better. Now i do not see any cache timeout. Thanks all. ismail ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner discussion" Sent: Sunday, July 13, 2008 12:40 PM Subject: Re: About spamassassin cache > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ismail OZATAY wrote: > | Hi there, > | > | Sometimes spamassassin cache goes timeout so some of spam messages come > | in. It use sqlite and now 20 MB. I think query of this file is slow. Is > | it possible to export this file into postgre or mysql database or how > | can i fix spamassassin cache timeout problem ? I do not want to disable > | it... > > This wouldn't be just another case where SA does it's own maintenance so > MS is unaware of this? > > That is the common issue with people reporting SA issues. See also: > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c5.2.1.1.0.20041020093257.01eb7de8@mail.comcast.net%3e > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIec2kBvzDRVjxmYERAiACAKCIjjZW0hmNk4C1sQDMpuqtZqiHSwCfUhot > vqL/JlxRacuOPhSViWgAmoY= > =7M1C > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Jul 14 08:58:24 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jul 14 08:58:37 2008 Subject: About spamassassin cache In-Reply-To: <8088E51F65E84E8CB64A202E9DB357DE@pc> Message-ID: <82c3a81a58c9404795d2a09c41e9ee08@solidstatelogic.com> Ismail As I thought - this is not a cache timeout but a spamassassin timeout. This can be caused by quite a few things, DNS timings to RBL's (or URI-RBLs), bayes needs expiring (or you've not setup the expirey correctly to play with MailScanner),... See the optimisation and "getting most out of spamassassin" sections of the wiki. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ismail OZATAY > Sent: 14 July 2008 07:03 > To: MailScanner discussion > Subject: Re: About spamassassin cache > > Hi , > > When i increased the spamassassin timeouts it seems better. > Now i do not see any cache timeout. > > Thanks all. > > ismail > > ----- Original Message ----- > From: "Hugo van der Kooij" > To: "MailScanner discussion" > Sent: Sunday, July 13, 2008 12:40 PM > Subject: Re: About spamassassin cache > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Ismail OZATAY wrote: > > | Hi there, > > | > > | Sometimes spamassassin cache goes timeout so some of spam > messages come > > | in. It use sqlite and now 20 MB. I think query of this > file is slow. Is > > | it possible to export this file into postgre or mysql > database or how > > | can i fix spamassassin cache timeout problem ? I do not > want to disable > > | it... > > > > This wouldn't be just another case where SA does it's own > maintenance so > > MS is unaware of this? > > > > That is the common issue with people reporting SA issues. See also: > > > http://mail-archives.apache.org/mod_mbox/spamassassin-users/20 > 0410.mbox/%3c5.2.1.1.0.20041020093257.01eb7de8@mail.comcast.net%3e > > > > Hugo. > > > > - -- > > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > > > A: Yes. > > >Q: Are you sure? > > >>A: Because it reverses the logical flow of conversation. > > >>>Q: Why is top posting frowned upon? > > > > Bored? Click on http://spamornot.org/ and rate those images. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFIec2kBvzDRVjxmYERAiACAKCIjjZW0hmNk4C1sQDMpuqtZqiHSwCfUhot > > vqL/JlxRacuOPhSViWgAmoY= > > =7M1C > > -----END PGP SIGNATURE----- > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Sylvain.Phaneuf at imsu.ox.ac.uk Mon Jul 14 11:43:13 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Mon Jul 14 11:43:25 2008 Subject: filename checks = wrong filename report In-Reply-To: <48776228.4070702@ecs.soton.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <48776228.4070702@ecs.soton.ac.uk> Message-ID: <487B3BD1.FEA8.00EB.0@imsu.ox.ac.uk> >>> On 11/07/2008 at 14:37, Julian Field wrote: > > Sorry, but this is a *very* bad idea, and I'm not going to write it. > > I only ever put sanitised versions of filenames in any output produced > by MailScanner. Otherwise some bright spark will work out how to do what > I describe above. MailScanner has a very good reputation in the software > security world, and I intend to keep it. :-) Sorry Julian, I would never suggest to make MailScanner less secure. I understand what you are trying to do and I am 100% with you. It is just the reporting text that is a "problem". I am going to modify the text as suggested by the others, but I would prefer not needing to say: "filename shown may not be the original one". The uncertainty increases confusion, etc... As pointed out by shuttlebox, " it's a separate test in the filename rules and they all cause the same report". Could the tests use different reports? But again, this may be too painful to implement considering the small benifit (unconfused users). Anyway, this is not a critic of you decisions! I am only trying to be constructive. Regards, Sylvain From shuttlebox at gmail.com Mon Jul 14 11:57:42 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jul 14 11:57:51 2008 Subject: filename checks = wrong filename report In-Reply-To: <487B3BD1.FEA8.00EB.0@imsu.ox.ac.uk> References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <48776228.4070702@ecs.soton.ac.uk> <487B3BD1.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <625385e30807140357q54f68132x9b9c39daef33950@mail.gmail.com> On Mon, Jul 14, 2008 at 12:43 PM, Sylvain Phaneuf wrote: > As pointed out by shuttlebox, " it's a separate test in the filename rules and they all cause the same report". Could the tests use different reports? But again, this may be too painful to implement considering the small benifit (unconfused users). But both the filename report template and the individual test report lines are configurable. What would you write in a "different report" that you can't write now? /peter -- Fred Allen - "Television is a medium because anything well done is rare." From campbell at cnpapers.com Mon Jul 14 13:58:44 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 13:59:07 2008 Subject: OT-Related to the DNS stuff Message-ID: <487B4D84.7070107@cnpapers.com> I'm running an old RH 7.3 server for Bind. It's scheduled to be taken out of commission at the beginning of September. Can anyone provide a link to rpms for Bind, Bind-utils, and Bind-devel? I've searched the normal places and didn't see them - I'll re-search but if anyone can help, I'd appreciated it. Steve Campbell From Hostmaster at computerservicecentre.com Mon Jul 14 14:08:35 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jul 14 14:08:47 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B4D84.7070107@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7E79@commssrv01.computerservicecentre.com> >I'm running an old RH 7.3 server for Bind. It's scheduled to be taken >out of commission at the beginning of September. Can anyone provide a >link to rpms for Bind, Bind-utils, and Bind-devel? http://www.redhat.com/security/updates/eol/ Looks like RH 7.3 is long since dead and buried Steve - the last security bugfix for it was waaaay back in Jan '04. Unless anyone can suggest a repo still supporting it (there surely can't be any?!?!) then either you're going to have to build your own RPM, compile from source, upgrade now, or live with the un-patched version. Surely a machine this old is still running BIND 8? *shudder* -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From brie.gordon at gmail.com Mon Jul 14 14:10:03 2008 From: brie.gordon at gmail.com (Brie Gordon) Date: Mon Jul 14 14:10:14 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B4D84.7070107@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> Message-ID: On Mon, Jul 14, 2008 at 8:58 AM, Steve Campbell wrote: > I'm running an old RH 7.3 server for Bind. It's scheduled to be taken out > of commission at the beginning of September. Can anyone provide a link to > rpms for Bind, Bind-utils, and Bind-devel? Does this work as a starting point for you?: http://rpm.pbone.net/index.php3/stat/4/idpl/3387734/com/bind-utils-9.2.1-1.7x.2.i386.rpm.html > > > I've searched the normal places and didn't see them - I'll re-search but if > anyone can help, I'd appreciated it. > > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Regards, Brie Gordon http://granite.sru.edu/~bag6849/index.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080714/ebd7853f/attachment.html From campbell at cnpapers.com Mon Jul 14 14:42:00 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 14:42:27 2008 Subject: OT-Related to the DNS stuff In-Reply-To: References: <487B4D84.7070107@cnpapers.com> Message-ID: <487B57A8.5070901@cnpapers.com> Brie Gordon wrote: > > On Mon, Jul 14, 2008 at 8:58 AM, Steve Campbell > wrote: > > I'm running an old RH 7.3 server for Bind. It's scheduled to be > taken out of commission at the beginning of September. Can anyone > provide a link to rpms for Bind, Bind-utils, and Bind-devel? > > > Does this work as a starting point for you?: > > http://rpm.pbone.net/index.php3/stat/4/idpl/3387734/com/bind-utils-9.2.1-1.7x.2.i386.rpm.html > > > > > I've searched the normal places and didn't see them - I'll > re-search but if anyone can help, I'd appreciated it. > > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Regards, > > Brie Gordon > > http://granite.sru.edu/~bag6849/index.html > Brie, Thanks a lot. I scanned that site, along with a few others I use for RPMs, but not having the version of the RPM made it a little difficult to find the good rpms. Got the 3 I needed. Richard, Yep, it's an antique. That's the reason it's heading for retirement. I have others built already, but we're getting ready to change providers, which means IP addresses for all, so I'm waiting until I get all of that in place before bringing them online. Thanks again Steve From jra at baylink.com Mon Jul 14 15:09:57 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jul 14 15:10:14 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: References: <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> Message-ID: <20080714140957.GA24892@cgi.jachomes.com> On Sat, Jul 12, 2008 at 06:40:29AM +0100, Anthony Cartmell wrote: > We've been here before - Fedora is an excellent server OS for people like > me, running web servers requiring up-to-date packages. It may not be if > your situation means upgrading OS versions is expensive and you have no > need for recent software packages installed automatically. In the world of Dependency Hell, where our apps depend on the versions of other packages, in intricate pathways, running automatic updates on servers is rarely a good idea, IME. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin) From rcooper at dwford.com Mon Jul 14 15:59:04 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jul 14 15:59:20 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B4D84.7070107@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Steve Campbell > Sent: Monday, July 14, 2008 8:59 AM > To: mailscanner@lists.mailscanner.info > Subject: OT-Related to the DNS stuff > > I'm running an old RH 7.3 server for Bind. It's scheduled to > be taken > out of commission at the beginning of September. Can anyone > provide a > link to rpms for Bind, Bind-utils, and Bind-devel? > > I've searched the normal places and didn't see them - I'll > re-search but > if anyone can help, I'd appreciated it. > > Steve Campbell > > -- I have 5 rh 7.3 servers I am migrating to Centos 5 and I just pulled the bind-9.4.3b2.tar.gz from the ISC bind page. ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --enable-libbind \ --enable-threads Should match a redhat package install, if you have not kept up your openssl you may need --disable-openssl-version-check. You will have to add dnssec-enable yes; to named.conf and might want to add empty-zones-enable no; if you do not have Active ipv6 dns currently (will cut down on noise); Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon Jul 14 15:59:23 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 14 15:59:43 2008 Subject: Clamd error Message-ID: <487B69CB.8070804@USherbrooke.ca> Hello all, I run clamd on my newest internal MS gateways and I occasionnally see the following error messages in my logs: Jul 14 01:28:58 smtpi6 MailScanner[16418]: Clamd::ERROR:: Unable to open file or directory ERROR :: ./m6E5SuLb032372/msg-16418-15.txt I don't understand what could be causing this because MS seems to be able to talk to clamd: Jul 14 10:45:20 smtpi6 MailScanner[31481]: ClamAVModule::INFECTED:: W32.BugBear.A FOUND :: ./m6EEjHIu010485/ Jul 14 10:45:20 smtpi6 MailScanner[31481]: ClamAVModule::INFECTED:: W32.BugBear.A :: ./m6EEjHIu010485/bugbear.virus Jul 14 10:45:20 smtpi6 MailScanner[31481]: Virus Scanning: Clamd found 2 infections And MailScanner --lint reports: ... Clamd said "eicar.com was infected: Eicar-Test-Signature" I saw 3 error messages in yesterday's maillog. So far there are 2 in todays maillog. I am running mailscanner-4.69.9-3 and clamd-0.93.3-1.el5.rf (was 0.93.1 yesterday). Any ideas what might be causing this? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3608 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080714/78aeef64/smime.bin From rcooper at dwford.com Mon Jul 14 16:10:23 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jul 14 16:10:38 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A7A7E79@commssrv01.computerservicecentre.com> References: <487B4D84.7070107@cnpapers.com> <3D9C92F3075F5144B46AA2C590F48E2A7A7E79@commssrv01.computerservicecentre.com> Message-ID: <33C9E1126E9B473C92939B39E3C9E0AA@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Hostmaster > Sent: Monday, July 14, 2008 9:09 AM > To: MailScanner discussion > Subject: RE: OT-Related to the DNS stuff > > >I'm running an old RH 7.3 server for Bind. It's scheduled > to be taken > >out of commission at the beginning of September. Can anyone > provide a > >link to rpms for Bind, Bind-utils, and Bind-devel? > > http://www.redhat.com/security/updates/eol/ > > Looks like RH 7.3 is long since dead and buried Steve - the > last security bugfix > for it was waaaay back in Jan '04. Unless anyone can suggest > a repo still > supporting it (there surely can't be any?!?!) then either > you're going to have > to build your own RPM, compile from source, upgrade now, or > live with the > un-patched version. Surely a machine this old is still > running BIND 8? *shudder* > > > -- Dag still builds for 7.3 and you can get packages from rpm.pbone.net but bind 9.3.2-10 is the latest bind available from either for rh 7.3 But there are many, many current packages (for instance clamav-0-0.93.3-1.rh7.rf). There are a lot that are not such as openssl (latest from dag is 0.9.7i-2) which has to be build from source. But Dag and FreshRpms (3) still maintain 7.3 repositories for yum. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Jul 14 16:12:46 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jul 14 16:13:08 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B4D84.7070107@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> Message-ID: <487B6CEE.5030906@farrows.org> Hi Steve, I don't know the circumstances of how its come about that you are still on RH7.3 after all these years, but the best thing to do would be to grab some source and compile it up. However, you may run into all kinds of problems compiling on such an old OS. Surely it would be easier to simply jump to Centos 5 now than struggle with this. You say its scheduled for retirement in September, but for my part RH7.3 is so old I can't even remember the last time I used or installed it. Given the revision frequency of Linux and how fast it moves compared to other OS's this is a bit like asking for a patch for Windows 3.11. If you want help or advice on moving over to Centos 5 there is plenty here will to help you out, but you should note that Centos 5 does have a bug in the installer which omits all the bind config and default zone files which stops you running named straight out of the box. Regards Pete Steve Campbell wrote: > I'm running an old RH 7.3 server for Bind. It's scheduled to be taken > out of commission at the beginning of September. Can anyone provide a > link to rpms for Bind, Bind-utils, and Bind-devel? > > I've searched the normal places and didn't see them - I'll re-search > but if anyone can help, I'd appreciated it. > > Steve Campbell > -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From campbell at cnpapers.com Mon Jul 14 16:26:54 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 16:27:11 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <33C9E1126E9B473C92939B39E3C9E0AA@SAHOMELT> References: <487B4D84.7070107@cnpapers.com> <3D9C92F3075F5144B46AA2C590F48E2A7A7E79@commssrv01.computerservicecentre.com> <33C9E1126E9B473C92939B39E3C9E0AA@SAHOMELT> Message-ID: <487B703E.9090503@cnpapers.com> Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Hostmaster > > Sent: Monday, July 14, 2008 9:09 AM > > To: MailScanner discussion > > Subject: RE: OT-Related to the DNS stuff > > > > >I'm running an old RH 7.3 server for Bind. It's scheduled > > to be taken > > >out of commission at the beginning of September. Can anyone > > provide a > > >link to rpms for Bind, Bind-utils, and Bind-devel? > > > > http://www.redhat.com/security/updates/eol/ > > > > Looks like RH 7.3 is long since dead and buried Steve - the > > last security bugfix > > for it was waaaay back in Jan '04. Unless anyone can suggest > > a repo still > > supporting it (there surely can't be any?!?!) then either > > you're going to have > > to build your own RPM, compile from source, upgrade now, or > > live with the > > un-patched version. Surely a machine this old is still > > running BIND 8? *shudder* > > > > > > -- > Dag still builds for 7.3 and you can get packages from rpm.pbone.net but > bind 9.3.2-10 is the latest bind available from either for rh 7.3 > But there are many, many current packages (for instance > clamav-0-0.93.3-1.rh7.rf). There are a lot that are not such as openssl > (latest from dag is 0.9.7i-2) which has to be build from source. But Dag and > FreshRpms (3) still maintain 7.3 repositories for yum. > > Rick > > > > Rick, I'm still looking for something to install. I was already running the latest that pbone has and Dag is usually a good go-too, but not this time. Thanks though for the time. Steve From Denis.Beauchemin at USherbrooke.ca Mon Jul 14 16:29:59 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 14 16:30:21 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B4D84.7070107@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> Message-ID: <487B70F7.1050204@USherbrooke.ca> Steve Campbell a ?crit : > I'm running an old RH 7.3 server for Bind. It's scheduled to be taken > out of commission at the beginning of September. Can anyone provide a > link to rpms for Bind, Bind-utils, and Bind-devel? > > I've searched the normal places and didn't see them - I'll re-search > but if anyone can help, I'd appreciated it. > > Steve Campbell > Steve, RH 7.3 is basically the same as RHEL 2.1, which is still supported. Thus you could grab RPMs for RHEL 2.1 as replacements. If you have acces to RHN you could download and install them on your RH 7.3 server. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From campbell at cnpapers.com Mon Jul 14 16:31:40 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 16:32:07 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B6CEE.5030906@farrows.org> References: <487B4D84.7070107@cnpapers.com> <487B6CEE.5030906@farrows.org> Message-ID: <487B715C.9030606@cnpapers.com> Peter Farrow wrote: > Hi Steve, > > I don't know the circumstances of how its come about that you are > still on RH7.3 after all these years, but the best thing to do would > be to grab some source and compile it up. > > However, you may run into all kinds of problems compiling on such an > old OS. Surely it would be easier to simply jump to Centos 5 now > than struggle with this. You say its scheduled for retirement in > September, but for my part RH7.3 is so old I can't even remember the > last time I used or installed it. > > Given the revision frequency of Linux and how fast it moves compared > to other OS's this is a bit like asking for a patch for Windows 3.11. > > If you want help or advice on moving over to Centos 5 there is plenty > here will to help you out, but you should note that Centos 5 does > have a bug in the installer which omits all the bind config and > default zone files which stops you running named straight out of the box. > > Regards > > > Pete > > > > > Steve Campbell wrote: >> I'm running an old RH 7.3 server for Bind. It's scheduled to be taken >> out of commission at the beginning of September. Can anyone provide a >> link to rpms for Bind, Bind-utils, and Bind-devel? >> >> I've searched the normal places and didn't see them - I'll re-search >> but if anyone can help, I'd appreciated it. >> >> Steve Campbell >> > Pete, Thanks to you also. I'm actually on a Bind 9+ version. The RH release has not needed fixing, so it's stayed at 7.3. The new ones are Centos 5, and they've already been updated. Are you really suggesting I upgrade my Windows 3.11 machines also? :-) So far, I have found anything I can use for Bind-9.3.4. I'm guessing this is the fixed version. Thanks for the time and effort. Steve From campbell at cnpapers.com Mon Jul 14 16:35:14 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 16:35:27 2008 Subject: OT-Related to the DNS stuff In-Reply-To: References: <487B4D84.7070107@cnpapers.com> Message-ID: <487B7232.101@cnpapers.com> Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Steve Campbell > > Sent: Monday, July 14, 2008 8:59 AM > > To: mailscanner@lists.mailscanner.info > > Subject: OT-Related to the DNS stuff > > > > I'm running an old RH 7.3 server for Bind. It's scheduled to > > be taken > > out of commission at the beginning of September. Can anyone > > provide a > > link to rpms for Bind, Bind-utils, and Bind-devel? > > > > I've searched the normal places and didn't see them - I'll > > re-search but > > if anyone can help, I'd appreciated it. > > > > Steve Campbell > > > > -- > I have 5 rh 7.3 servers I am migrating to Centos 5 and I just pulled the > bind-9.4.3b2.tar.gz from the ISC bind page. > ./configure --prefix=/usr --sysconfdir=/etc \ > --localstatedir=/var --enable-libbind \ > --enable-threads > > Should match a redhat package install, if you have not kept up your openssl > you may need --disable-openssl-version-check. > > You will have to add dnssec-enable yes; to named.conf and might want to add > empty-zones-enable no; if you do not have > Active ipv6 dns currently (will cut down on noise); > > Rick > > Rick, OK, I'll try and get it and build it. The lifespan of these boxes are very limited, so as long as they run should be OK. Any quirks about overwriting zones or conf files? Steve From Hostmaster at computerservicecentre.com Mon Jul 14 16:42:49 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jul 14 16:43:00 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B70F7.1050204@USherbrooke.ca> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> >RH 7.3 is basically the same as RHEL 2.1, which is still supported. >Thus you could grab RPMs for RHEL 2.1 as replacements. If you have >acces to RHN you could download and install them on your RH 7.3 server. I wondered if you could grab the Centos 2.1 RPM's in case you didn't have RHN access, and looksie what I found... http://mirror.centos.org/centos-2/updates/i386/bind-9.2.1-10.el2.i386.rpm http://mirror.centos.org/centos-2/updates/i386/bind-devel-9.2.1-10.el2.i386.rpm http://mirror.centos.org/centos-2/updates/i386/bind-utils-9.2.1-10.el2.i386.rpm All with dates of 09/07/08 :) -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From jra at baylink.com Mon Jul 14 16:52:51 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jul 14 16:53:01 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B715C.9030606@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> <487B6CEE.5030906@farrows.org> <487B715C.9030606@cnpapers.com> Message-ID: <20080714155251.GG24892@cgi.jachomes.com> On Mon, Jul 14, 2008 at 11:31:40AM -0400, Steve Campbell wrote: > >Given the revision frequency of Linux and how fast it moves compared > >to other OS's this is a bit like asking for a patch for Windows 3.11. > > Are you really suggesting I upgrade my Windows 3.11 machines also? :-) Well, Microsoft just stopped selling 3.11, so... http://tech.slashdot.org/article.pl?sid=08/07/10/186236 Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin) From rcooper at dwford.com Mon Jul 14 17:12:27 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jul 14 17:12:42 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B7232.101@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> <487B7232.101@cnpapers.com> Message-ID: <099314F2A257446B841749937E06DD2B@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Steve Campbell > Sent: Monday, July 14, 2008 11:35 AM > To: MailScanner discussion > Subject: Re: OT-Related to the DNS stuff > > > > Rick Cooper wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Steve Campbell > > > Sent: Monday, July 14, 2008 8:59 AM > > > To: mailscanner@lists.mailscanner.info > > > Subject: OT-Related to the DNS stuff > > > > > > I'm running an old RH 7.3 server for Bind. It's scheduled to > > > be taken > > > out of commission at the beginning of September. Can anyone > > > provide a > > > link to rpms for Bind, Bind-utils, and Bind-devel? > > > > > > I've searched the normal places and didn't see them - I'll > > > re-search but > > > if anyone can help, I'd appreciated it. > > > > > > Steve Campbell > > > > > > -- > > I have 5 rh 7.3 servers I am migrating to Centos 5 and I > just pulled the > > bind-9.4.3b2.tar.gz from the ISC bind page. > > ./configure --prefix=/usr --sysconfdir=/etc \ > > --localstatedir=/var --enable-libbind \ > > --enable-threads > > > > Should match a redhat package install, if you have not > kept up your openssl > > you may need --disable-openssl-version-check. > > > > You will have to add dnssec-enable yes; to named.conf and > might want to add > > empty-zones-enable no; if you do not have > > Active ipv6 dns currently (will cut down on noise); > > > > Rick > > > > > Rick, > > OK, I'll try and get it and build it. The lifespan of these > boxes are > very limited, so as long as they run should be OK. > > Any quirks about overwriting zones or conf files? > > Steve > Nope, it built and installed cleanly on all my boxes. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Mon Jul 14 17:24:52 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 17:25:05 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> <3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> Message-ID: <487B7DD4.40109@cnpapers.com> Hostmaster wrote: >> RH 7.3 is basically the same as RHEL 2.1, which is still supported. >> Thus you could grab RPMs for RHEL 2.1 as replacements. If you have >> acces to RHN you could download and install them on your RH 7.3 server. >> > > I wondered if you could grab the Centos 2.1 RPM's in case you didn't have RHN > access, and looksie what I found... > http://mirror.centos.org/centos-2/updates/i386/bind-9.2.1-10.el2.i386.rpm > http://mirror.centos.org/centos-2/updates/i386/bind-devel-9.2.1-10.el2.i386.rpm > http://mirror.centos.org/centos-2/updates/i386/bind-utils-9.2.1-10.el2.i386.rpm > > All with dates of 09/07/08 :) > > > -- > Best Regards, > Richard Garner (A+, N+, AMBCS, MOS-O) > Hostmaster > Computer Service Centre > web http://www.computerservicecentre.com > > > Richard, I also had wondered about those in Centos' vault. I've never used them, though. Thank you kind sir. Steve > > From campbell at cnpapers.com Mon Jul 14 17:27:01 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 17:27:15 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <20080714155251.GG24892@cgi.jachomes.com> References: <487B4D84.7070107@cnpapers.com> <487B6CEE.5030906@farrows.org> <487B715C.9030606@cnpapers.com> <20080714155251.GG24892@cgi.jachomes.com> Message-ID: <487B7E55.9050604@cnpapers.com> Jay R. Ashworth wrote: > On Mon, Jul 14, 2008 at 11:31:40AM -0400, Steve Campbell wrote: > >>> Given the revision frequency of Linux and how fast it moves compared >>> to other OS's this is a bit like asking for a patch for Windows 3.11. >>> >> Are you really suggesting I upgrade my Windows 3.11 machines also? :-) >> > > Well, Microsoft just stopped selling 3.11, so... > > http://tech.slashdot.org/article.pl?sid=08/07/10/186236 > > Cheers, > -- jra > Gee Whiz, I can't even be ironic properly anymore. Steve From Hostmaster at computerservicecentre.com Mon Jul 14 17:32:59 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jul 14 17:33:10 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B7DD4.40109@cnpapers.com> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca><3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> <487B7DD4.40109@cnpapers.com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7E91@commssrv01.computerservicecentre.com> >I also had wondered about those in Centos' vault. I've never used them, >though. They *should* be 100% binary compatible with upstream (RHEL) but that's not a promise. I have had to "mix and match" to work around things in the past and have never found any problems. As always, YMMV. -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From hvdkooij at vanderkooij.org Mon Jul 14 18:28:20 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jul 14 18:28:30 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B70F7.1050204@USherbrooke.ca> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> Message-ID: <487B8CB4.3070503@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: | Steve Campbell a ?crit : |> I'm running an old RH 7.3 server for Bind. It's scheduled to be taken |> out of commission at the beginning of September. Can anyone provide a |> link to rpms for Bind, Bind-utils, and Bind-devel? |> |> I've searched the normal places and didn't see them - I'll re-search |> but if anyone can help, I'd appreciated it. |> |> Steve Campbell |> | Steve, | | RH 7.3 is basically the same as RHEL 2.1, which is still supported. | Thus you could grab RPMs for RHEL 2.1 as replacements. If you have | acces to RHN you could download and install them on your RH 7.3 server. If it's close but no exact match I would suggest you fetch the source rpm and rebuild the package(s). If your system is setup properly it should be just something like: ~ 1. wget ftp://ftp.redhat.com/pub/redhat/linux/updates/enterprise/2.1AS/en/os/SRPMS/bind-9.2.1-10.el2.src.rpm ~ 2. rpmbuild --rebuild bind-9.2.1-10.el2.src.rpm Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIe4yzBvzDRVjxmYERAg58AKCLBewm90NeRG5F7X//tvINr0jaDgCfUVFb k+vwyEEoAJQMHL+jxo/V2RI= =8Kxc -----END PGP SIGNATURE----- From peter at farrows.org Mon Jul 14 18:38:43 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jul 14 18:39:13 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <20080714155251.GG24892@cgi.jachomes.com> References: <487B4D84.7070107@cnpapers.com> <487B6CEE.5030906@farrows.org> <487B715C.9030606@cnpapers.com> <20080714155251.GG24892@cgi.jachomes.com> Message-ID: <487B8F23.4020401@farrows.org> horizontal ruler Jay R. Ashworth wrote: > On Mon, Jul 14, 2008 at 11:31:40AM -0400, Steve Campbell wrote: > >>> Given the revision frequency of Linux and how fast it moves compared >>> to other OS's this is a bit like asking for a patch for Windows 3.11. >>> >> Are you really suggesting I upgrade my Windows 3.11 machines also? :-) >> > > Well, Microsoft just stopped selling 3.11, so... > > http://tech.slashdot.org/article.pl?sid=08/07/10/186236 > > Cheers, > -- jra > Yeah but to be fair that was the embedded channel, so that explains why sometimes you have to unplug your washing machine and plug in back in again to complete the spin cycle ;-) Also I bet there are some copies of Windows 95 upgrades for Win 3.11 kicking around too maybe.. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From mkettler at evi-inc.com Mon Jul 14 18:44:41 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jul 14 18:45:40 2008 Subject: filename checks = wrong filename report In-Reply-To: References: <48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk> <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com> <4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <4875398C.5010207@evi-inc.com> <4876471F.7050200@evi-inc.com> Message-ID: <487B9089.3040509@evi-inc.com> Scott Silva wrote: > Julian probably just sanitized everything to reduce code complexity. > Much easier then another 1000 lines of code to figure out IF something > can be bad. > Again, the syslog is not sanitized, so the "sanitized everything" doesn't make sense, because it isn't all sanitized. However, Julian has explained in a different post the possibility of embedding a mime section to create an attachment from the filename. I find that a bit remote as they'd have to guess the mime boundary string, and would only be easy if MailScanner is doing something foolish like using non-random boundary strings. I doubt MailScanner is so foolish, but even as a long-shot it is somewhat worth protecting against. In that context, that threat also wouldn't be present in syslog, so it would be safe to send it to syslog. Of course, this doesn't protect you against buffer overflows on syslog, but that could be fixed with a much less aggressive sanitation method (ie: removing unprintables, and limiting the length), which I'm guessing Julian already does and wouldn't have been visible here. So, Julian's got the right idea, and it's probably a good one despite the very remote chance of anyone successfully exploiting it. However, it clearly doesn't happen for any of the reasons Scott and I discussed. From campbell at cnpapers.com Mon Jul 14 18:57:45 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jul 14 18:58:08 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> <3D9C92F3075F5144B46AA2C590F48E2A7A7E8D@commssrv01.computerservicecentre.com> Message-ID: <487B9399.3090606@cnpapers.com> Hostmaster wrote: >> RH 7.3 is basically the same as RHEL 2.1, which is still supported. >> Thus you could grab RPMs for RHEL 2.1 as replacements. If you have >> acces to RHN you could download and install them on your RH 7.3 server. >> > > I wondered if you could grab the Centos 2.1 RPM's in case you didn't have RHN > access, and looksie what I found... > http://mirror.centos.org/centos-2/updates/i386/bind-9.2.1-10.el2.i386.rpm > http://mirror.centos.org/centos-2/updates/i386/bind-devel-9.2.1-10.el2.i386.rpm > http://mirror.centos.org/centos-2/updates/i386/bind-utils-9.2.1-10.el2.i386.rpm > > All with dates of 09/07/08 :) > > > -- > Best Regards, > Richard Garner (A+, N+, AMBCS, MOS-O) > Hostmaster > Computer Service Centre > web http://www.computerservicecentre.com > > I don't know how long it takes to cause the test to start failing, but these rpms seemed to work. Thanks very much. STeve From rcooper at dwford.com Mon Jul 14 18:58:24 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jul 14 18:58:40 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <487B8CB4.3070503@vanderkooij.org> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> <487B8CB4.3070503@vanderkooij.org> Message-ID: <6BB59A70955548C38407DAEA79C22EA8@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Hugo van der Kooij > Sent: Monday, July 14, 2008 1:28 PM > To: MailScanner discussion > Subject: Re: OT-Related to the DNS stuff > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Denis Beauchemin wrote: > | Steve Campbell a ?crit : > |> I'm running an old RH 7.3 server for Bind. It's scheduled > to be taken > |> out of commission at the beginning of September. Can > anyone provide a > |> link to rpms for Bind, Bind-utils, and Bind-devel? > |> > |> I've searched the normal places and didn't see them - > I'll re-search > |> but if anyone can help, I'd appreciated it. > |> > |> Steve Campbell > |> > | Steve, > | > | RH 7.3 is basically the same as RHEL 2.1, which is still supported. > | Thus you could grab RPMs for RHEL 2.1 as replacements. If you have > | acces to RHN you could download and install them on your > RH 7.3 server. > > If it's close but no exact match I would suggest you fetch the source > rpm and rebuild the package(s). > > If your system is setup properly it should be just something like: > ~ 1. wget > ftp://ftp.redhat.com/pub/redhat/linux/updates/enterprise/2.1A > S/en/os/SRPMS/bind-9.2.1-10.el2.src.rpm > ~ 2. rpmbuild --rebuild bind-9.2.1-10.el2.src.rpm > > Hugo. Unless that is heavily patched (and I doubt that) it won't contain the source to handle the exploit which is his end goal Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jul 14 19:18:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 14 19:20:43 2008 Subject: Watch it: Multiple DNS implementationsvulnerableto cachepoisoning In-Reply-To: References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org> <487540A3.7050701@pacific.net> <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com> <48756BED.30608@pacific.net> <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local> <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk> <4875FB5F.8030906@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA03CF60@HC-MBX02.herefordshire.gov.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C4A0D@server02.bhl.local> <4877898D.4040505@vanderkooij.org> Message-ID: on 7-11-2008 10:40 PM Anthony Cartmell spake the following: >> Another good example of why Fedora is not the best choice for a server >> if it >> is going to be expected to operate more than 18 months > > ...unless you're happy to upgrade on a roughly annual basis to benefit > from more up-to-date stable versions of the main packages, such as perl, > apache, MySQL, PHP, etc. > (see problems installing recent MainScanner versions on machines with > old perl installations earlier) > > We've been here before - Fedora is an excellent server OS for people > like me, running web servers requiring up-to-date packages. It may not > be if your situation means upgrading OS versions is expensive and you > have no need for recent software packages installed automatically. > > Cheers! > > Anthony That is why I qualified the end of my statement with " if it is going to be expected to operate for more than 18 months". A server farm of virtual and real servers installs can be automated rather easily, and having the latest and greatest for systems that sometimes get a 6 month or year contract and then fall off when they get abandoned wouldn't be as big a deal. But I sure wouldn't want to be the guy that had to re-install a few hundred servers every year or so. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080714/d6f41550/signature-0001.bin From hvdkooij at vanderkooij.org Mon Jul 14 19:43:46 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jul 14 19:43:55 2008 Subject: OT-Related to the DNS stuff In-Reply-To: <6BB59A70955548C38407DAEA79C22EA8@SAHOMELT> References: <487B4D84.7070107@cnpapers.com> <487B70F7.1050204@USherbrooke.ca> <487B8CB4.3070503@vanderkooij.org> <6BB59A70955548C38407DAEA79C22EA8@SAHOMELT> Message-ID: <487B9E62.5070600@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | | > If your system is setup properly it should be just something like: | > ~ 1. wget | > ftp://ftp.redhat.com/pub/redhat/linux/updates/enterprise/2.1A | > S/en/os/SRPMS/bind-9.2.1-10.el2.src.rpm | > ~ 2. rpmbuild --rebuild bind-9.2.1-10.el2.src.rpm | | Unless that is heavily patched (and I doubt that) it won't contain the | source to handle the exploit which is his end goal It IS heavily patched! Only a couple of days old. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIe55gBvzDRVjxmYERArJuAKC3D0hiARTlO36Swl7mVeg+jHGQIACfZ83Z El4XrQfqaEFkhG2uN1YWsRQ= =CBoy -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Jul 14 20:12:33 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jul 14 20:12:45 2008 Subject: yum repository started Message-ID: <487BA521.3000400@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have updated a yum repository that will function as an add-on to the Centos 5 and rpmforge repositories. I plan to keep it up-to-date within 24 to 48 hours after Jules releases a new release. (Unless Jules will go to warp 10.) One can find it via http://yum.vanderkooij.org/ I am also thinking of building a Mailwatch 1.04 package. But that might take quite a while. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIe6UfBvzDRVjxmYERAisQAKCdNZrski/1hG2a2J9MOE6Nlveo2gCfSVy3 khbE1+cX6gtF0UIwqaIaEgw= =QX64 -----END PGP SIGNATURE----- From rbong at amaes.edu.ph Tue Jul 15 04:38:47 2008 From: rbong at amaes.edu.ph (Ronald Ong) Date: Tue Jul 15 04:44:05 2008 Subject: Fake Reply and sender address - looping receive mail in mailscanner In-Reply-To: <200807111102.m6BB0KJb015659@safir.blacknight.ie> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> Message-ID: <487C1BC7.3010606@amaes.edu.ph> Hi, It seems Spammers are sending spams to different mail servers using our domain as REPLY address. All users in the reply address (ourusers-fake@ourdomain) are fake . RECIPIENT address also non-existent. Both servers are looping and bouncing mail notification. Recipient anti-spam server will send a notification email to our server (using the fake reply) saying that it cannot deliver. Since REPLY address are fake , MAILSCANNER will send out bounce notification. These are the subject headers from MAILWATCH using MAILSCANNER 4.70 - FROM : blank TO: fakeuser@ourdomain SUBJECT : - Undelivered Mail Returned to Sender - failure notice - Returned mail: Cannot send message within 5 minutes - Returned mail: see transcript for details - Delayed Mail (still being retried) - Delivery Status Notification (Failure) - Unable to deliver your message 1. Are these subject headers are legitimate and generated by MAILSCANNER or it is a bogus bounce header? 2. Why is it the TO: field is fakeuser@ourdomain instead of the recipient email. and the FROM is blank. Im thinking the source of spam is within our network, but when i checked the first mail receive , the IP is from other country. 3. How can i trap bogus reply address or stop mailscanner sending this emails on second attempt ( looping) Thanks Ronald AMA University -- This message has been scanned for viruses and dangerous content by AMA!MailScan, and is believed to be clean. From Neal at Morgan-Systems.com Tue Jul 15 05:30:59 2008 From: Neal at Morgan-Systems.com (Neal Morgan) Date: Tue Jul 15 05:31:36 2008 Subject: Fake Reply and sender address - looping receive mail in mailscanner In-Reply-To: <487C1BC7.3010606@amaes.edu.ph> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> Message-ID: <7D1CC61717004141A57CA6CA1C8087EC38DFA0@server-16.MorganSys.net> Ronald Ong wrote: > Hi, > > It seems Spammers are sending spams to different mail servers using our > domain as REPLY address. All users in the reply address > (ourusers-fake@ourdomain) are fake . RECIPIENT address also > non-existent. Both servers are looping and bouncing mail notification. > > Recipient anti-spam server will send a notification email to our server > (using the fake reply) saying that it cannot deliver. > Since REPLY address are fake , MAILSCANNER will send out bounce > notification. > > These are the subject headers from MAILWATCH using MAILSCANNER 4.70 - > FROM : blank TO: fakeuser@ourdomain > SUBJECT : > - Undelivered Mail Returned to Sender > - failure notice > - Returned mail: Cannot send message within 5 minutes > - Returned mail: see transcript for details > - Delayed Mail (still being retried) > - Delivery Status Notification (Failure) > - Unable to deliver your message > > 1. Are these subject headers are legitimate and generated by MAILSCANNER > or it is a bogus bounce header? > 2. Why is it the TO: field is fakeuser@ourdomain instead of the > recipient email. and the FROM is blank. > Im thinking the source of spam is within our network, but when i > checked the first mail receive , the IP is from other country. > 3. How can i trap bogus reply address or stop mailscanner sending this > emails on second attempt ( looping) > > Thanks > > Ronald > AMA University Ronald: What you are experiencing is called a "Joe Job" - spammer uses fake local part @YourDomain as the from on his mail. The MTA at the recipient domain is reacting properly (arguably) by responding with a non-delivery report since the recipient doesn't exist. NDRs usually do have a blank from address, so this part is valid too. Hopefully one of the smarter folks on the list can help with an answer to why your MTA is looping, and/or how MailScanner can best help with this. (I suspect the answer is going to have to do with using watermarking...) The good news is "Joe Jobs" don't last forever! The spammer will eventually change his from domain to something else. Good luck, Neal Morgan From hvdkooij at vanderkooij.org Tue Jul 15 06:08:36 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jul 15 06:08:47 2008 Subject: Fake Reply and sender address - looping receive mail in mailscanner In-Reply-To: <487C1BC7.3010606@amaes.edu.ph> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> Message-ID: <487C30D4.5020402@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronald Ong wrote: | It seems Spammers are sending spams to different mail servers using our | domain as REPLY address. All users in the reply address | (ourusers-fake@ourdomain) are fake . RECIPIENT address also | non-existent. Both servers are looping and bouncing mail notification. | | Recipient anti-spam server will send a notification email to our server | (using the fake reply) saying that it cannot deliver. | Since REPLY address are fake , MAILSCANNER will send out bounce | notification. MailScanner can not send out bounces. It is your MTA that does so. However since these messages are bounces your MTA is in violation of standards if it sends out bounces upon such messages. If your MTA accepts email to non-existing email addresses then that is the problem you need to fix. In any given configuration your first MTA should be able to tell good recipients from bad ones and never accept email for non-existing addresses. The solution is dependent upon your total email setup and the MTA used along with MailScanner. Barring any details about your MTA or email topology it is not possible to give you any further details towards a solution. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIfDDRBvzDRVjxmYERAiRiAJ940c5qowhzVBuib0VZnJqROU2NrQCfUYn5 YPta0uRqCm7iUVjuRZw6W3k= =hYOC -----END PGP SIGNATURE----- From Hostmaster at computerservicecentre.com Tue Jul 15 09:37:26 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Tue Jul 15 09:37:37 2008 Subject: Fake Reply and sender address - looping receive mail in mailscanner In-Reply-To: <487C1BC7.3010606@amaes.edu.ph> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7E97@commssrv01.computerservicecentre.com> >3. How can i trap bogus reply address or stop mailscanner sending this >emails on second attempt ( looping) The problem is twofold. The first part is the other mail servers - they should not be accepting mail which they cannot deliver to a user, but this is nothing you can fix. The second part is yours - you should not be accepting mail to users which do not exist. You should configure your MTA to reject (at SMTP RCPT time) messages which you cannot deliver to a user, which will prevent your server from bouncing these messages back. How to implement this depends on the MTA you are using, and I'm sure someone here can give you pointers for any MTA, or you can search the archives as this has been discussed numerous times. -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From mcornes at loreto.ac.uk Tue Jul 15 10:12:49 2008 From: mcornes at loreto.ac.uk (mcornes) Date: Tue Jul 15 10:12:38 2008 Subject: Fake Reply and sender address - looping receive mail inmailscanner In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A7A7E97@commssrv01.computerservicecentre.com> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> <3D9C92F3075F5144B46AA2C590F48E2A7A7E97@commssrv01.computerservicecentre.com> Message-ID: First post. Well I'll explain how we do the reject at SMTP rcpt. Every hour a cron job searches our active directory tree for any valid e mail addresses. These are then added to a database held by our mta (post fix) and from then on an e mail for an address we don't select is binned by the mail scanner box it isn't even scanned. This has the benefit of lessening load on what mail scanner actually has scan (and indeed virus check) but has the slight draw back of any new staff mail takes one hour before it is useable externally. That can be altered so the scan is performed more regularly I suppose. Hope this helps - I can post more exact instructions to what I did or links to the tutorials if that helps ? Mark Sent from my iPhone! On 15 Jul 2008, at 09:55, "Hostmaster" wrote: >> 3. How can i trap bogus reply address or stop mailscanner sending >> this >> emails on second attempt ( looping) > > The problem is twofold. The first part is the other mail servers - > they should > not be accepting mail which they cannot deliver to a user, but this > is nothing > you can fix. The second part is yours - you should not be accepting > mail to > users which do not exist. You should configure your MTA to reject > (at SMTP RCPT > time) messages which you cannot deliver to a user, which will > prevent your > server from bouncing these messages back. How to implement this > depends on the > MTA you are using, and I'm sure someone here can give you pointers > for any MTA, > or you can search the archives as this has been discussed numerous > times. > > > -- > Best Regards, > Richard Garner (A+, N+, AMBCS, MOS-O) > Hostmaster > Computer Service Centre > web http://www.computerservicecentre.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > All E-Mail communications are monitored in addition to being content > checked for malicious codes or viruses. The success of scanning > products is not guaranteed, therefore the recipient(s) should carry > out any checks that they believe to be appropriate in this respect. > > This message (including any attachments and/or related materials) is > confidential to and is the property of Computer Service Centre, > unless otherwise noted. If you are not the intended recipient, you > should delete this message and are hereby notified that any > disclosure, copying, or distribution of this message, or the taking > of any action based on it, is strictly prohibited. > > Any views or opinions presented are solely those of the author and > do not necessarily represent those of Computer Service Centre. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Jul 15 10:31:56 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jul 15 10:32:13 2008 Subject: Fake Reply and sender address - looping receive mail inmailscanner In-Reply-To: References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> <3D9C92F3075F5144B46AA2C590F48E2A7A7E97@commssrv01.computerservicecentre.com> Message-ID: <487C6E8C.6090502@alexb.ch> On 7/15/2008 11:12 AM, mcornes wrote: > First post. > Well I'll explain how we do the reject at SMTP rcpt. > > Every hour a cron job searches our active directory tree for any valid e > mail addresses. These are then added to a database held by our mta (post > fix) and from then on an e mail for an address we don't select is binned > by the mail scanner box it isn't even scanned. > > This has the benefit of lessening load on what mail scanner actually has > scan (and indeed virus check) but has the slight draw back of any new > staff mail takes one hour before it is useable externally. That can be > altered so the scan is performed more regularly I suppose. > > Hope this helps - I can post more exact instructions to what I did or > links to the tutorials if that helps ? Instead, milter-ahead does the job real well. Supports Postfix's transport hash tables very nicely. Save all the import routine and is self mantaining Alex From J.Ede at birchenallhowden.co.uk Tue Jul 15 10:46:24 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jul 15 10:51:46 2008 Subject: Fake Reply and sender address - looping receive mail inmailscanner In-Reply-To: <487C6E8C.6090502@alexb.ch> References: <200807111102.m6BB0KJb015659@safir.blacknight.ie> <487C1BC7.3010606@amaes.edu.ph> <3D9C92F3075F5144B46AA2C590F48E2A7A7E97@commssrv01.computerservicecentre.com> , <487C6E8C.6090502@alexb.ch> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0037@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens [ms-list@alexb.ch] Sent: 15 July 2008 10:31 To: MailScanner discussion Subject: Re: Fake Reply and sender address - looping receive mail inmailscanner On 7/15/2008 11:12 AM, mcornes wrote: > First post. > Well I'll explain how we do the reject at SMTP rcpt. > > Every hour a cron job searches our active directory tree for any valid e > mail addresses. These are then added to a database held by our mta (post > fix) and from then on an e mail for an address we don't select is binned > by the mail scanner box it isn't even scanned. > > This has the benefit of lessening load on what mail scanner actually has > scan (and indeed virus check) but has the slight draw back of any new > staff mail takes one hour before it is useable externally. That can be > altered so the scan is performed more regularly I suppose. > > Hope this helps - I can post more exact instructions to what I did or > links to the tutorials if that helps ? Instead, milter-ahead does the job real well. Supports Postfix's transport hash tables very nicely. Save all the import routine and is self mantaining Alex We do it in postfix with reject_unverified_recipient (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) making sure you use the Address verification database part to cut down the lookups to the servers you deliver email to. The defaults for it suits us nicely, but need to be aware that if you add a new address on your email server it may take a while to start accepting email if an attempt has been made to deliver to that address in the hour or 2 before you added it on your mail server... i.e. it only re-checks for invalid addresses every X hours. Jason From mailsysteam at googlemail.com Tue Jul 15 14:12:46 2008 From: mailsysteam at googlemail.com (mailsysteam@googlemail.com) Date: Tue Jul 15 14:13:25 2008 Subject: sare rules Message-ID: Hi, I have followed Julian's instructions "HOWTO: Adding extra rulesets to SpamAssassin" from July 2007 and I am a bit lost. Can someone help please? I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list the channels I want, but the update doesn't work, I am not getting any new cf files. If I run /usr/bin/sa-update -D --channelfile /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A I get dns errors like: dns: query failed: 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net=> NXDOMAIN channel: no updates available, skipping channel I am using MailScanner version 4.70.6 Can someone point me in the right direction please? Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080715/84c55dd5/attachment.html From mailsysteam at googlemail.com Tue Jul 15 14:12:46 2008 From: mailsysteam at googlemail.com (mailsysteam@googlemail.com) Date: Tue Jul 15 14:15:18 2008 Subject: sare rules Message-ID: Hi, I have followed Julian's instructions "HOWTO: Adding extra rulesets to SpamAssassin" from July 2007 and I am a bit lost. Can someone help please? I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list the channels I want, but the update doesn't work, I am not getting any new cf files. If I run /usr/bin/sa-update -D --channelfile /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A I get dns errors like: dns: query failed: 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net=> NXDOMAIN channel: no updates available, skipping channel I am using MailScanner version 4.70.6 Can someone point me in the right direction please? Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080715/84c55dd5/attachment-0001.html From ssilva at sgvwater.com Tue Jul 15 16:02:46 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jul 15 16:03:18 2008 Subject: sare rules In-Reply-To: References: Message-ID: on 7-15-2008 6:12 AM mailsysteam@googlemail.com spake the following: > Hi, > > I have followed Julian's instructions "HOWTO: Adding extra rulesets to > SpamAssassin" from July 2007 and I am a bit lost. Can someone help please? > > I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list the > channels I want, but the update doesn't work, I am not getting any new > cf files. > > If I run > /usr/bin/sa-update -D --channelfile > /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A > > I get dns errors like: > dns: query failed: > 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net > => > NXDOMAIN > channel: no updates available, skipping channel > > I am using MailScanner version 4.70.6 > > Can someone point me in the right direction please? > > Steve > The sare ninjas have stopped updating their rules for now. Either it was too much work or too much expense, but it seems to be over. Many of the rule writers still contribute to spamassassin, so the regular sa-updates will get some new rules occasionally -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080715/dadc26ac/signature.bin From alex at rtpty.com Tue Jul 15 16:32:24 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jul 15 16:34:25 2008 Subject: sare rules In-Reply-To: References: Message-ID: This is what I run daily, as per something I read about somewhere in the wiki or on the FSL page (long time ago so I don't remember): sa-update --allowplugins --nogpg --channel saupdates.openprotect.com -- channel updates.spamassassin.org &> /dev/null sa-compile &> /dev/null Their rules seem to catch quite a lot of things besides the On Jul 15, 2008, at 10:02 AM, Scott Silva wrote: > The sare ninjas have stopped updating their rules for now. Either it > was too much work or too much expense, but it seems to be over. Many > of the rule writers still contribute to spamassassin, so the regular > sa-updates will get some new rules occasionally From richard.frovarp at sendit.nodak.edu Tue Jul 15 17:56:17 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jul 15 17:56:29 2008 Subject: sare rules In-Reply-To: References: Message-ID: <487CD6B1.4040000@sendit.nodak.edu> mailsysteam@googlemail.com wrote: > Hi, > > I have followed Julian's instructions "HOWTO: Adding extra rulesets to > SpamAssassin" from July 2007 and I am a bit lost. Can someone help please? > > I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list the > channels I want, but the update doesn't work, I am not getting any new > cf files. > > If I run > /usr/bin/sa-update -D --channelfile > /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A > > I get dns errors like: > dns: query failed: > 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net > => > NXDOMAIN > channel: no updates available, skipping channel > > I am using MailScanner version 4.70.6 > > Can someone point me in the right direction please? > > Steve It should work. What happens when you run dig +short -t txt 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net You should get back: "200506020000" It looks like you have DNS problems. From mailsysteam at googlemail.com Tue Jul 15 21:08:23 2008 From: mailsysteam at googlemail.com (mailsysteam@googlemail.com) Date: Tue Jul 15 21:08:34 2008 Subject: sare rules In-Reply-To: <487CD6B1.4040000@sendit.nodak.edu> References: <487CD6B1.4040000@sendit.nodak.edu> Message-ID: On Tue, Jul 15, 2008 at 5:56 PM, Richard Frovarp < richard.frovarp@sendit.nodak.edu> wrote: > It should work. What happens when you run > > dig +short -t txt > 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net > > You should get back: "200506020000" > > It looks like you have DNS problems. > > This is the strangest thing. I had overlooked that one channel was working, the last one in my channel_list file. After trying several things, I recreated the file, and all started working properly, for all the channels in my file. The test you proposed gives the expected response. Thanks for your time all! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080715/c7515afa/attachment.html From lucianog at metline.it Wed Jul 16 09:41:05 2008 From: lucianog at metline.it (Luciano Grego) Date: Wed Jul 16 09:41:50 2008 Subject: MailScanner on FC8 don't pickup emails References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><48721BA8.4060507@ecs.soton.ac.uk> <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com> <487765D0.7020001@ecs.soton.ac.uk> <48777CEB.2090406@ecs.soton.ac.uk> <487784A2.3040103@ecs.soton.ac.uk> Message-ID: <67617B38DFA64BDCB81E7BA05EBF6104@LUCIANO> Hi, I've switched to Postfix and solved the problem. Mailscanner now scan the emails ... ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, July 11, 2008 6:04 PM Subject: Re: MailScanner on FC8 don't pickup emails > Do the following: > > chkconfig sendmail off > chkconfig MailScanner on > service sendmail stop > service MailScanner restart > > And then see what happens to your new incoming mail. > > Luciano Grego wrote: >> >> I've restored original MailScanner init script ... >> There is no error in logs file! >> Mail just arrived at mail server and delivered immediately on local >> mailbox. >> No MailScanner signature on emails. >> No MailScanner jobs on emails. >> Really i think it's a sendmail issue! >> I've added debug switch for sendmail ... only! >> I do not know what to do more .... >> Thanks >> L. >> >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Friday, July 11, 2008 5:31 PM >> Subject: Re: MailScanner on FC8 don't pickup emails >> >> >>> But why did you change my supplied init.d script? It works just fine >>> how it is, for everyone else. >>> >>> Jules. >>> >>> Luciano Grego wrote: >>>> Hi Julian, >>>> I've pasted the text without the " -ODeliveryMode=queueonly " in the >>>> /etc/init.d/MailScanner, but present in the script. It's a mistake! >>>> I'm try to queue the emails that arriving through sendmail in the >>>> $INQDIR ( /var/spool/mqueue.in ). >>>> Emails are delivered immediately to local mailbox. >>>> I've want to see what happens in the queues. >>>> I think that MailScanner working OK but sendmail don't. >>>> May paste some config file? >>>> Thanks. >>>> L. >>>> >>> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi da MailScanner, ed e' > risultato non infetto. > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. From marco.mangione at gmail.com Wed Jul 16 11:10:45 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Wed Jul 16 11:10:57 2008 Subject: Mailscanner optimization Message-ID: hi, i have a very heavi postfix+mailscanner as MX gateway.. now mailgraph stat said about 30message/minute and i have a queue that increase soo much and so mail delivery is slow... How can i optimize mailscanner or postfix to speed up mail delivery ? Marco -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080716/aaa6c113/attachment.html From martinh at solidstatelogic.com Wed Jul 16 11:19:55 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jul 16 11:20:07 2008 Subject: Mailscanner optimization In-Reply-To: Message-ID: <4e8bc4d2be6a0042844710a7160e4991@solidstatelogic.com> Marco You been on the wiki and looked at the optization section and the "getting most out spamassassin" ? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marco mangione > Sent: 16 July 2008 11:11 > To: MailScanner discussion > Subject: Mailscanner optimization > > hi, > > i have a very heavi postfix+mailscanner as MX gateway.. now > mailgraph stat said about 30message/minute and i have a queue > that increase soo much and so mail delivery is slow... > How can i optimize mailscanner or postfix to speed up mail delivery ? > > Marco > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From marco.mangione at gmail.com Wed Jul 16 11:24:13 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Wed Jul 16 11:24:22 2008 Subject: Mailscanner optimization In-Reply-To: <4e8bc4d2be6a0042844710a7160e4991@solidstatelogic.com> References: <4e8bc4d2be6a0042844710a7160e4991@solidstatelogic.com> Message-ID: yes i searched for it.. but dont found :( do you have direct link ? 2008/7/16 Martin.Hepworth : > Marco > > You been on the wiki and looked at the optization section and the "getting > most out spamassassin" ? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Marco mangione > > Sent: 16 July 2008 11:11 > > To: MailScanner discussion > > Subject: Mailscanner optimization > > > > hi, > > > > i have a very heavi postfix+mailscanner as MX gateway.. now > > mailgraph stat said about 30message/minute and i have a queue > > that increase soo much and so mail delivery is slow... > > How can i optimize mailscanner or postfix to speed up mail delivery ? > > > > Marco > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080716/ed9d76a9/attachment.html From martinh at solidstatelogic.com Wed Jul 16 11:35:52 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jul 16 11:36:04 2008 Subject: Mailscanner optimization In-Reply-To: Message-ID: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> Marco http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marco mangione > Sent: 16 July 2008 11:24 > To: MailScanner discussion > Subject: Re: Mailscanner optimization > > yes i searched for it.. but dont found :( do you have direct link ? > > > 2008/7/16 Martin.Hepworth : > > > Marco > > You been on the wiki and looked at the optization > section and the "getting most out spamassassin" ? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Marco mangione > > Sent: 16 July 2008 11:11 > > To: MailScanner discussion > > Subject: Mailscanner optimization > > > > hi, > > > > i have a very heavi postfix+mailscanner as MX gateway.. now > > mailgraph stat said about 30message/minute and i have a queue > > that increase soo much and so mail delivery is slow... > > How can i optimize mailscanner or postfix to speed up > mail delivery ? > > > > Marco > > > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the > addressee only and may be confidential. If they come to > you in error > you must take no action based on them, nor must you > copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are > entirely those of > the author and unless specifically stated to the > contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data > corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, > Oxford OX5 1RU, > United Kingdom > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jaearick at colby.edu Wed Jul 16 17:25:51 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jul 16 17:26:19 2008 Subject: sare rules In-Reply-To: <487CD6B1.4040000@sendit.nodak.edu> References: <487CD6B1.4040000@sendit.nodak.edu> Message-ID: On Tue, 15 Jul 2008, Richard Frovarp wrote: > Date: Tue, 15 Jul 2008 11:56:17 -0500 > From: Richard Frovarp > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: sare rules > > mailsysteam@googlemail.com wrote: >> Hi, >> >> I have followed Julian's instructions "HOWTO: Adding extra rulesets to >> SpamAssassin" from July 2007 and I am a bit lost. Can someone help please? >> >> I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list the >> channels I want, but the update doesn't work, I am not getting any new cf >> files. >> >> If I run >> /usr/bin/sa-update -D --channelfile >> /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A >> >> I get dns errors like: >> dns: query failed: >> 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net >> => >> NXDOMAIN >> channel: no updates available, skipping channel >> >> I am using MailScanner version 4.70.6 >> >> Can someone point me in the right direction please? >> >> Steve > It should work. What happens when you run > > dig +short -t txt 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net > > You should get back: "200506020000" I ran this and that's what I got back. What does this mean? That the rules at dostech haven't changed since 6/2/2005? ??? FYI, my daily script is: /opt/perl5/bin/sa-update --nogpg (for SA rules) and /opt/perl5/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com for SARE rules. My SA rules have not updated since the SA 3.2.5 upgrade, and my SARE rules haven't changed in two or three months. I've been wondering about all of this. Jeff Earickson Colby College From ssilva at sgvwater.com Wed Jul 16 17:59:00 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 16 17:59:39 2008 Subject: sare rules In-Reply-To: References: <487CD6B1.4040000@sendit.nodak.edu> Message-ID: on 7-16-2008 9:25 AM Jeff A. Earickson spake the following: > On Tue, 15 Jul 2008, Richard Frovarp wrote: > >> Date: Tue, 15 Jul 2008 11:56:17 -0500 >> From: Richard Frovarp >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: sare rules >> >> mailsysteam@googlemail.com wrote: >>> Hi, >>> >>> I have followed Julian's instructions "HOWTO: Adding extra rulesets >>> to SpamAssassin" from July 2007 and I am a bit lost. Can someone help >>> please? >>> >>> I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list >>> the channels I want, but the update doesn't work, I am not getting >>> any new cf files. >>> >>> If I run >>> /usr/bin/sa-update -D --channelfile >>> /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A >>> >>> I get dns errors like: >>> dns: query failed: >>> 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net >>> => >>> NXDOMAIN >>> channel: no updates available, skipping channel >>> >>> I am using MailScanner version 4.70.6 >>> >>> Can someone point me in the right direction please? >>> >>> Steve >> It should work. What happens when you run >> >> dig +short -t txt >> 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net >> >> You should get back: "200506020000" > > I ran this and that's what I got back. What does this mean? That the > rules at dostech haven't changed since 6/2/2005? ??? > > FYI, my daily script is: > > /opt/perl5/bin/sa-update --nogpg (for SA rules) > and > /opt/perl5/bin/sa-update --allowplugins --gpgkey > D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel > saupdates.openprotect.com > > for SARE rules. My SA rules have not updated since the SA 3.2.5 > upgrade, and my SARE rules haven't changed in two or three months. > I've been wondering about all of this. > > Jeff Earickson > Colby College Like I posted earlier, sare rules are not being updated. This is from the front page of their website; "IMPORTANT: Due to Ninjas being busy with lives, wives & hockey matches, SARE rules aren't being updated." -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080716/0f973f1c/signature.bin From alex at rtpty.com Wed Jul 16 18:10:02 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jul 16 18:10:27 2008 Subject: sare rules In-Reply-To: References: <487CD6B1.4040000@sendit.nodak.edu> Message-ID: See my earlier post about openprotect. Imho they're good. Sent from a borrowed iPhone... Alex Neuman +507 67819505 Skype: alexneuman On Jul 16, 2008, at 11:59 AM, Scott Silva wrote: > on 7-16-2008 9:25 AM Jeff A. Earickson spake the following: >> On Tue, 15 Jul 2008, Richard Frovarp wrote: >>> Date: Tue, 15 Jul 2008 11:56:17 -0500 >>> From: Richard Frovarp >>> Reply-To: MailScanner discussion >>> >>> To: MailScanner discussion >>> Subject: Re: sare rules >>> >>> mailsysteam@googlemail.com wrote: >>>> Hi, >>>> >>>> I have followed Julian's instructions "HOWTO: Adding extra >>>> rulesets to SpamAssassin" from July 2007 and I am a bit lost. Can >>>> someone help please? >>>> >>>> I am using his /etc/mail/spamassassin/jkf-channel-list.txt to >>>> list the channels I want, but the update doesn't work, I am not >>>> getting any new cf files. >>>> >>>> If I run >>>> /usr/bin/sa-update -D --channelfile /etc/mail/spamassassin/jkf- >>>> channel-list.txt --gpgkey 856AA88A >>>> >>>> I get dns errors like: >>>> dns: query failed: 4.1.3.99_sare_fraud_post25x.cf.sare.sa- >>>> update.dostech.net >>> > => NXDOMAIN >>>> channel: no updates available, skipping channel >>>> >>>> I am using MailScanner version 4.70.6 >>>> >>>> Can someone point me in the right direction please? >>>> >>>> Steve >>> It should work. What happens when you run >>> >>> dig +short -t txt 4.1.3.99_sare_fraud_post25x.cf.sare.sa- >>> update.dostech.net >>> >>> You should get back: "200506020000" >> I ran this and that's what I got back. What does this mean? That >> the >> rules at dostech haven't changed since 6/2/2005? ??? >> FYI, my daily script is: >> /opt/perl5/bin/sa-update --nogpg (for SA rules) >> and >> /opt/perl5/bin/sa-update --allowplugins --gpgkey >> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel >> saupdates.openprotect.com >> for SARE rules. My SA rules have not updated since the SA 3.2.5 >> upgrade, and my SARE rules haven't changed in two or three months. >> I've been wondering about all of this. >> Jeff Earickson >> Colby College > Like I posted earlier, sare rules are not being updated. This is > from the front page of their website; > "IMPORTANT: Due to Ninjas being busy with lives, wives & hockey > matches, SARE rules aren't being updated." > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Wed Jul 16 18:59:26 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jul 16 18:59:37 2008 Subject: Mailscanner optimization In-Reply-To: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> Message-ID: <487E36FE.60909@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: | http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips tmpfs should only be used if you got plenty of RAM. If your machine is swapping to get work done tmpfs can in fact make the system slower. That remark is missing from the wiki. And I have seen tmpfs shoot a system to pieces on more then 1 occasion. Just send it some exploding file and it will eat up RAM by the bushel. In general: You can never have too much RAM for MS. But you sure can have insufficient RAM to work well. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIfjb9BvzDRVjxmYERArdDAJ9bb9QojiHC6ckInymLTXvYq+AczwCgky9+ UJBkp4gk40qTJA5S9ShljQg= =28Da -----END PGP SIGNATURE----- From shuttlebox at gmail.com Wed Jul 16 19:10:09 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jul 16 19:10:22 2008 Subject: Mailscanner optimization In-Reply-To: <487E36FE.60909@vanderkooij.org> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> <487E36FE.60909@vanderkooij.org> Message-ID: <625385e30807161110g6a03342t2f09aeb0552a5580@mail.gmail.com> On Wed, Jul 16, 2008 at 7:59 PM, Hugo van der Kooij wrote: > That remark is missing from the wiki. So why don't you add it? /peter -- Vince Lombardi - "Winning is habit. Unfortunately, so is losing." From hvdkooij at vanderkooij.org Wed Jul 16 19:20:34 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jul 16 19:20:44 2008 Subject: Mailscanner optimization In-Reply-To: <625385e30807161110g6a03342t2f09aeb0552a5580@mail.gmail.com> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> <487E36FE.60909@vanderkooij.org> <625385e30807161110g6a03342t2f09aeb0552a5580@mail.gmail.com> Message-ID: <487E3BF2.8080604@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: | On Wed, Jul 16, 2008 at 7:59 PM, Hugo van der Kooij | wrote: |> That remark is missing from the wiki. | | So why don't you add it? Because wiki's and I are not compatible? They never display the content the way I want to present them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIfjvwBvzDRVjxmYERAkIaAJ41MkIuG36t/wjpvG3O2Tj4IwrDPgCggwrd 8oi8/gCXgQbOEg1VNcEtT3M= =Oo2j -----END PGP SIGNATURE----- From richard.frovarp at sendit.nodak.edu Wed Jul 16 19:29:01 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jul 16 19:29:11 2008 Subject: sare rules In-Reply-To: References: <487CD6B1.4040000@sendit.nodak.edu> Message-ID: <487E3DED.1020100@sendit.nodak.edu> Jeff A. Earickson wrote: > On Tue, 15 Jul 2008, Richard Frovarp wrote: > >> Date: Tue, 15 Jul 2008 11:56:17 -0500 >> From: Richard Frovarp >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: sare rules >> >> mailsysteam@googlemail.com wrote: >>> Hi, >>> >>> I have followed Julian's instructions "HOWTO: Adding extra rulesets >>> to SpamAssassin" from July 2007 and I am a bit lost. Can someone >>> help please? >>> >>> I am using his /etc/mail/spamassassin/jkf-channel-list.txt to list >>> the channels I want, but the update doesn't work, I am not getting >>> any new cf files. >>> >>> If I run >>> /usr/bin/sa-update -D --channelfile >>> /etc/mail/spamassassin/jkf-channel-list.txt --gpgkey 856AA88A >>> >>> I get dns errors like: >>> dns: query failed: >>> 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net >>> >>> => NXDOMAIN >>> channel: no updates available, skipping channel >>> >>> I am using MailScanner version 4.70.6 >>> >>> Can someone point me in the right direction please? >>> >>> Steve >> It should work. What happens when you run >> >> dig +short -t txt >> 4.1.3.99_sare_fraud_post25x.cf.sare.sa-update.dostech.net >> >> You should get back: "200506020000" > > I ran this and that's what I got back. What does this mean? That the > rules at dostech haven't changed since 6/2/2005? ??? No, it means that particular ruleset for that particular version of SA hasn't changed since 2005-06-02. Other rule sets would be more recent and I don't know how much dostech is doing about SA versions. As is indicated on the website, they aren't currently being updated. The cost is a DNS lookup for each ruleset you are checking. From ssilva at sgvwater.com Wed Jul 16 20:04:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 16 20:05:23 2008 Subject: Mailscanner optimization In-Reply-To: <487E3BF2.8080604@vanderkooij.org> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> <487E36FE.60909@vanderkooij.org> <625385e30807161110g6a03342t2f09aeb0552a5580@mail.gmail.com> <487E3BF2.8080604@vanderkooij.org> Message-ID: on 7-16-2008 11:20 AM Hugo van der Kooij spake the following: > shuttlebox wrote: > | On Wed, Jul 16, 2008 at 7:59 PM, Hugo van der Kooij > | wrote: > |> That remark is missing from the wiki. > | > | So why don't you add it? > > Because wiki's and I are not compatible? They never display the content > the way I want to present them. > > Hugo. > I'll add it since it is a valid point and will bite someone in the arse sooner or later. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080716/d316e367/signature.bin From ssilva at sgvwater.com Wed Jul 16 20:12:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 16 20:12:47 2008 Subject: Mailscanner optimization In-Reply-To: <487E3BF2.8080604@vanderkooij.org> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> <487E36FE.60909@vanderkooij.org> <625385e30807161110g6a03342t2f09aeb0552a5580@mail.gmail.com> <487E3BF2.8080604@vanderkooij.org> Message-ID: on 7-16-2008 11:20 AM Hugo van der Kooij spake the following: > shuttlebox wrote: > | On Wed, Jul 16, 2008 at 7:59 PM, Hugo van der Kooij > | wrote: > |> That remark is missing from the wiki. > | > | So why don't you add it? > > Because wiki's and I are not compatible? They never display the content > the way I want to present them. > > Hugo. > I just revisited that page, and there are already sufficient warnings about memory IMHO. But I will add something else, just to be thorough. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080716/049d37ed/signature.bin From marco.mangione at gmail.com Thu Jul 17 09:25:24 2008 From: marco.mangione at gmail.com (Marco mangione) Date: Thu Jul 17 09:25:32 2008 Subject: Mailscanner optimization In-Reply-To: <487E36FE.60909@vanderkooij.org> References: <84812a58d98ca34bb192c5a4c45b06a6@solidstatelogic.com> <487E36FE.60909@vanderkooij.org> Message-ID: i have 3GB of RAM 2 virtual CPU with 4600Mhz dedicated yesterday each MS processed 10.000email ( in 1 day ) what do you think? i have 2 indipendent MS...i think to load balance all mail with a newone.. 2008/7/16 Hugo van der Kooij : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Martin.Hepworth wrote: > > | http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > tmpfs should only be used if you got plenty of RAM. If your machine is > swapping to get work done tmpfs can in fact make the system slower. > > That remark is missing from the wiki. And I have seen tmpfs shoot a > system to pieces on more then 1 occasion. Just send it some exploding > file and it will eat up RAM by the bushel. > > In general: You can never have too much RAM for MS. But you sure can > have insufficient RAM to work well. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIfjb9BvzDRVjxmYERArdDAJ9bb9QojiHC6ckInymLTXvYq+AczwCgky9+ > UJBkp4gk40qTJA5S9ShljQg= > =28Da > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080717/b6ed839c/attachment.html From davejenx at googlemail.com Thu Jul 17 12:10:14 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Thu Jul 17 12:10:24 2008 Subject: Message too big for spam checks but Attachment stripped without explanation Message-ID: Hi, I'm trying to work out why a message had its attachment stripped. The attachment was replaced with the following mime-attachment.txt: ----8<---- [Attachment stripped: Original attachment type: "application/msword", name: "calendar as at 16 July 2008.doc"] ----8<---- The text of this message doesn't correspond to anything I can see in rules/en and I don't recall seeing it before. Usually when an attachment is blocked, it is replaced with a more informative message specifying why it was blocked and saying it has been quarantined or explaining that it couldn't be. Here there is no indication in the message or logs of why the attachment was stripped. It was not qarantined. Here are the maillog entries: ----8<---- Jul 17 09:09:27 myhost postfix/smtpd[21892]: 6B20DFE0A1: client=localhost.localdomain[127.0.0.1] Jul 17 09:09:27 myhost postfix/cleanup[22942]: 6B20DFE0A1: hold: header Received: from localhost (localhost.localdomain [127.0.0.1])??by myhost.my.domain (Postfix) with ESMTP id 6B20DFE0A1??for ; Thu, 17 Jul 2008 09:09:27 +0100 (BST from localhost.localdomain[127.0.0.1]; from= to= proto=ESMTP helo= Jul 17 09:09:27 myhost postfix/cleanup[22942]: 6B20DFE0A1: message-id=<20080717090927.vhm5vhj94w4wos48@mailserver.domain> Jul 17 09:09:27 myhost postfix/smtpd[21892]: disconnect from localhost.localdomain[127.0.0.1] Jul 17 09:09:31 myhost MailScanner[13663]: New Batch: Scanning 1 messages, 706602 bytes Jul 17 09:09:31 myhost MailScanner[13663]: Message 6B20DFE0A1.81B5B from 127.0.0.1 (clair@some.domain) to some.domain is too big for spam checks (706602 > 200000 bytes) Jul 17 09:09:31 myhost MailScanner[13663]: Virus and Content Scanning: Starting Jul 17 09:09:36 myhost MailScanner[13663]: Requeue: 6B20DFE0A1.81B5B to 41596FE0A4 Jul 17 09:09:36 myhost postfix/qmgr[19910]: 41596FE0A4: from=, size=711200, nrcpt=1 (queue active) Jul 17 09:09:36 myhost MailScanner[13663]: Uninfected: Delivered 1 messages Jul 17 09:09:36 myhost postfix/local[22968]: 41596FE0A4: to=, orig_to=, relay=local, delay=9.4, delays=9.2/0/0/0.25, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-) Jul 17 09:09:36 myhost postfix/qmgr[19910]: 41596FE0A4: removed ----8<---- We do not block msword docs and have not previously seen this problem with word or any other attachments. The message was sent via Horde/IMP webmail running on the mail server, with sender & recipient being in the same domain, which is hosted on the mailserver. Any help would be appreciated. Thanks, Dave From cobalt-users1 at fishnet.co.uk Thu Jul 17 13:25:07 2008 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Jul 17 13:25:23 2008 Subject: Problems with Clam-0.93.3-SA-3.2.5 package on Fedora Core 4 Message-ID: <487F4833.18640.2461609F@cobalt-users1.fishnet.co.uk> Hi, I wanted to remove f-prot on one of our old machines and install Julian's Clam- Spamassassin package but ran into some serious problems. I managed to solve all these with the help of the archives and a bit of googling and though it might be useful for someone else. First of all I know Fedora Core 4 is old and we will ditch it in favour of CentOS in the future but I didn't realize it existed in some sort of limbo between supported officially and supported unofficially (dag etc). I couldn't seem to find any recent RPMs for Clamav (I wanted to use clamd in MailScanner) so I decided to go down the easier clamavmodule route. The install of Clam-0.93.3-SA-3.2.5 seems to go ok until I ran freshclam and it reported that I had clamav 0.91 installed (this was already on the machine) instead of the just installed 0.93. I then noticed that I was getting the error: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! in the maillog so I stopped mailscanner and set Virus Scanners = none to get mail flowing again - after warning the users of lack of virus scanning of course ;) A search of the archives led me to upgrade MailScanner to the latest version to get the right settings. Except this didn't work. I then decide to re-install clamav from source. During the ./configure I got the error: configure: error: your compiler has gcc PR28045 bug, use a different compiler which probably explains why Julian's package didn't work. (I still have the config.log if you need it). The workaround for this is to add the flag --disable-gcc-vcheck except there is also a bug in this (https://wwws.clamav.net/bugzilla/show_bug.cgi?id=684) so the real workaround is to use: ./configure CFLAGS="-O0" to disable all compiler optimisations. Yes I know I should update gcc but I have now decided this machine isn't going to last too long now :) After getting clamav installed properly and configuring clamd all is working ok. I had to do a ldconfig and fix the clamd.conf file to get it working though. All this because I though updating f-prot from v4 to v6 would be a pain! Regards Ian -- From MailScanner at ecs.soton.ac.uk Thu Jul 17 16:17:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 17 16:18:13 2008 Subject: Message too big for spam checks but Attachment stripped without explanation In-Reply-To: References: Message-ID: <487F6293.6030707@ecs.soton.ac.uk> Dave Jenkins wrote: > Hi, > > I'm trying to work out why a message had its attachment stripped. The > attachment was replaced with the following mime-attachment.txt: > > ----8<---- > [Attachment stripped: Original attachment type: "application/msword", > name: "calendar as at 16 July 2008.doc"] > ----8<---- > That does not look to me like any report that MailScanner would add to a message. This has been stripped out by something else, not MailScanner. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejenx at googlemail.com Thu Jul 17 17:34:14 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Thu Jul 17 17:34:23 2008 Subject: Message too big for spam checks but Attachment stripped without explanation In-Reply-To: <487F6293.6030707@ecs.soton.ac.uk> References: <487F6293.6030707@ecs.soton.ac.uk> Message-ID: 2008/7/17 Julian Field : > Dave Jenkins wrote: >> I'm trying to work out why a message had its attachment stripped. The >> attachment was replaced with the following mime-attachment.txt: >> >> ----8<---- >> [Attachment stripped: Original attachment type: "application/msword", >> name: "calendar as at 16 July 2008.doc"] >> ----8<---- >> > > That does not look to me like any report that MailScanner would add to a > message. This has been stripped out by something else, not MailScanner. I do apologise, it seems the problematic message that the client forwarded to me was actually from their Horde sent-mail folder and their Horde config was set not to save attachments. The word, I think, is "D'oh". Sorry and thanks for your help, Dave From dgreenstein at stillsecure.com Thu Jul 17 17:49:05 2008 From: dgreenstein at stillsecure.com (David Greenstein) Date: Thu Jul 17 17:49:32 2008 Subject: Infected messages requeued - clamav, postfix, v4.70.7 References: <4877BA50.1030000@ecs.soton.ac.uk> Message-ID: It does indeed appear to be a problem with the older version of perl I was using. We moved to 5.10.0 from 4.8.3 as well as updated the various perl libraries to the latest and things are working properly. Not sure why there weren't any errors or what not, but problem solved! From hvdkooij at vanderkooij.org Thu Jul 17 19:43:39 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jul 17 19:43:49 2008 Subject: Message too big for spam checks but Attachment stripped without explanation In-Reply-To: References: <487F6293.6030707@ecs.soton.ac.uk> Message-ID: <487F92DB.2020804@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jenkins wrote: | I do apologise, it seems the problematic message that the client | forwarded to me was actually from their Horde sent-mail folder and | their Horde config was set not to save attachments. The word, I think, | is "D'oh". I think that's 50 hail Julian's and a small fine payable to a charity organisation in your neighborhood type of mistake ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIf5LZBvzDRVjxmYERAimdAKCDA5ZhEFuYJ1NqHWgUXZ9+DPOGmgCfXk6H RF9fLpO1rwyf9EsUFQJYOAs= =meJl -----END PGP SIGNATURE----- From ajs at vifilfell.is Fri Jul 18 00:07:11 2008 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Fri Jul 18 00:07:58 2008 Subject: problem with update_bad_phishing_sites Message-ID: hi. just upgraded to MailScanner-4.70.7-1 and get the following error messages while running the update_bad_phishing_sites script. any idea why this happens? am i trying to update the file from the wrong website? thanks, asgeir. Unable to retrieve http://www.mailscanner.tv/.2008-07-12 :404 Not Found Failed to retrieve http://www.mailscanner.tv/2008-07-12.1 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.2 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.3 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.4 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.5 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.6 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.7 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.8 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.9 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.10 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.11 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.12 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.13 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.14 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.15 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.16 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.17 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.18 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.19 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.20 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.21 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.22 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.23 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.24 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.25 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.26 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.27 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.28 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.29 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.30 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.31 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.32 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.33 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.34 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.35 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.36 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.37 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.38 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.39 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.40 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.41 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.42 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.43 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.44 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.45 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.46 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.47 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.48 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.49 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.50 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.51 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.52 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.53 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.54 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.55 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.56 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.57 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.58 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.59 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.60 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.61 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.62 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.63 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.64 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.65 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.66 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.67 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.68 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.69 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.70 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.71 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.72 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.73 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.74 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. This is the first run of this program..... Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/-1 exists... ok Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/-1.-1 exists... ok I am working with: Current: 2008-07-12 - 82 and Status: -1 - -1 This is base update Update required Retrieving http://www.mailscanner.tv/2008-07-12.1 Retrieving http://www.mailscanner.tv/2008-07-12.2 Retrieving http://www.mailscanner.tv/2008-07-12.3 Retrieving http://www.mailscanner.tv/2008-07-12.4 Retrieving http://www.mailscanner.tv/2008-07-12.5 Retrieving http://www.mailscanner.tv/2008-07-12.6 Retrieving http://www.mailscanner.tv/2008-07-12.7 Retrieving http://www.mailscanner.tv/2008-07-12.8 Retrieving http://www.mailscanner.tv/2008-07-12.9 Retrieving http://www.mailscanner.tv/2008-07-12.10 Retrieving http://www.mailscanner.tv/2008-07-12.11 Retrieving http://www.mailscanner.tv/2008-07-12.12 Retrieving http://www.mailscanner.tv/2008-07-12.13 Retrieving http://www.mailscanner.tv/2008-07-12.14 Retrieving http://www.mailscanner.tv/2008-07-12.15 Retrieving http://www.mailscanner.tv/2008-07-12.16 Retrieving http://www.mailscanner.tv/2008-07-12.17 Retrieving http://www.mailscanner.tv/2008-07-12.18 Retrieving http://www.mailscanner.tv/2008-07-12.19 Retrieving http://www.mailscanner.tv/2008-07-12.20 Retrieving http://www.mailscanner.tv/2008-07-12.21 Retrieving http://www.mailscanner.tv/2008-07-12.22 Retrieving http://www.mailscanner.tv/2008-07-12.23 Retrieving http://www.mailscanner.tv/2008-07-12.24 Retrieving http://www.mailscanner.tv/2008-07-12.25 Retrieving http://www.mailscanner.tv/2008-07-12.26 Retrieving http://www.mailscanner.tv/2008-07-12.27 Retrieving http://www.mailscanner.tv/2008-07-12.28 Retrieving http://www.mailscanner.tv/2008-07-12.29 Retrieving http://www.mailscanner.tv/2008-07-12.30 Retrieving http://www.mailscanner.tv/2008-07-12.31 Retrieving http://www.mailscanner.tv/2008-07-12.32 Retrieving http://www.mailscanner.tv/2008-07-12.33 Retrieving http://www.mailscanner.tv/2008-07-12.34 Retrieving http://www.mailscanner.tv/2008-07-12.35 Retrieving http://www.mailscanner.tv/2008-07-12.36 Retrieving http://www.mailscanner.tv/2008-07-12.37 Retrieving http://www.mailscanner.tv/2008-07-12.38 Retrieving http://www.mailscanner.tv/2008-07-12.39 Retrieving http://www.mailscanner.tv/2008-07-12.40 Retrieving http://www.mailscanner.tv/2008-07-12.41 Retrieving http://www.mailscanner.tv/2008-07-12.42 Retrieving http://www.mailscanner.tv/2008-07-12.43 Retrieving http://www.mailscanner.tv/2008-07-12.44 Retrieving http://www.mailscanner.tv/2008-07-12.45 Retrieving http://www.mailscanner.tv/2008-07-12.46 Retrieving http://www.mailscanner.tv/2008-07-12.47 Retrieving http://www.mailscanner.tv/2008-07-12.48 Retrieving http://www.mailscanner.tv/2008-07-12.49 Retrieving http://www.mailscanner.tv/2008-07-12.50 Retrieving http://www.mailscanner.tv/2008-07-12.51 Retrieving http://www.mailscanner.tv/2008-07-12.52 Retrieving http://www.mailscanner.tv/2008-07-12.53 Retrieving http://www.mailscanner.tv/2008-07-12.54 Retrieving http://www.mailscanner.tv/2008-07-12.55 Retrieving http://www.mailscanner.tv/2008-07-12.56 Retrieving http://www.mailscanner.tv/2008-07-12.57 Retrieving http://www.mailscanner.tv/2008-07-12.58 Retrieving http://www.mailscanner.tv/2008-07-12.59 Retrieving http://www.mailscanner.tv/2008-07-12.60 Retrieving http://www.mailscanner.tv/2008-07-12.61 Retrieving http://www.mailscanner.tv/2008-07-12.62 Retrieving http://www.mailscanner.tv/2008-07-12.63 Retrieving http://www.mailscanner.tv/2008-07-12.64 Retrieving http://www.mailscanner.tv/2008-07-12.65 Retrieving http://www.mailscanner.tv/2008-07-12.66 Retrieving http://www.mailscanner.tv/2008-07-12.67 Retrieving http://www.mailscanner.tv/2008-07-12.68 Retrieving http://www.mailscanner.tv/2008-07-12.69 Retrieving http://www.mailscanner.tv/2008-07-12.70 Retrieving http://www.mailscanner.tv/2008-07-12.71 Retrieving http://www.mailscanner.tv/2008-07-12.72 Retrieving http://www.mailscanner.tv/2008-07-12.73 Retrieving http://www.mailscanner.tv/2008-07-12.74 Retrieving httpFailed to retrieve http://www.mailscanner.tv/2008-07-12.75 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.76 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.77 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.78 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.79 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.80 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.81 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Failed to retrieve http://www.mailscanner.tv/2008-07-12.82 at /opt/MailScanner/bin/update_bad_phishing_sites line 198. Unable to open base file (/var/spool/MailScanner/quarantine/phishingupdate/cache//2008-07-12) ://www.mailscanner.tv/2008-07-12.75 Retrieving http://www.mailscanner.tv/2008-07-12.76 Retrieving http://www.mailscanner.tv/2008-07-12.77 Retrieving http://www.mailscanner.tv/2008-07-12.78 Retrieving http://www.mailscanner.tv/2008-07-12.79 Retrieving http://www.mailscanner.tv/2008-07-12.80 Retrieving http://www.mailscanner.tv/2008-07-12.81 Retrieving http://www.mailscanner.tv/2008-07-12.82 From bbdokken at dokkenengineering.com Fri Jul 18 19:02:50 2008 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Fri Jul 18 19:00:24 2008 Subject: Error after upgrading to ClamAV 0.93.3 via Easy Install Message-ID: <5A3FEF92FC07F34B9EE30C0D13957164ACD2DF@monarchs.dokkenengineering.com> I am running MailScanner 4.70.6, SA 3.2.5 on RHEL 4. I used Julian's easy installer to upgrade from ClamAV 0.93.1 to 0.93.3 and am getting the following errors in MailScanner --lint: Commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1 Line 93 in MailWatch.pm reads $dbh->commit; I realize that's a MailWatch file, but has anyone had this error? I can't access the MailWatch archives at the moment. Thanks! Brad From hvdkooij at vanderkooij.org Fri Jul 18 19:39:37 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jul 18 19:39:46 2008 Subject: Error after upgrading to ClamAV 0.93.3 via Easy Install In-Reply-To: <5A3FEF92FC07F34B9EE30C0D13957164ACD2DF@monarchs.dokkenengineering.com> References: <5A3FEF92FC07F34B9EE30C0D13957164ACD2DF@monarchs.dokkenengineering.com> Message-ID: <4880E369.4000301@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brad Dokken wrote: | I am running MailScanner 4.70.6, SA 3.2.5 on RHEL 4. I used Julian's | easy installer to upgrade from ClamAV 0.93.1 to 0.93.3 and am getting | the following errors in MailScanner --lint: | | Commit ineffective with AutoCommit enabled at | /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, | line 1 | | Line 93 in MailWatch.pm reads $dbh->commit; | | I realize that's a MailWatch file, but has anyone had this error? I | can't access the MailWatch archives at the moment. The update to ClamAV is not a factor. The issue has been discussed before on the mailinglist and it was considered to be a harmfull message. Disabling autocommit should take care of it. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIgONnBvzDRVjxmYERAuDDAJ4sEcenncvXNhqjVaDfoukgHxwFZgCeJbEC J5xHEgjFjhtmimIxOGcJzdg= =0OUP -----END PGP SIGNATURE----- From bbdokken at dokkenengineering.com Fri Jul 18 20:01:20 2008 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Fri Jul 18 19:58:52 2008 Subject: Error after upgrading to ClamAV 0.93.3 via Easy Install In-Reply-To: <4880E369.4000301@vanderkooij.org> References: <5A3FEF92FC07F34B9EE30C0D13957164ACD2DF@monarchs.dokkenengineering.com> <4880E369.4000301@vanderkooij.org> Message-ID: <5A3FEF92FC07F34B9EE30C0D13957164ACD2F8@monarchs.dokkenengineering.com> Thanks Hugo! I found two threads in the MailWatch list saying it is harmless and ignore it. Also, after reading your message, found a thread on this list about disabling AutoCommit. Will keep reading, but looks like I'm pointed in the right direction now. Brad > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Hugo van der Kooij > Sent: Friday, July 18, 2008 11:40 AM > To: MailScanner discussion > Subject: Re: Error after upgrading to ClamAV 0.93.3 via Easy Install > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Brad Dokken wrote: > | I am running MailScanner 4.70.6, SA 3.2.5 on RHEL 4. I used Julian's > | easy installer to upgrade from ClamAV 0.93.1 to 0.93.3 and > am getting > | the following errors in MailScanner --lint: > | > | Commit ineffective with AutoCommit enabled at > | > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > | line 1 > | > | Line 93 in MailWatch.pm reads $dbh->commit; > | > | I realize that's a MailWatch file, but has anyone had this error? I > | can't access the MailWatch archives at the moment. > > The update to ClamAV is not a factor. The issue has been discussed > before on the mailinglist and it was considered to be a > harmfull message. > > Disabling autocommit should take care of it. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIgONnBvzDRVjxmYERAuDDAJ4sEcenncvXNhqjVaDfoukgHxwFZgCeJbEC > J5xHEgjFjhtmimIxOGcJzdg= > =0OUP > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Sat Jul 19 16:31:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jul 19 16:32:28 2008 Subject: RSS Feed of this list Message-ID: <488208EF.1090504@ecs.soton.ac.uk> I have just set up an RSS feed of the two main MailScanner mailing lists at http://mailbucket.org/mailscanner.xml http://mailbucket.org/mailscanner-announce.xml Thought this might give you (and me) a quick way to subscribe on your phones and such without having to resort to the email client there. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sat Jul 19 16:58:13 2008 From: alex at rtpty.com (Alex Neuman) Date: Sat Jul 19 16:58:26 2008 Subject: RSS Feed of this list In-Reply-To: <488208EF.1090504@ecs.soton.ac.uk> References: <488208EF.1090504@ecs.soton.ac.uk> Message-ID: <0BFA046C-7682-4B6F-8375-2C707A20A48B@rtpty.com> Thanks! On Jul 19, 2008, at 10:31 AM, Julian Field wrote: > I have just set up an RSS feed of the two main MailScanner mailing > lists at > > http://mailbucket.org/mailscanner.xml > http://mailbucket.org/mailscanner-announce.xml > > Thought this might give you (and me) a quick way to subscribe on > your phones and such without having to resort to the email client > there. From norbert.schmidt at interactivedata.com Sat Jul 19 17:00:44 2008 From: norbert.schmidt at interactivedata.com (Norbert Schmidt) Date: Sat Jul 19 17:03:42 2008 Subject: Norbert Schmidt is out of the office Message-ID: I will be out of the office starting 18.07.2008 and will not return until 04.08.2008. I'll answer to your mail, when I get back. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080719/cb798c3e/attachment.html From Timo.Jacobs at partners.de Sat Jul 19 17:09:07 2008 From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de) Date: Sat Jul 19 17:09:19 2008 Subject: Timo Jacobs is out of the office. Message-ID: I will be out of the office starting 09.07.2008 and will not return until 25.07.2008. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Geschäftsführer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 _________________________________________________________________ Diese Information ist ausschließlich für die adressierte Person oder Organisation bestimmt und könnte vertrauliches und/oder privilegiertes Material enthalten. Personen oder Organisationen, für die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, erneut zu übertragen, zu verbreiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Massnahmen irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrtümlich erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung zu setzen und das Material von Ihrem Computer zu löschen. Unbeschadet dessen ist allein die von uns unterzeichnete schriftliche Fassung verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit und ohne Zutun von Dritten verloren gehen, verändert oder verfälscht werden können. Herkömmliche E-Mails sind nicht gegen den Zugriff von Dritten geschützt und deshalb ist auch die Vertraulichkeit unter Umständen nicht gewahrt. Wir haften deshalb nicht für die Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich verlassen haben und können Ihnen hieraus entstehende Schaeden nicht ersetzen. Bitte beachten Sie, dass eine AntiViren- und AntiSPAM-Lösung installiert ist und alle eingehenden EMails untersucht werden, um die Sicherheit unserer Informationssysteme zu gewährleisten. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. You have asked us to correspond with you via the Internet per e-mail. However, the written version signed by us is the only authoritative version. We draw your attention to the fact that such messages can be lost, changed or falsified, with or without any interference by third persons. Normal e-mails are not protected against access by third persons and, therefore, their confidentiality may not be assured in certain circumstances. We cannot be responsible for the integrity of emails after they have left our sphere of control. Please note that in order to protect the security of our information systems an AntiVirus- and AntiSPAM solution is in use and will browse through incoming emails. _________________________________________________________________ From alex at rtpty.com Sat Jul 19 17:10:35 2008 From: alex at rtpty.com (Alex Neuman) Date: Sat Jul 19 17:10:51 2008 Subject: Norbert Schmidt is out of the office In-Reply-To: References: Message-ID: <78E38C59-3F0C-4CF8-BBD8-E050A3E4C3B1@rtpty.com> Let's raid his cubicle! On Jul 19, 2008, at 11:00 AM, Norbert Schmidt wrote: > I will be out of the office starting 18.07.2008 and will not return > until 04.08.2008. > > I'll answer to your mail, when I get back. > From csweeney at osubucks.org Sat Jul 19 17:18:43 2008 From: csweeney at osubucks.org (Chris Sweeney (BlackBerry)) Date: Sat Jul 19 17:18:59 2008 Subject: Norbert Schmidt is out of the office Message-ID: <1797487394-1216484326-cardhu_decombobulator_blackberry.rim.net-131084056-@bxe025.bisx.prod.on.blackberry> Lench him is more like it. You would think people would learn! ------Original Message------ From: Alex Neuman Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: Re: Norbert Schmidt is out of the office Sent: Jul 19, 2008 12:10 PM Let's raid his cubicle! On Jul 19, 2008, at 11:00 AM, Norbert Schmidt wrote: > I will be out of the office starting 18.07.2008 and will not return > until 04.08.2008. > > I'll answer to your mail, when I get back. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Thanks Chris --- Sent via BlackBerry from T-Mobile From alex at rtpty.com Sat Jul 19 17:21:02 2008 From: alex at rtpty.com (Alex Neuman) Date: Sat Jul 19 17:21:15 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: Let's raid his too! On Jul 19, 2008, at 11:09 AM, Timo.Jacobs@partners.de wrote: > will be out of the office starting 09.07.2008 and will not return > until > 25.07.2008. From gerard at seibercom.net Sat Jul 19 18:00:22 2008 From: gerard at seibercom.net (Gerard) Date: Sat Jul 19 18:00:45 2008 Subject: Norbert Schmidt is out of the office In-Reply-To: References: Message-ID: <20080719130022.592f5e4c@scorpio> On Sat, 19 Jul 2008 18:00:44 +0200 Norbert Schmidt wrote: > > I will be out of the office starting 18.07.2008 and will not return > until 04.08.2008. > > I'll answer to your mail, when I get back. Great, another improperly configured 'vacation' responder. Nothing makes my day like frivolous 'out of office' notices. Maybe I will just forward all my SPAM to his account. -- Gerard gerard@seibercom.net If you sell diamonds, you cannot expect to have many customers. But a diamond is a diamond even if there are no customers. Swami Prabhupada -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080719/179d9651/signature.bin From gerard at seibercom.net Sat Jul 19 18:10:05 2008 From: gerard at seibercom.net (Gerard) Date: Sat Jul 19 18:10:24 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <20080719131005.506ee61a@scorpio> On Sat, 19 Jul 2008 18:09:07 +0200 Timo.Jacobs@partners.de wrote: > > I will be out of the office starting 09.07.2008 and will not return > until 25.07.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > > Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / > Eingetragen unter HRB Bremen 14440 / Gesch_ftsf_hrer: Wolfgang > Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 > _________________________________________________________________ > Diese Information ist ausschlie_lich f_r die adressierte Person oder > Organisation bestimmt und k_nnte vertrauliches und/oder > privilegiertes Material enthalten. Personen oder Organisationen, f_r > die diese Information nicht bestimmt ist, ist es nicht gestattet, > diese zu lesen, erneut zu _bertragen, zu verbreiten, anderweitig zu > verwenden oder sich durch sie veranlasst zu sehen, Massnahmen > irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrt_mlich > erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung > zu setzen und das Material von Ihrem Computer zu l_schen. Unbeschadet > dessen ist allein die von uns unterzeichnete schriftliche Fassung > verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit > und ohne Zutun von Dritten verloren gehen, ver_ndert oder verf_lscht > werden k_nnen. Herk_mmliche E-Mails sind nicht gegen den Zugriff von > Dritten gesch_tzt und deshalb ist auch die Vertraulichkeit unter > Umst_nden nicht gewahrt. Wir haften deshalb nicht f_r die > Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich > verlassen haben und k_nnen Ihnen hieraus entstehende Schaeden nicht > ersetzen. Bitte beachten Sie, dass eine AntiViren- und > AntiSPAM-L_sung installiert ist und alle eingehenden EMails > untersucht werden, um die Sicherheit unserer Informationssysteme zu > gew_hrleisten. > _________________________________________________________________ The > information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, > or taking of any action in reliance upon, this information by persons > or entities other than the intended recipient is prohibited. If you > received this in error, please contact the sender and delete the > material from any computer. You have asked us to correspond with you > via the Internet per e-mail. However, the written version signed by > us is the only authoritative version. We draw your attention to the > fact that such messages can be lost, changed or falsified, with or > without any interference by third persons. Normal e-mails are not > protected against access by third persons and, therefore, their > confidentiality may not be assured in certain circumstances. We > cannot be responsible for the integrity of emails after they have > left our sphere of control. Please note that in order to protect the > security of our information systems an AntiVirus- and AntiSPAM > solution is in use and will browse through incoming emails. Holy crap, another user who is clueless about how to configure a 'vacation' responder. Added to the fact that he has chosen to include a legally unenforceable disclaimer, that might very well be the longest of any I have had the misfortune of viewing, and now my day is complete. While awaiting his joyous return, might I suggest that we all send , the designated emergency contact, a warm hello. -- Gerard gerard@seibercom.net You could get a new lease on life -- if only you didn't need the first and last month in advance. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080719/d5f87bd5/signature.bin From robert at ml.erje.net Sat Jul 19 18:20:54 2008 From: robert at ml.erje.net (Robert Joosten) Date: Sat Jul 19 18:21:41 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <20080719131005.506ee61a@scorpio> References: <20080719131005.506ee61a@scorpio> Message-ID: <20080719172053.GE2000@iphouse.com> Hi, > Added to the fact that he has chosen to include a legally unenforceable > disclaimer, that might very well be the longest of any I have had the > misfortune of viewing He ? Who says he has included that ? The fact an autorespnder includes this disclaimer tells me their smtp-gateway attaches that on any outgoing mail. And I know plenty of companies that do that; and you're right: disclaimers are useless. I personally don't know the guys that are on vacation, but lett's kick them off the list and include some warning vacation-responders are not allowed when people sign up. That makes more sense that planning to overthrown their cubicles :-D Cheers, Robert From gerard at seibercom.net Sat Jul 19 22:18:06 2008 From: gerard at seibercom.net (Gerard) Date: Sat Jul 19 22:18:31 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <20080719172053.GE2000@iphouse.com> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> Message-ID: <20080719171806.50a56773@scorpio> On Sat, 19 Jul 2008 19:20:54 +0200 Robert Joosten wrote: > Hi, > > > Added to the fact that he has chosen to include a legally > > unenforceable disclaimer, that might very well be the longest of > > any I have had the misfortune of viewing > > He ? Who says he has included that ? The fact an autorespnder > includes this disclaimer tells me their smtp-gateway attaches that on > any outgoing mail. And I know plenty of companies that do that; and > you're right: disclaimers are useless. You are right, of course. I had not factored in that possibility. FWIW, many localities that require 'disclaimers' do not require them for routine correspondence or mail to publicly accessible lists, such as this one. Germany, if I remember correctly, is one such country. > I personally don't know the guys that are on vacation, but lett's > kick them off the list and include some warning vacation-responders > are not allowed when people sign up. That makes more sense that > planning to overthrown their cubicles :-D Why not both, as well as publicly stating that the use of 'disclaimers' is not acceptable unless mandated by law? That should eliminate a considerable amount of garbage. -- Gerard gerard@seibercom.net I hate trolls. Maybe I could metamorph it into something else -- like a ravenous, two-headed, fire-breathing dragon. Willow -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080719/9ce629d7/signature.bin From J.Ede at birchenallhowden.co.uk Sun Jul 20 08:26:39 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sun Jul 20 08:27:02 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <20080719172053.GE2000@iphouse.com> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Robert Joosten > Sent: 19 July 2008 18:21 > To: MailScanner discussion > Subject: Re: Timo Jacobs is out of the office. > > Hi, > > > Added to the fact that he has chosen to include a legally > unenforceable > > disclaimer, that might very well be the longest of any I have had the > > misfortune of viewing > > He ? Who says he has included that ? The fact an autorespnder includes > this disclaimer tells me their smtp-gateway attaches that on any > outgoing > mail. And I know plenty of companies that do that; and you're right: > disclaimers are useless. > > I personally don't know the guys that are on vacation, but lett's kick > them off the list and include some warning vacation-responders are not > allowed when people sign up. That makes more sense that planning to > overthrown their cubicles :-D The problem with disclaimers is that some managers seem to want them (and added at gateway too), and can't understand the fact that they are mostly completely legally unenforceable. They see them as a necessity due to most of their clients having similar. Jason From drew.marshall at technologytiger.net Sun Jul 20 09:16:08 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sun Jul 20 09:16:21 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> Message-ID: <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> On 20 Jul 2008, at 08:26, Jason Ede wrote: > > The problem with disclaimers is that some managers seem to want them > (and added at gateway too), and can't understand the fact that they > are mostly completely legally unenforceable. They see them as a > necessity due to most of their clients having similar. The thing is that in the UK it is now a legal requirement that some form of footer is included on all company generated email (See http://www.theregister.co.uk/2006/12/21/new_web_email_regulation/ ). The problem is that most managers/ companies take the opportunity to then add 3 more paragraphs of completely unenforceable rubbish. The auditors to one of my client's have more disclaimer than content in 99.5% of their emails. The finance departments are under instruction not to print their emails as the paper wasted in disclaimers is huge! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From hvdkooij at vanderkooij.org Sun Jul 20 10:49:06 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jul 20 10:49:16 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> Message-ID: <48830A12.2040005@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Marshall wrote: | In line with our policy, this message has been scanned for viruses and | dangerouscontent by Technology Tiger's Mail Launder system | | Our email policy can be found at www.technologytiger.net/policy Hmmm. English is not my primary language. But it seems it is not yours either ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIgwoQBvzDRVjxmYERAs3lAKCrqNtMb4Isuy0OKDwnzpkIL6nliACfVlON 6b1XoqFI/Jnw7ruKHJ7r2G0= =DeQp -----END PGP SIGNATURE----- From drew.marshall at technologytiger.net Sun Jul 20 11:11:58 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sun Jul 20 11:12:13 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <48830A12.2040005@vanderkooij.org> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <48830A12.2040005@vanderkooij.org> Message-ID: <20E7969A-A473-4FAF-9C81-3B47F61ABC20@technologytiger.net> On 20 Jul 2008, at 10:49, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Drew Marshall wrote: > > | In line with our policy, this message has been scanned for viruses > and > | dangerouscontent by Technology Tiger's Mail Launder system > | > | Our email policy can be found at www.technologytiger.net/policy > > Hmmm. English is not my primary language. But it seems it is not yours > either ;-) LOL, the only small bonus is that the policy is not stuck to the bottom of every email. I can just about live with a single line. Sadly English is just about my only language, and clearly I'm not very good at that either :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From paul.bijnens at xplanation.com Sun Jul 20 11:55:51 2008 From: paul.bijnens at xplanation.com (Paul Bijnens) Date: Sun Jul 20 11:56:04 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <488319B7.90606@xplanation.com> > If you received this in error, please contact the sender and delete the material from any computer. OK, hereby I inform you that you send this mail in error to me. Timo.Jacobs@partners.de wrote: > I will be out of the office starting 09.07.2008 and will not return until > 25.07.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > > Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Gesch?ftsf?hrer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 _________________________________________________________________ Diese Information ist ausschlie?lich f?r die adressierte Person oder Organisation bestimmt und k?nnte vertrauliches und/oder privilegiertes Material enthalten. Personen oder Organisationen, f?r die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, erneut zu ?bertragen, zu verbreiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Massnahmen irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrt?mlich erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung zu setzen und das Material von Ihrem Computer zu l?schen. Unbeschadet dessen ist allein die von uns unterzeichnete schriftliche Fassung verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit und ohne Zutun von Dritten verloren gehen, ver?ndert oder verf?lscht werden k?nnen. Herk?mmliche E-Mails sind nicht gegen den Zugriff von Dritten gesch?tzt und deshalb ist auch die Vertraulichkeit unter Umst?nden nicht gewahrt. Wir haften deshalb nicht f?r die Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich verlassen haben und k?nnen Ihnen hieraus entstehende Schaeden nicht ersetzen. Bitte beachten Sie, dass eine AntiViren- und AntiSPAM-L?sung installiert ist und alle eingehenden EMails untersucht werden, um die Sicherheit unserer Informationssysteme zu gew?hrleisten. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. You have asked us to correspond with you via the Internet per e-mail. However, the written version signed by us is the only authoritative version. We draw your attention to the fact that such messages can be lost, changed or falsified, with or without any interference by third persons. Normal e-mails are not protected against access by third persons and, therefore, their confidentiality may not be assured in certain circumstances. We cannot be responsible for the integrity of emails after they have left our sphere of control. Please note that in order to protect the security of our information systems an AntiVirus- and AntiSPAM solution is in use and will browse through incoming emails. _________________________________________________________________ -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gerard at seibercom.net Sun Jul 20 13:02:03 2008 From: gerard at seibercom.net (Gerard) Date: Sun Jul 20 13:02:19 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> Message-ID: <20080720080203.694e54b9@scorpio> On Sun, 20 Jul 2008 09:16:08 +0100 Drew Marshall wrote: > The thing is that in the UK it is now a legal requirement that some > form of footer is included on all company generated email (See > http://www.theregister.co.uk/2006/12/21/new_web_email_regulation/ ). > The problem is that most managers/ companies take the opportunity to > then add 3 more paragraphs of completely unenforceable rubbish. The > auditors to one of my client's have more disclaimer than content in > 99.5% of their emails. The finance departments are under instruction > not to print their emails as the paper wasted in disclaimers is huge! Obviously, I do not live in a locality that requires in any form these insidious 'disclaimers'; however, since it has now become a requirement in certain areas of the world, might it not be a wise decision to allow or at least request that a user only be allowed to post to this forum from his/her personal email account? One that does not require this 'disclaimer' nonsense. In my opinion, when someone is at their job, they should not be investing company time on personal business anyway. I know that belief is not universally embraced; however, as an employer myself, I like to think that my employees are devoting at least a majority of their time to company business. For the record, we do have 'monitoring software' installed. Who would have known that women enjoy 'porn' almost as much as men. -- Gerard gerard@seibercom.net Eating chocolate is like being in love without the aggravation. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080720/f10785df/signature.bin From mike at mellis.me.uk Sun Jul 20 18:22:15 2008 From: mike at mellis.me.uk (Mike Ellis) Date: Sun Jul 20 18:22:40 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <48837447.8020608@mellis.me.uk> Timo.Jacobs@partners.de wrote: > I will be out of the office starting 09.07.2008 and will not return until > 25.07.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > > Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Gesch?ftsf?hrer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 _________________________________________________________________ Diese Information ist ausschlie?lich f?r die adressierte Person oder Organisation bestimmt und k?nnte vertrauliches und/oder privilegiertes Material enthalten. Personen oder Organisationen, f?r die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, erneut zu ?bertragen, zu verbreiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Massnahmen irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrt?mlich erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung zu setzen und das Material von Ihrem Computer zu l?schen. Unbeschadet dessen ist allein die von uns unterzeichnete schriftliche Fassung verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit und oh ne Zutun von Dritten verloren gehen, ver?ndert oder verf?lscht werden k?nnen. Herk?mmliche E-Mails sind nicht gegen den Zugriff von Dritten gesch?tzt und deshalb ist auch die Vertraulichkeit unter Umst?nden nicht gewahrt. Wir haften deshalb nicht f?r die Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich verlassen haben und k?nnen Ihnen hieraus entstehende Schaeden nicht ersetzen. Bitte beachten Sie, dass eine AntiViren- und AntiSPAM-L?sung installiert ist und alle eingehenden EMails untersucht werden, um die Sicherheit unserer Informationssysteme zu gew?hrleisten. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibi ted. If you received this in error, please contact the sender and delete the material from any computer. You have asked us to correspond with you via the Internet per e-mail. However, the written version signed by us is the only authoritative version. We draw your attention to the fact that such messages can be lost, changed or falsified, with or without any interference by third persons. Normal e-mails are not protected against access by third persons and, therefore, their confidentiality may not be assured in certain circumstances. We cannot be responsible for the integrity of emails after they have left our sphere of control. Please note that in order to protect the security of our information systems an AntiVirus- and AntiSPAM solution is in use and will browse through incoming emails. _________________________________________________________________ -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! As per the extremely long message in your signature, I received this message in error - your error - as you should configure your out of office message not to send to mailing lists. From mike at mellis.me.uk Sun Jul 20 18:29:32 2008 From: mike at mellis.me.uk (Mike Ellis) Date: Sun Jul 20 18:29:58 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <20080720080203.694e54b9@scorpio> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> Message-ID: <488375FC.9060903@mellis.me.uk> Gerard wrote: > Obviously, I do not live in a locality that requires in any form these > insidious 'disclaimers'; however, since it has now become a requirement > in certain areas of the world, might it not be a wise decision to allow > or at least request that a user only be allowed to post to this forum > from his/her personal email account? One that does not require this > 'disclaimer' nonsense. In my opinion, when someone is at their job, > they should not be investing company time on personal business anyway. > I know that belief is not universally embraced; however, as an employer > myself, I like to think that my employees are devoting at least a > majority of their time to company business. For the record, we do have > 'monitoring software' installed. Who would have known that women enjoy > 'porn' almost as much as men. > What if someone is using MailScanner in a business environment and does not have a private address? ME From alex at rtpty.com Sun Jul 20 19:23:17 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jul 20 19:23:31 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <488319B7.90606@xplanation.com> References: <488319B7.90606@xplanation.com> Message-ID: <68B2FA60-59FF-418D-B34D-11789338AB9A@rtpty.com> Is it now my "duty" to go out and find each and every computer with a copy of this silly disclaimer and delete it? On Jul 20, 2008, at 5:55 AM, Paul Bijnens wrote: >> If you received this in error, please contact the sender and delete >> the material from any computer. > > > > > OK, hereby I inform you that you send this mail in error to me. Disclaimer: I fart in your disclaimer's general direction. From alex at rtpty.com Sun Jul 20 19:24:16 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jul 20 19:24:28 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <20080720080203.694e54b9@scorpio> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> Message-ID: In my experience, more so! On Jul 20, 2008, at 7:02 AM, Gerard wrote: > Who would have known that women enjoy > 'porn' almost as much as men. From hvdkooij at vanderkooij.org Sun Jul 20 20:03:13 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jul 20 20:03:23 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <48837447.8020608@mellis.me.uk> References: <48837447.8020608@mellis.me.uk> Message-ID: <48838BF1.50702@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Ellis wrote: | Timo.Jacobs@partners.de wrote: |> I will be ..... | As per the extremely long message in your signature, I received this | message in error - your error - as you should configure your out of | office message not to send to mailing lists. May I suggest that Jules takes care of it in a more permanent manner? That is not just remove the subscriber from the mailinglist but prevent him from getting back on as well? We get about 1 each month from this company on the mailinglist. And the suggested alternative contacts? They send out these stupid auto-replies as well. So I think it should be taken care of on a more permanent base. Actually I wrote some postfix header checks to get rid of some of these messages myself. They are just not accepted. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIg4vvBvzDRVjxmYERAp97AKCUL8kszklwxNbag45BwmIO3G2WeACeLRoF cEHmUxxYiqUYHaVm9awJfcU= =3iUG -----END PGP SIGNATURE----- From gerard at seibercom.net Sun Jul 20 20:22:37 2008 From: gerard at seibercom.net (Gerard) Date: Sun Jul 20 20:23:05 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <488375FC.9060903@mellis.me.uk> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> <488375FC.9060903@mellis.me.uk> Message-ID: <20080720152237.7c161c07@scorpio> On Sun, 20 Jul 2008 18:29:32 +0100 Mike Ellis wrote: [snip] > What if someone is using MailScanner in a business environment and > does not have a private address? The obvious answer is that the user should obtain one. There are dozens (literally) of free email accounts available if the user is does not want to use his/her ISP's SMTP/POP services. a) Yahoo b) Hotmail c) GMail Just to list a few. In any case, unless the poster is also the system administrator, why would they be posting regarding MailScanner on their system anyway? Furthermore, I do not know of a single SA that does not have a private email address; although, I guess it is theoretically possible. -- Gerard gerard@seibercom.net You are only young once, but you can stay immature indefinitely. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080720/043a58ab/signature.bin From ssilva at sgvwater.com Sun Jul 20 22:35:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Jul 20 22:35:13 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: on 7-19-2008 9:09 AM Timo.Jacobs@partners.de spake the following: > I will be out of the office starting 09.07.2008 and will not return until > 25.07.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > Nothing like a 2 sentence message with 2 pages of disclaimers! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080720/d508d79b/signature.bin From spamtrap71892316634 at anime.net Sun Jul 20 23:25:42 2008 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Sun Jul 20 23:25:56 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <488375FC.9060903@mellis.me.uk> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> <488375FC.9060903@mellis.me.uk> Message-ID: On Sun, 20 Jul 2008, Mike Ellis wrote: > What if someone is using MailScanner in a business environment and does not > have a private address? If they are too stupid to get a hotmail/gmail/etc account then quite frankly they should just leave the internet completely and never come back. -Dan From lhaig at haigmail.com Mon Jul 21 00:12:06 2008 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jul 21 00:12:18 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> <488375FC.9060903@mellis.me.uk> Message-ID: <4883C646.3030908@haigmail.com> Easy Easy guys, This is not what this list is like. It has always been friendly and now we are getting personal.. So they made mistakes, it happens. we are all annoyed and upset. We have said so and now we need to move on. Regards Lance From alex at rtpty.com Mon Jul 21 00:31:48 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jul 21 00:32:02 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <4883C646.3030908@haigmail.com> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> <488375FC.9060903@mellis.me.uk> <4883C646.3030908@haigmail.com> Message-ID: <77030CD9-E1C0-416C-91A1-62D2528D6998@rtpty.com> Goose... Frah... Bah.... On Jul 20, 2008, at 6:12 PM, Lance Haig wrote: > This is not what this list is like. It has always been friendly and > now we are getting personal.. So they made mistakes, it happens. we > are all annoyed and upset. We have said so and now we need to move on. From peter at farrows.org Mon Jul 21 01:21:25 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jul 21 01:22:09 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <77030CD9-E1C0-416C-91A1-62D2528D6998@rtpty.com> References: <20080719131005.506ee61a@scorpio> <20080719172053.GE2000@iphouse.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local> <8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net> <20080720080203.694e54b9@scorpio> <488375FC.9060903@mellis.me.uk> <4883C646.3030908@haigmail.com> <77030CD9-E1C0-416C-91A1-62D2528D6998@rtpty.com> Message-ID: <4883D685.9080206@farrows.org> Alex Neuman wrote: > Goose... Frah... Bah.... > > On Jul 20, 2008, at 6:12 PM, Lance Haig wrote: > >> This is not what this list is like. It has always been friendly and >> now we are getting personal.. So they made mistakes, it happens. we >> are all annoyed and upset. We have said so and now we need to move on. > This fellows poor auto response has generated more useless noise on this list than any other I care to remember. Really guys, get over it, drop it, move along nothing to see here. Its like a bunch of WI ladies arguing over a copied jam recipe. Coupled with bouts of gratuitous self back patting about how everyone else is so perfect they would never commit such a heinous crime as an auto responder to the internet. What a bunch of gossiping old dears...early bed for the lot of you with no tea and you'll forfiet your game of whist at the liberal club for the next 10 days. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From mogens at fumlersoft.dk Mon Jul 21 11:06:02 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Jul 21 11:06:40 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <48838BF1.50702@vanderkooij.org> References: <48837447.8020608@mellis.me.uk> <48838BF1.50702@vanderkooij.org> Message-ID: On Sun, July 20, 2008 21:03, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Ellis wrote: > | Timo.Jacobs@partners.de wrote: > |> I will be ..... > > | As per the extremely long message in your signature, I received this > | message in error - your error - as you should configure your out of > | office message not to send to mailing lists. > > May I suggest that Jules takes care of it in a more permanent manner? > > That is not just remove the subscriber from the mailinglist but prevent > him from getting back on as well? > > We get about 1 each month from this company on the mailinglist. And the > suggested alternative contacts? They send out these stupid auto-replies > as well. > > So I think it should be taken care of on a more permanent base. > > Actually I wrote some postfix header checks to get rid of some of these > messages myself. They are just not accepted. > > Hugo. Well, my /etc/mail/access contains folowing lines ;^) partners.de ERROR:"550 Reject : partners.de - Braindead vacation by timo.jacobs@partners.de" interactivedata.com ERROR:"550 Reject : interactivedata.com - Braindead vacation by norbert.schmidt@interactivedata.com" That should do it. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Jul 21 11:16:44 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jul 21 11:17:17 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: <48837447.8020608@mellis.me.uk> <48838BF1.50702@vanderkooij.org> Message-ID: <4884620C.4070702@farrows.org> Mogens Melander wrote: > On Sun, July 20, 2008 21:03, Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Mike Ellis wrote: >> | Timo.Jacobs@partners.de wrote: >> |> I will be ..... >> >> | As per the extremely long message in your signature, I received this >> | message in error - your error - as you should configure your out of >> | office message not to send to mailing lists. >> >> May I suggest that Jules takes care of it in a more permanent manner? >> >> That is not just remove the subscriber from the mailinglist but prevent >> him from getting back on as well? >> >> We get about 1 each month from this company on the mailinglist. And the >> suggested alternative contacts? They send out these stupid auto-replies >> as well. >> >> So I think it should be taken care of on a more permanent base. >> >> Actually I wrote some postfix header checks to get rid of some of these >> messages myself. They are just not accepted. >> >> Hugo. >> > > Well, my /etc/mail/access contains folowing lines ;^) > > partners.de ERROR:"550 Reject : partners.de > - Braindead vacation by timo.jacobs@partners.de" > interactivedata.com ERROR:"550 Reject : interactivedata.com > - Braindead vacation by norbert.schmidt@interactivedata.com" > > That should do it. > > Can't the list manager just take them off. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [1]. http://www.inexcom.co.uk From telecaadmin at gmail.com Mon Jul 21 11:16:40 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jul 21 11:19:27 2008 Subject: OT: Timo Jacobs is out of the office. In-Reply-To: References: <48837447.8020608@mellis.me.uk> <48838BF1.50702@vanderkooij.org> Message-ID: <48846208.9050307@gmail.com> Well, guys, how about the old and pragmatic approach. Jules might suspend their ML subscription. We continue with our lives&works instead of complaining about how bad the Internet has gotten and demanding a semi-public lynching. On a more personal side note - everybody makes mistakes. Just made a huge one 3 hours ago, and luckily, I was not judged. Back to the happy, problem-solving days, please! Cheers, Ronny From MailScanner at ecs.soton.ac.uk Mon Jul 21 14:31:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 21 14:31:50 2008 Subject: Test post - please do not reply or follow up Message-ID: <48848FA8.5040202@ecs.soton.ac.uk> I'm testing the MailBucket.org mailing-list to RSS feed converter, as hopefully the author has added a new feature for me so the list postings do not get
 tags round them, so they are easier to read on my phone.

Let's see what happens to this post. If anyone with an RSS feed reader 
can prove this post doesn't have 
 tags where earlier messages 
(before about 11am today GMT) had them, I would welcome that information 
sent to me by email to mailscanner@ecs.soton.ac.uk.

Thanks guys!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lhaig at haigmail.com  Mon Jul 21 14:48:49 2008
From: lhaig at haigmail.com (Lance Haig)
Date: Mon Jul 21 14:49:00 2008
Subject: Neww RSS feed links need swapping
Message-ID: <488493C1.8080305@haigmail.com>

Hi Julian,

Just an FYI the two rss links on the website need swapping as you have 
the list one under announcements and and visa versa(hope that is right)

Regards

Lance
From MailScanner at ecs.soton.ac.uk  Mon Jul 21 15:15:40 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul 21 15:18:04 2008
Subject: Neww RSS feed links need swapping
In-Reply-To: 
References: 
Message-ID: <48849A0C.2000200@ecs.soton.ac.uk>

Thanks for noticing that one! Silly me :-)
Fixed now.

And any users of the RSS feed will notice that the postings no longer 
have 
 tags on them, so they appear in a non-monospaced font which I 
find easier to read (and I paid for the feature, so you get it whether 
you like it or not :-) If you have any constructive ways of improving 
the appearance of the RSS feed version, please let me know as I might 
still have some buying power for new minor features on his service.

Cheers,
Jules.

Lance Haig wrote:
> Hi Julian,
>
> Just an FYI the two rss links on the website need swapping as you have 
> the list one under announcements and and visa versa(hope that is right)
>
> Regards
>
> Lance

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Sylvain.Phaneuf at imsu.ox.ac.uk  Mon Jul 21 15:38:39 2008
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Mon Jul 21 15:38:54 2008
Subject: Neww RSS feed links need swapping
In-Reply-To: <48849A0C.2000200@ecs.soton.ac.uk>
References: 
	<48849A0C.2000200@ecs.soton.ac.uk>
Message-ID: <4884AD7E.FEA8.00EB.0@imsu.ox.ac.uk>

I love it when people are starting using their phone to read their mail. Top posting becomes acceptable :-)

Sylvain
(on my BlackBerry)

>>> On 21/07/2008 at 15:15, Julian Field  wrote:
> Thanks for noticing that one! Silly me :-)
> Fixed now.
> 
> And any users of the RSS feed will notice that the postings no longer 
> have 
 tags on them, so they appear in a non-monospaced font which I 
> find easier to read (and I paid for the feature, so you get it whether 
> you like it or not :-) If you have any constructive ways of improving 
> the appearance of the RSS feed version, please let me know as I might 
> still have some buying power for new minor features on his service.
> 
> Cheers,
> Jules.
> 
> Lance Haig wrote:
>> Hi Julian,
>>
>> Just an FYI the two rss links on the website need swapping as you have 
>> the list one under announcements and and visa versa(hope that is right)
>>
>> Regards
>>
>> Lance
> 
> Jules

From hywel.burris at comtec-europe.co.uk  Mon Jul 21 16:03:00 2008
From: hywel.burris at comtec-europe.co.uk (Hywel Burris)
Date: Mon Jul 21 16:03:25 2008
Subject: Neww RSS feed links need swapping
Message-ID: 



-----Original Message-----
From: Lance Haig 
Sent: 21 July 2008 14:53
To: MailScanner discussion 
Subject: Neww RSS feed links need swapping


Hi Julian,

Just an FYI the two rss links on the website need swapping as you have
the list one under announcements and and visa versa(hope that is right)

Regards

Lance
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/

************************************************************************
Comtec (Europe) Ltd. Registered in England and Wales. Company Registration Number: 03090173. This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. 

Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free.
 

From slavikh2000 at gmail.com  Mon Jul 21 16:32:39 2008
From: slavikh2000 at gmail.com (Slavi Khodorkovsky)
Date: Mon Jul 21 16:32:48 2008
Subject: mailscanner with clamav an spamassasin howto
Message-ID: 

Try to see  if you have symbolic link to Spamasassin within the MailScanner :

You might have installed MailScanner after spamasassin ,
This might be the recomendation in install log that you missed :
WARNING: You must create a link in /etc/mail/spamassassin called mailscanner.cf
WARNING: which points to the spam.assassin.prefs.conf file in the
WARNING: MailScanner etc directory.
From jra at baylink.com  Mon Jul 21 16:36:29 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Mon Jul 21 16:36:39 2008
Subject: Neww RSS feed links need swapping
In-Reply-To: <4884AD7E.FEA8.00EB.0@imsu.ox.ac.uk>
References: 
	<48849A0C.2000200@ecs.soton.ac.uk>
	<4884AD7E.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <20080721153629.GD19766@cgi.jachomes.com>

On Mon, Jul 21, 2008 at 03:38:39PM +0100, Sylvain Phaneuf wrote:
> I love it when people are starting using their phone to read their
> mail. Top posting becomes acceptable :-)

"Delete Original Text".

:-)

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Josef Stalin)
From gerard at seibercom.net  Mon Jul 21 16:44:48 2008
From: gerard at seibercom.net (Gerard)
Date: Mon Jul 21 16:45:12 2008
Subject: Neww RSS feed links need swapping
In-Reply-To: <4884AD7E.FEA8.00EB.0@imsu.ox.ac.uk>
References: 
	<48849A0C.2000200@ecs.soton.ac.uk>
	<4884AD7E.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <20080721114448.414b610b@scorpio>

On Mon, 21 Jul 2008 15:38:39 +0100
"Sylvain Phaneuf"  wrote:

[snip]

> I love it when people are starting using their phone to read their
> mail. Top posting becomes acceptable :-)

I seriously hope not. Dozens of carpet cleaning devices are available;
however, that does not mean that throwing garbage onto a rug is
acceptable.

-- 
Gerard
gerard@seibercom.net

To understand a program you must become both the machine and the
program.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080721/573aad51/signature.bin
From ssilva at sgvwater.com  Mon Jul 21 17:56:25 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 21 17:56:14 2008
Subject: Timo Jacobs is out of the office.
In-Reply-To: <488375FC.9060903@mellis.me.uk>
References: 	<20080719131005.506ee61a@scorpio>	<20080719172053.GE2000@iphouse.com>	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AA4FD5@server02.bhl.local>	<8B2A8D14-54F3-4C66-A0E5-B5DABDB8F349@technologytiger.net>	<20080720080203.694e54b9@scorpio>
	<488375FC.9060903@mellis.me.uk>
Message-ID: 

on 7-20-2008 10:29 AM Mike Ellis spake the following:
> Gerard wrote:
>> Obviously, I do not live in a locality that requires in any form these
>> insidious 'disclaimers'; however, since it has now become a requirement
>> in certain areas of the world, might it not be a wise decision to allow
>> or at least request that a user only be allowed to post to this forum
>> from his/her personal email account? One that does not require this
>> 'disclaimer' nonsense. In my opinion, when someone is at their job,
>> they should not be investing company time on personal business anyway.
>> I know that belief is not universally embraced; however, as an employer
>> myself, I like to think that my employees are devoting at least a
>> majority of their time to company business. For the record, we do have
>> 'monitoring software' installed. Who would have known that women enjoy
>> 'porn' almost as much as men.
>>
> 
> What if someone is using MailScanner in a business environment and does 
> not have a private address?
> 
> ME
If someone is using MailScanner in a business environment, and is not allowed 
to have an outside account, they "hopefully" are the e-mail admin, and should 
set themselves up with a second account just for lists WITHOUT an 
autoirritator, I mean autoresponder.

Secondary accounts are very useful to a mail admin for testing and such, and 
it is always good to have an address outside of your domain. The sysadmin 
needs to have some things that may not be allowed to the rest of the workforce.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080721/b373e864/signature.bin
From ssilva at sgvwater.com  Mon Jul 21 17:59:24 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 21 18:00:13 2008
Subject: OT: Timo Jacobs is out of the office.
In-Reply-To: <48846208.9050307@gmail.com>
References: 	<48837447.8020608@mellis.me.uk>	<48838BF1.50702@vanderkooij.org>	
	<48846208.9050307@gmail.com>
Message-ID: 

on 7-21-2008 3:16 AM Ronny T. Lampert spake the following:
> Well, guys, how about the old and pragmatic approach.
> Jules might suspend their ML subscription. We continue with our 
> lives&works instead of complaining about how bad the Internet has gotten 
> and demanding a semi-public lynching.
> 
> On a more personal side note - everybody makes mistakes. Just made a 
> huge one 3 hours ago, and luckily, I was not judged.
> 
> Back to the happy, problem-solving days, please!
> Cheers,
> Ronny
We will be picking on you shortly. You are number 53 in the queue. Thanks for 
the heads-up!  ;-P

Now heckling number 45... Number 45...



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080721/5b10e857/signature.bin
From craig at csfs.co.za  Mon Jul 21 18:14:35 2008
From: craig at csfs.co.za (Craig Retief)
Date: Mon Jul 21 18:16:56 2008
Subject: mailscanner with clamav an spamassasin howto
In-Reply-To: 
References: 
Message-ID: <1216660475.8828.3.camel@cX>

> Try to see  if you have symbolic link to Spamasassin within the MailScanner :
> 
> You might have installed MailScanner after spamasassin ,
> This might be the recomendation in install log that you missed :
> WARNING: You must create a link in /etc/mail/spamassassin called mailscanner.cf
> WARNING: which points to the spam.assassin.prefs.conf file in the
> WARNING: MailScanner etc directory.

I'm going out on a limb here but I imagine this is an error that you are
getting and need help rectifying it.

install MailScanner first and then the easy install package
install-ClamAV-SpamAssassin from the MailScanner downloads page.

Then try this if the file does not get created:

ln
-s /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf

cheers,

Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080721/514590b2/attachment.html
From marco.mangione at gmail.com  Tue Jul 22 08:49:43 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Tue Jul 22 08:49:53 2008
Subject: postifx as MX gateway
Message-ID: 

Hello,

i installed a postfix as MX gateway with transport and mail_ralay on a mysql
DB... now i need to set postfix to accept all recipient instead of permit
only the domain listed in mysql table... there are some way to tell postfix
to accept " *.* " ?

thanks
marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/20ebf05a/attachment.html
From lists at openenterprise.ca  Tue Jul 22 09:09:03 2008
From: lists at openenterprise.ca (lists@openenterprise.ca)
Date: Tue Jul 22 09:09:17 2008
Subject: MS busted! Please Help
Message-ID: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>

I am not sure what happened but after a reboot of my CentOS 5.2 system, the
bootup process stops at loading MailScanner and I need to manually reset. I
disabled the service from autostarting and even when I run "MailScanner -v"
from the shell it just hangs there!! I beleive I updated CentOS from 5.1 or
something to 5.2 a few weeks back but I dont think I rebooted the system.

I also downloaded the latest MailScanner tarball and updated but it still
wont start?

Can anyone please suggest some options or things to try?

I dont see anything in the /var/log/maillog either and when I ctl-c the
stalled shell where I tried to run "MailScanner -v". I then see the usual
"MailScanner" lines in /var/log/maillog (see below), but it does not seem
to be working and no mail is getting through?

Thanks


Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist 
Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries 
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child 
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist 
Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist 
Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries 
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child 
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist 
Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist 
Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries 
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child 
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist 
Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist 
Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries 
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child 
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist 
Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist 
Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries 
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child 
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist 
Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
phishing blacklist 
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist 
Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries 
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child 
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist 
Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to 600
seconds
Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
phishing blacklist 
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist 
Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries 
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child 
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist 
Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
phishing blacklist 
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist 
Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries 
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child 
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist 
Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
phishing blacklist 
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist 
Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries 
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child 
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist 
Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting... 
Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
phishing whitelist 
Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
phishing blacklist 
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function SQLBlacklist 
Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist 
Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries 
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child 
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist 


From J.Ede at birchenallhowden.co.uk  Tue Jul 22 09:18:54 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul 22 09:23:26 2008
Subject: MS busted! Please Help
In-Reply-To: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of lists@openenterprise.ca [lists@openenterprise.ca]
Sent: 22 July 2008 09:09
To: mailscanner@lists.mailscanner.info
Subject: MS busted! Please Help

I am not sure what happened but after a reboot of my CentOS 5.2 system, the
bootup process stops at loading MailScanner and I need to manually reset. I
disabled the service from autostarting and even when I run "MailScanner -v"
from the shell it just hangs there!! I beleive I updated CentOS from 5.1 or
something to 5.2 a few weeks back but I dont think I rebooted the system.

I also downloaded the latest MailScanner tarball and updated but it still
wont start?

Can anyone please suggest some options or things to try?

I dont see anything in the /var/log/maillog either and when I ctl-c the
stalled shell where I tried to run "MailScanner -v". I then see the usual
"MailScanner" lines in /var/log/maillog (see below), but it does not seem
to be working and no mail is getting through?

Thanks


Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist
Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child
Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist
Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist
Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child
Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist
Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist
Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child
Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist
Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist
Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child
Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist
Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist
Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child
Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist
Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
phishing blacklist
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function SQLBlacklist
Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist
Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function MailWatchLogging
Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child
Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
function SQLWhitelist
Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist
Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to 600
seconds
Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
phishing blacklist
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function SQLBlacklist
Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist
Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function MailWatchLogging
Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child
Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
function SQLWhitelist
Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist
Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
phishing blacklist
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function SQLBlacklist
Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist
Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function MailWatchLogging
Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child
Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
function SQLWhitelist
Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist
Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
phishing blacklist
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function SQLBlacklist
Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist
Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function MailWatchLogging
Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child
Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
function SQLWhitelist
Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist
Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus Scanner
version 4.70.7 starting...
Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
phishing whitelist
Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
phishing blacklist
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function SQLBlacklist
Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist
Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function MailWatchLogging
Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child
Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
function SQLWhitelist
Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist


What happens when you run MailScanner --lint? or MailScanner --debug?

Jason
From martinh at solidstatelogic.com  Tue Jul 22 09:23:24 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul 22 09:23:34 2008
Subject: postifx as MX gateway
In-Reply-To: 
Message-ID: <2ebae8c44319504883841f73d303fa28@solidstatelogic.com>

Marco

Ask on the postfix list...basically undo what you did to add this restriction in :-)

This 'could' be a bad idea. I drop quite a lot of unknown recipients at the incoming level, and this keeps my MS ruuning nicely.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Marco mangione
> Sent: 22 July 2008 08:50
> To: MailScanner discussion
> Subject: postifx as MX gateway
>
> Hello,
>
> i installed a postfix as MX gateway with transport and
> mail_ralay on a mysql DB... now i need to set postfix to
> accept all recipient instead of permit only the domain listed
> in mysql table... there are some way to tell postfix to
> accept " *.* " ?
>
> thanks
> marco
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From telecaadmin at gmail.com  Tue Jul 22 09:36:09 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Tue Jul 22 09:36:19 2008
Subject: OT: postifx as MX gateway
In-Reply-To: <2ebae8c44319504883841f73d303fa28@solidstatelogic.com>
References: <2ebae8c44319504883841f73d303fa28@solidstatelogic.com>
Message-ID: <48859BF9.7000801@gmail.com>

>> in mysql table... there are some way to tell postfix to
>> accept " *.* " ?

Basically, remove the following from smtpd_recipient_restrictions

reject_unlisted_recipient
reject_unverified_recipient

If you really want to receive "*" ... then remove the recipient 
restrictions altogether, and do not check for valid relay domains 
either. Still, as Martin said: just don't do it.

Cheers,
Ronny
From lists at openenterprise.ca  Tue Jul 22 09:51:32 2008
From: lists at openenterprise.ca (lists@openenterprise.ca)
Date: Tue Jul 22 09:51:49 2008
Subject: MS busted! Please Help
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
Message-ID: <8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>

MailScanner --lint

Trying to setlogsock(unix)
Read 826 hostnames from the phishing whitelist
Read 2928 hostnames from the phishing blacklist
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 2 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist


And just hangs here.......until I ctl-c


MailScanner --debug just hangs but in /var/log/maillog I see all the
"normal" lines of MailScanner after hitting ctl-c and the last line is also
"Starting up SQL Whitelist"


Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Blacklist 
Jul 22 01:48:57 gateway MailScanner[10830]: Read 2 blacklist entries 
Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
function MailWatchLogging 
Jul 22 01:48:57 gateway MailScanner[10830]: Started SQL Logging child 
Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
function SQLWhitelist 
Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Whitelist 


Seems like something related to "SQL Whitelist" but I have not changed
anything on the system?




On Tue, 22 Jul 2008 09:18:54 +0100, Jason Ede
 wrote:
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info
> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> lists@openenterprise.ca [lists@openenterprise.ca]
> Sent: 22 July 2008 09:09
> To: mailscanner@lists.mailscanner.info
> Subject: MS busted! Please Help
> 
> I am not sure what happened but after a reboot of my CentOS 5.2 system,
> the
> bootup process stops at loading MailScanner and I need to manually reset.
> I
> disabled the service from autostarting and even when I run "MailScanner
> -v"
> from the shell it just hangs there!! I beleive I updated CentOS from 5.1
> or
> something to 5.2 a few weeks back but I dont think I rebooted the system.
> 
> I also downloaded the latest MailScanner tarball and updated but it still
> wont start?
> 
> Can anyone please suggest some options or things to try?
> 
> I dont see anything in the /var/log/maillog either and when I ctl-c the
> stalled shell where I tried to run "MailScanner -v". I then see the usual
> "MailScanner" lines in /var/log/maillog (see below), but it does not seem
> to be working and no mail is getting through?
> 
> Thanks
> 
> 
> Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist
> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries
> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child
> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist
> Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist
> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries
> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child
> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist
> Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist
> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries
> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child
> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist
> Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist
> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries
> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child
> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist
> Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist
> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries
> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child
> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist
> Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
> phishing blacklist
> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist
> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries
> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child
> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist
> Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to
600
> seconds
> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
> phishing blacklist
> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist
> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries
> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child
> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist
> Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
> phishing blacklist
> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist
> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries
> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child
> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist
> Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
> phishing blacklist
> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist
> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries
> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child
> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist
> Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus
> Scanner
> version 4.70.7 starting...
> Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
> phishing whitelist
> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
> phishing blacklist
> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
> function SQLBlacklist
> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist
> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries
> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
> function MailWatchLogging
> Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child
> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
> function SQLWhitelist
> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist
> 
> 
> What happens when you run MailScanner --lint? or MailScanner --debug?
> 
> Jason
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From peter at farrows.org  Tue Jul 22 10:01:03 2008
From: peter at farrows.org (Peter Farrow)
Date: Tue Jul 22 10:01:24 2008
Subject: MS busted! Please Help
In-Reply-To: <8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
Message-ID: <4885A1CF.6070906@farrows.org>



lists@openenterprise.ca wrote:
> MailScanner --lint
>
> Trying to setlogsock(unix)
> Read 826 hostnames from the phishing whitelist
> Read 2928 hostnames from the phishing blacklist
> Config: calling custom init function SQLBlacklist
> Starting up SQL Blacklist
> Read 2 blacklist entries
> Config: calling custom init function MailWatchLogging
> Started SQL Logging child
> Config: calling custom init function SQLWhitelist
> Starting up SQL Whitelist
>
>
> And just hangs here.......until I ctl-c
>
>
> MailScanner --debug just hangs but in /var/log/maillog I see all the
> "normal" lines of MailScanner after hitting ctl-c and the last line is also
> "Starting up SQL Whitelist"
>
>
> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Blacklist 
> Jul 22 01:48:57 gateway MailScanner[10830]: Read 2 blacklist entries 
> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
> function MailWatchLogging 
> Jul 22 01:48:57 gateway MailScanner[10830]: Started SQL Logging child 
> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
> function SQLWhitelist 
> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Whitelist 
>
>
> Seems like something related to "SQL Whitelist" but I have not changed
> anything on the system?
>
>
>
>
> On Tue, 22 Jul 2008 09:18:54 +0100, Jason Ede
>  wrote:
>   
>> ________________________________________
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>> lists@openenterprise.ca [lists@openenterprise.ca]
>> Sent: 22 July 2008 09:09
>> To: mailscanner@lists.mailscanner.info
>> Subject: MS busted! Please Help
>>
>> I am not sure what happened but after a reboot of my CentOS 5.2 system,
>> the
>> bootup process stops at loading MailScanner and I need to manually reset.
>> I
>> disabled the service from autostarting and even when I run "MailScanner
>> -v"
>> from the shell it just hangs there!! I beleive I updated CentOS from 5.1
>> or
>> something to 5.2 a few weeks back but I dont think I rebooted the system.
>>
>> I also downloaded the latest MailScanner tarball and updated but it still
>> wont start?
>>
>> Can anyone please suggest some options or things to try?
>>
>> I dont see anything in the /var/log/maillog either and when I ctl-c the
>> stalled shell where I tried to run "MailScanner -v". I then see the usual
>> "MailScanner" lines in /var/log/maillog (see below), but it does not seem
>> to be working and no mail is getting through?
>>
>> Thanks
>>
>>
>> Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist
>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries
>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child
>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist
>> Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist
>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries
>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child
>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist
>> Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist
>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries
>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child
>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist
>> Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist
>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries
>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child
>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist
>> Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist
>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries
>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child
>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist
>> Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
>> phishing blacklist
>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist
>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries
>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child
>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist
>> Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to
>>     
> 600
>   
>> seconds
>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
>> phishing blacklist
>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist
>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries
>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child
>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist
>> Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
>> phishing blacklist
>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist
>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries
>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child
>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist
>> Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
>> phishing blacklist
>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist
>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries
>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child
>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist
>> Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus
>> Scanner
>> version 4.70.7 starting...
>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
>> phishing whitelist
>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
>> phishing blacklist
>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>> function SQLBlacklist
>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist
>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries
>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child
>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist
>>
>>
>> What happens when you run MailScanner --lint? or MailScanner --debug?
>>
>> Jason
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>   

Are you using MailWatch?

If use is your (My)sql server running and contactable?

If is Mysql

service mysql status

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/95f2e042/attachment-0001.html
From J.Ede at birchenallhowden.co.uk  Tue Jul 22 10:02:51 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul 22 10:05:41 2008
Subject: MS busted! Please Help
In-Reply-To: <8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>,
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0051@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of lists@openenterprise.ca [lists@openenterprise.ca]
Sent: 22 July 2008 09:51
To: MailScanner discussion
Subject: RE: MS busted! Please Help

MailScanner --lint

Trying to setlogsock(unix)
Read 826 hostnames from the phishing whitelist
Read 2928 hostnames from the phishing blacklist
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 2 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist


And just hangs here.......until I ctl-c


MailScanner --debug just hangs but in /var/log/maillog I see all the
"normal" lines of MailScanner after hitting ctl-c and the last line is also
"Starting up SQL Whitelist"


Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Blacklist
Jul 22 01:48:57 gateway MailScanner[10830]: Read 2 blacklist entries
Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
function MailWatchLogging
Jul 22 01:48:57 gateway MailScanner[10830]: Started SQL Logging child
Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
function SQLWhitelist
Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Whitelist


Seems like something related to "SQL Whitelist" but I have not changed
anything on the system?

Try commenting out the mailwatch &SQLWhiteList and &SQLBlackList from your mailscanner.conf file and then try starting. Does it seem to start ok?

Jason
From peter at farrows.org  Tue Jul 22 10:06:38 2008
From: peter at farrows.org (Peter Farrow)
Date: Tue Jul 22 10:07:01 2008
Subject: MS busted! Please Help
In-Reply-To: <4885A1CF.6070906@farrows.org>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>
Message-ID: <4885A31E.6070602@farrows.org>


Peter Farrow wrote:
>
>
> lists@openenterprise.ca wrote:
>> MailScanner --lint
>>
>> Trying to setlogsock(unix)
>> Read 826 hostnames from the phishing whitelist
>> Read 2928 hostnames from the phishing blacklist
>> Config: calling custom init function SQLBlacklist
>> Starting up SQL Blacklist
>> Read 2 blacklist entries
>> Config: calling custom init function MailWatchLogging
>> Started SQL Logging child
>> Config: calling custom init function SQLWhitelist
>> Starting up SQL Whitelist
>>
>>
>> And just hangs here.......until I ctl-c
>>
>>
>> MailScanner --debug just hangs but in /var/log/maillog I see all the
>> "normal" lines of MailScanner after hitting ctl-c and the last line is also
>> "Starting up SQL Whitelist"
>>
>>
>> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Blacklist 
>> Jul 22 01:48:57 gateway MailScanner[10830]: Read 2 blacklist entries 
>> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
>> function MailWatchLogging 
>> Jul 22 01:48:57 gateway MailScanner[10830]: Started SQL Logging child 
>> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
>> function SQLWhitelist 
>> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Whitelist 
>>
>>
>> Seems like something related to "SQL Whitelist" but I have not changed
>> anything on the system?
>>
>>
>>
>>
>> On Tue, 22 Jul 2008 09:18:54 +0100, Jason Ede
>>  wrote:
>>   
>>> ________________________________________
>>> From: mailscanner-bounces@lists.mailscanner.info
>>> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>>> lists@openenterprise.ca [lists@openenterprise.ca]
>>> Sent: 22 July 2008 09:09
>>> To: mailscanner@lists.mailscanner.info
>>> Subject: MS busted! Please Help
>>>
>>> I am not sure what happened but after a reboot of my CentOS 5.2 system,
>>> the
>>> bootup process stops at loading MailScanner and I need to manually reset.
>>> I
>>> disabled the service from autostarting and even when I run "MailScanner
>>> -v"
>>> from the shell it just hangs there!! I beleive I updated CentOS from 5.1
>>> or
>>> something to 5.2 a few weeks back but I dont think I rebooted the system.
>>>
>>> I also downloaded the latest MailScanner tarball and updated but it still
>>> wont start?
>>>
>>> Can anyone please suggest some options or things to try?
>>>
>>> I dont see anything in the /var/log/maillog either and when I ctl-c the
>>> stalled shell where I tried to run "MailScanner -v". I then see the usual
>>> "MailScanner" lines in /var/log/maillog (see below), but it does not seem
>>> to be working and no mail is getting through?
>>>
>>> Thanks
>>>
>>>
>>> Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to
>>>     
>> 600
>>   
>>> seconds
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist
>>>
>>>
>>> What happens when you run MailScanner --lint? or MailScanner --debug?
>>>
>>> Jason
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>     
>>
>>   
>
> Are you using MailWatch?
>
> If use is your (My)sql server running and contactable?
>
> If is Mysql
>
> service mysql status
>
> Pete
>
And now in English....

Are you using MailWatch?
If yes, is your (My)sql server running and contacable?

If it is Mysql,

Service mysql status

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/6e93ce4b/attachment.html
From lists at openenterprise.ca  Tue Jul 22 10:11:32 2008
From: lists at openenterprise.ca (lists@openenterprise.ca)
Date: Tue Jul 22 10:11:42 2008
Subject: MS busted! Please Help
In-Reply-To: <4885A1CF.6070906@farrows.org>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>
Message-ID: <654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>

Yes I do run mailwatch and have tested the connection from the MS server to
the mysql server (not on same machine). I took the same credntials right
from MW's conf.php and tested the connection to mysql and it works fine...

root@gateway:~# mysql -h 192.168.1.3 -u mailwatch -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9696
Server version: 5.0.51a-community-log MySQL Community Edition (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> 


I also had many errors on the MW install/upgrade dealing with various perl
modules like below. 


file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz from install
of perl-Test-Simple-0.70-1 conflicts with file from package
perl-5.8.8-10.el5_2.3


The full list of the ones returning errors when running the MW install
script are

perl-ExtUtils-MakeMaker       
perl-MIME-Base64       
perl-Scalar-List-Utils   
perl-Storable        
perl-Getopt-Long
perl-Time-HiRes
perl-Test-Harness
perl-Test-Simple
perl-Sys-Syslog
perl-IO
perl-Math-BigInt
perl-Math-BigRat
perl-bignum


I tried to uninstall most and re-run the installer but for some reason "rpm
-e" seemd to think that some were not installed?

I dont know where to go from here?




On Tue, 22 Jul 2008 10:01:03 +0100, Peter Farrow  wrote:
> 
> 
> lists@openenterprise.ca wrote:
>> MailScanner --lint
>>
>> Trying to setlogsock(unix)
>> Read 826 hostnames from the phishing whitelist
>> Read 2928 hostnames from the phishing blacklist
>> Config: calling custom init function SQLBlacklist
>> Starting up SQL Blacklist
>> Read 2 blacklist entries
>> Config: calling custom init function MailWatchLogging
>> Started SQL Logging child
>> Config: calling custom init function SQLWhitelist
>> Starting up SQL Whitelist
>>
>>
>> And just hangs here.......until I ctl-c
>>
>>
>> MailScanner --debug just hangs but in /var/log/maillog I see all the
>> "normal" lines of MailScanner after hitting ctl-c and the last line is
> also
>> "Starting up SQL Whitelist"
>>
>>
>> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Blacklist
>> Jul 22 01:48:57 gateway MailScanner[10830]: Read 2 blacklist entries
>> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
>> function MailWatchLogging
>> Jul 22 01:48:57 gateway MailScanner[10830]: Started SQL Logging child
>> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom init
>> function SQLWhitelist
>> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up SQL Whitelist
>>
>>
>> Seems like something related to "SQL Whitelist" but I have not changed
>> anything on the system?
>>
>>
>>
>>
>> On Tue, 22 Jul 2008 09:18:54 +0100, Jason Ede
>>  wrote:
>>
>>> ________________________________________
>>> From: mailscanner-bounces@lists.mailscanner.info
>>> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>>> lists@openenterprise.ca [lists@openenterprise.ca]
>>> Sent: 22 July 2008 09:09
>>> To: mailscanner@lists.mailscanner.info
>>> Subject: MS busted! Please Help
>>>
>>> I am not sure what happened but after a reboot of my CentOS 5.2 system,
>>> the
>>> bootup process stops at loading MailScanner and I need to manually
> reset.
>>> I
>>> disabled the service from autostarting and even when I run "MailScanner
>>> -v"
>>> from the shell it just hangs there!! I beleive I updated CentOS from
> 5.1
>>> or
>>> something to 5.2 a few weeks back but I dont think I rebooted the
> system.
>>>
>>> I also downloaded the latest MailScanner tarball and updated but it
> still
>>> wont start?
>>>
>>> Can anyone please suggest some options or things to try?
>>>
>>> I dont see anything in the /var/log/maillog either and when I ctl-c the
>>> stalled shell where I tried to run "MailScanner -v". I then see the
> usual
>>> "MailScanner" lines in /var/log/maillog (see below), but it does not
> seem
>>> to be working and no mail is getting through?
>>>
>>> Thanks
>>>
>>>
>>> Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Blacklist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 2 blacklist entries
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Started SQL Logging child
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:31 gateway MailScanner[2402]: Starting up SQL Whitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Blacklist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 2 blacklist entries
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Started SQL Logging child
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:36 gateway MailScanner[2406]: Starting up SQL Whitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Blacklist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 2 blacklist entries
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Started SQL Logging child
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:41 gateway MailScanner[2409]: Starting up SQL Whitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Blacklist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 2 blacklist entries
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Started SQL Logging child
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:46 gateway MailScanner[2413]: Starting up SQL Whitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Blacklist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 2 blacklist entries
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Started SQL Logging child
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:51 gateway MailScanner[2416]: Starting up SQL Whitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2926 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Blacklist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 2 blacklist entries
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Started SQL Logging child
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:06:56 gateway MailScanner[2419]: Starting up SQL Whitelist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:01 gateway update.virus.scanners: Delaying cron job up to
>>>
>> 600
>>
>>> seconds
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Blacklist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2 blacklist entries
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Started SQL Logging child
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:01 gateway MailScanner[2422]: Starting up SQL Whitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Blacklist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 2 blacklist entries
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Started SQL Logging child
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:06 gateway MailScanner[2445]: Starting up SQL Whitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Blacklist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 2 blacklist entries
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Started SQL Logging child
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:11 gateway MailScanner[2448]: Starting up SQL Whitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: MailScanner E-Mail Virus
>>> Scanner
>>> version 4.70.7 starting...
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 826 hostnames from the
>>> phishing whitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2928 hostnames from the
>>> phishing blacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function SQLBlacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Blacklist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 2 blacklist entries
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function MailWatchLogging
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Started SQL Logging child
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Config: calling custom init
>>> function SQLWhitelist
>>> Jul 22 01:07:16 gateway MailScanner[2451]: Starting up SQL Whitelist
>>>
>>>
>>> What happens when you run MailScanner --lint? or MailScanner --debug?
>>>
>>> Jason
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
> 
> Are you using MailWatch?
> 
> If use is your (My)sql server running and contactable?
> 
> If is Mysql
> 
> service mysql status
> 
> Pete
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by the Inexcom system Scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-].
> http://www.inexcom.co.uk

From nils.o.bekken at hiof.no  Tue Jul 22 10:13:52 2008
From: nils.o.bekken at hiof.no (Nils Olav Brandstorp Bekken)
Date: Tue Jul 22 10:14:05 2008
Subject: F-Secure 4.65 update url not working?
In-Reply-To: <200807220906.m6M96B7n027797@safir.blacknight.ie>
References: <200807220906.m6M96B7n027797@safir.blacknight.ie>
Message-ID: <4885A4D0.2040807@hiof.no>

anyone noticed that the updates for F-Secure 4.65 stopped
working?

http://avupdate.F-Secure.com/updates/ does not exist anymore.

Nils.
From martinh at solidstatelogic.com  Tue Jul 22 10:36:54 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul 22 10:37:07 2008
Subject: MS busted! Please Help
In-Reply-To: <654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
Message-ID: <406cf33b73ccd240a0792b327748c378@solidstatelogic.com>

I'd suggest something upgraded some perl modules behind mailscanner's back.

Normal way around this is, uninstall mailscanner and reinstall mailscanner to make sure proper perl mods are installed and not 'old' centos ones.

Could also be the bad DNS update that RH pushed out (over-writes resolv.conf with w new default one).

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of lists@openenterprise.ca
> Sent: 22 July 2008 10:12
> To: MailScanner discussion
> Subject: Re: MS busted! Please Help
>
> Yes I do run mailwatch and have tested the connection from
> the MS server to the mysql server (not on same machine). I
> took the same credntials right from MW's conf.php and tested
> the connection to mysql and it works fine...
>
> root@gateway:~# mysql -h 192.168.1.3 -u mailwatch -p Enter password:
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> Your MySQL connection id is 9696
> Server version: 5.0.51a-community-log MySQL Community Edition (GPL)
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql>
>
>
> I also had many errors on the MW install/upgrade dealing with
> various perl modules like below.
>
>
> file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz
> from install of perl-Test-Simple-0.70-1 conflicts with file
> from package
> perl-5.8.8-10.el5_2.3
>
>
> The full list of the ones returning errors when running the
> MW install script are
>
> perl-ExtUtils-MakeMaker
> perl-MIME-Base64
> perl-Scalar-List-Utils
> perl-Storable
> perl-Getopt-Long
> perl-Time-HiRes
> perl-Test-Harness
> perl-Test-Simple
> perl-Sys-Syslog
> perl-IO
> perl-Math-BigInt
> perl-Math-BigRat
> perl-bignum
>
>
> I tried to uninstall most and re-run the installer but for
> some reason "rpm -e" seemd to think that some were not installed?
>
> I dont know where to go from here?
>
>
>
>
> On Tue, 22 Jul 2008 10:01:03 +0100, Peter Farrow
>  wrote:
> >
> >
> > lists@openenterprise.ca wrote:
> >> MailScanner --lint
> >>
> >> Trying to setlogsock(unix)
> >> Read 826 hostnames from the phishing whitelist Read 2928 hostnames
> >> from the phishing blacklist
> >> Config: calling custom init function SQLBlacklist Starting up SQL
> >> Blacklist Read 2 blacklist entries
> >> Config: calling custom init function MailWatchLogging Started SQL
> >> Logging child
> >> Config: calling custom init function SQLWhitelist Starting up SQL
> >> Whitelist
> >>
> >>
> >> And just hangs here.......until I ctl-c
> >>
> >>
> >> MailScanner --debug just hangs but in /var/log/maillog I
> see all the
> >> "normal" lines of MailScanner after hitting ctl-c and the
> last line
> >> is
> > also
> >> "Starting up SQL Whitelist"
> >>
> >>
> >> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up
> SQL Blacklist
> >> Jul 22 01:48:57 gateway MailScanner[10830]: Read 2
> blacklist entries
> >> Jul 22 01:48:57 gateway MailScanner[10830]: Config: calling custom
> >> init function MailWatchLogging Jul 22 01:48:57 gateway
> >> MailScanner[10830]: Started SQL Logging child Jul 22
> 01:48:57 gateway
> >> MailScanner[10830]: Config: calling custom init function
> SQLWhitelist
> >> Jul 22 01:48:57 gateway MailScanner[10830]: Starting up
> SQL Whitelist
> >>
> >>
> >> Seems like something related to "SQL Whitelist" but I have not
> >> changed anything on the system?
> >>
> >>
> >>
> >>
> >> On Tue, 22 Jul 2008 09:18:54 +0100, Jason Ede
> >>  wrote:
> >>
> >>> ________________________________________
> >>> From: mailscanner-bounces@lists.mailscanner.info
> >>> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> >>> lists@openenterprise.ca [lists@openenterprise.ca]
> >>> Sent: 22 July 2008 09:09
> >>> To: mailscanner@lists.mailscanner.info
> >>> Subject: MS busted! Please Help
> >>>
> >>> I am not sure what happened but after a reboot of my CentOS 5.2
> >>> system, the bootup process stops at loading MailScanner
> and I need
> >>> to manually
> > reset.
> >>> I
> >>> disabled the service from autostarting and even when I run
> >>> "MailScanner -v"
> >>> from the shell it just hangs there!! I beleive I updated
> CentOS from
> > 5.1
> >>> or
> >>> something to 5.2 a few weeks back but I dont think I rebooted the
> > system.
> >>>
> >>> I also downloaded the latest MailScanner tarball and
> updated but it
> > still
> >>> wont start?
> >>>
> >>> Can anyone please suggest some options or things to try?
> >>>
> >>> I dont see anything in the /var/log/maillog either and
> when I ctl-c
> >>> the stalled shell where I tried to run "MailScanner -v".
> I then see
> >>> the
> > usual
> >>> "MailScanner" lines in /var/log/maillog (see below), but
> it does not
> > seem
> >>> to be working and no mail is getting through?
> >>>
> >>> Thanks
> >>>
> >>>
> >>> Jul 22 01:06:31 gateway MailScanner[2402]: MailScanner
> E-Mail Virus
> >>> Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:31 gateway MailScanner[2402]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:31 gateway MailScanner[2402]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:31
> >>> gateway MailScanner[2402]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:31 gateway MailScanner[2402]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:31 gateway MailScanner[2402]: Read 2
> >>> blacklist entries Jul 22 01:06:31 gateway
> MailScanner[2402]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:31
> >>> gateway MailScanner[2402]: Started SQL Logging child Jul
> 22 01:06:31
> >>> gateway MailScanner[2402]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:31 gateway MailScanner[2402]:
> Starting up
> >>> SQL Whitelist Jul 22 01:06:36 gateway MailScanner[2406]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:36 gateway MailScanner[2406]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:36 gateway MailScanner[2406]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:36
> >>> gateway MailScanner[2406]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:36 gateway MailScanner[2406]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:36 gateway MailScanner[2406]: Read 2
> >>> blacklist entries Jul 22 01:06:36 gateway
> MailScanner[2406]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:36
> >>> gateway MailScanner[2406]: Started SQL Logging child Jul
> 22 01:06:36
> >>> gateway MailScanner[2406]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:36 gateway MailScanner[2406]:
> Starting up
> >>> SQL Whitelist Jul 22 01:06:41 gateway MailScanner[2409]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:41 gateway MailScanner[2409]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:41 gateway MailScanner[2409]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:41
> >>> gateway MailScanner[2409]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:41 gateway MailScanner[2409]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:41 gateway MailScanner[2409]: Read 2
> >>> blacklist entries Jul 22 01:06:41 gateway
> MailScanner[2409]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:41
> >>> gateway MailScanner[2409]: Started SQL Logging child Jul
> 22 01:06:41
> >>> gateway MailScanner[2409]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:41 gateway MailScanner[2409]:
> Starting up
> >>> SQL Whitelist Jul 22 01:06:46 gateway MailScanner[2413]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:46 gateway MailScanner[2413]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:46 gateway MailScanner[2413]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:46
> >>> gateway MailScanner[2413]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:46 gateway MailScanner[2413]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:46 gateway MailScanner[2413]: Read 2
> >>> blacklist entries Jul 22 01:06:46 gateway
> MailScanner[2413]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:46
> >>> gateway MailScanner[2413]: Started SQL Logging child Jul
> 22 01:06:46
> >>> gateway MailScanner[2413]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:46 gateway MailScanner[2413]:
> Starting up
> >>> SQL Whitelist Jul 22 01:06:51 gateway MailScanner[2416]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:51 gateway MailScanner[2416]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:51 gateway MailScanner[2416]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:51
> >>> gateway MailScanner[2416]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:51 gateway MailScanner[2416]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:51 gateway MailScanner[2416]: Read 2
> >>> blacklist entries Jul 22 01:06:51 gateway
> MailScanner[2416]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:51
> >>> gateway MailScanner[2416]: Started SQL Logging child Jul
> 22 01:06:51
> >>> gateway MailScanner[2416]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:51 gateway MailScanner[2416]:
> Starting up
> >>> SQL Whitelist Jul 22 01:06:56 gateway MailScanner[2419]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:06:56 gateway MailScanner[2419]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:06:56 gateway MailScanner[2419]:
> >>> Read 2926 hostnames from the phishing blacklist Jul 22 01:06:56
> >>> gateway MailScanner[2419]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:06:56 gateway MailScanner[2419]:
> Starting up
> >>> SQL Blacklist Jul 22 01:06:56 gateway MailScanner[2419]: Read 2
> >>> blacklist entries Jul 22 01:06:56 gateway
> MailScanner[2419]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:06:56
> >>> gateway MailScanner[2419]: Started SQL Logging child Jul
> 22 01:06:56
> >>> gateway MailScanner[2419]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:06:56 gateway MailScanner[2419]:
> Starting up
> >>> SQL Whitelist Jul 22 01:07:01 gateway MailScanner[2422]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:07:01 gateway
> >>> update.virus.scanners: Delaying cron job up to
> >>>
> >> 600
> >>
> >>> seconds
> >>> Jul 22 01:07:01 gateway MailScanner[2422]: Read 2928
> hostnames from
> >>> the phishing blacklist Jul 22 01:07:01 gateway MailScanner[2422]:
> >>> Config: calling custom init function SQLBlacklist Jul 22 01:07:01
> >>> gateway MailScanner[2422]: Starting up SQL Blacklist Jul
> 22 01:07:01
> >>> gateway MailScanner[2422]: Read 2 blacklist entries Jul
> 22 01:07:01
> >>> gateway MailScanner[2422]: Config: calling custom init function
> >>> MailWatchLogging Jul 22 01:07:01 gateway
> MailScanner[2422]: Started
> >>> SQL Logging child Jul 22 01:07:01 gateway
> MailScanner[2422]: Config:
> >>> calling custom init function SQLWhitelist Jul 22 01:07:01 gateway
> >>> MailScanner[2422]: Starting up SQL Whitelist Jul 22
> 01:07:06 gateway
> >>> MailScanner[2445]: MailScanner E-Mail Virus Scanner
> version 4.70.7
> >>> starting...
> >>> Jul 22 01:07:06 gateway MailScanner[2445]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:07:06 gateway MailScanner[2445]:
> >>> Read 2928 hostnames from the phishing blacklist Jul 22 01:07:06
> >>> gateway MailScanner[2445]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:07:06 gateway MailScanner[2445]:
> Starting up
> >>> SQL Blacklist Jul 22 01:07:06 gateway MailScanner[2445]: Read 2
> >>> blacklist entries Jul 22 01:07:06 gateway
> MailScanner[2445]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:07:06
> >>> gateway MailScanner[2445]: Started SQL Logging child Jul
> 22 01:07:06
> >>> gateway MailScanner[2445]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:07:06 gateway MailScanner[2445]:
> Starting up
> >>> SQL Whitelist Jul 22 01:07:11 gateway MailScanner[2448]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:07:11 gateway MailScanner[2448]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:07:11 gateway MailScanner[2448]:
> >>> Read 2928 hostnames from the phishing blacklist Jul 22 01:07:11
> >>> gateway MailScanner[2448]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:07:11 gateway MailScanner[2448]:
> Starting up
> >>> SQL Blacklist Jul 22 01:07:11 gateway MailScanner[2448]: Read 2
> >>> blacklist entries Jul 22 01:07:11 gateway
> MailScanner[2448]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:07:11
> >>> gateway MailScanner[2448]: Started SQL Logging child Jul
> 22 01:07:11
> >>> gateway MailScanner[2448]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:07:11 gateway MailScanner[2448]:
> Starting up
> >>> SQL Whitelist Jul 22 01:07:16 gateway MailScanner[2451]:
> MailScanner
> >>> E-Mail Virus Scanner version 4.70.7 starting...
> >>> Jul 22 01:07:16 gateway MailScanner[2451]: Read 826
> hostnames from
> >>> the phishing whitelist Jul 22 01:07:16 gateway MailScanner[2451]:
> >>> Read 2928 hostnames from the phishing blacklist Jul 22 01:07:16
> >>> gateway MailScanner[2451]: Config: calling custom init function
> >>> SQLBlacklist Jul 22 01:07:16 gateway MailScanner[2451]:
> Starting up
> >>> SQL Blacklist Jul 22 01:07:16 gateway MailScanner[2451]: Read 2
> >>> blacklist entries Jul 22 01:07:16 gateway
> MailScanner[2451]: Config:
> >>> calling custom init function MailWatchLogging Jul 22 01:07:16
> >>> gateway MailScanner[2451]: Started SQL Logging child Jul
> 22 01:07:16
> >>> gateway MailScanner[2451]: Config: calling custom init function
> >>> SQLWhitelist Jul 22 01:07:16 gateway MailScanner[2451]:
> Starting up
> >>> SQL Whitelist
> >>>
> >>>
> >>> What happens when you run MailScanner --lint? or
> MailScanner --debug?
> >>>
> >>> Jason
> >>> --
> >>> MailScanner mailing list
> >>> mailscanner@lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>>
> >>
> >>
> >
> > Are you using MailWatch?
> >
> > If use is your (My)sql server running and contactable?
> >
> > If is Mysql
> >
> > service mysql status
> >
> > Pete
> >
> >
> > --
> > This message has been scanned for viruses and dangerous
> content by the
> > Inexcom system Scanner, and is believed to be clean.
> > Advanced heuristic mail scanning server [-].
> > http://www.inexcom.co.uk
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From J.Ede at birchenallhowden.co.uk  Tue Jul 22 10:42:55 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul 22 10:46:12 2008
Subject: MS busted! Please Help
In-Reply-To: <654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>,
	<654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of lists@openenterprise.ca [lists@openenterprise.ca]
Sent: 22 July 2008 10:11
To: MailScanner discussion
Subject: Re: MS busted! Please Help

Yes I do run mailwatch and have tested the connection from the MS server to
the mysql server (not on same machine). I took the same credntials right
from MW's conf.php and tested the connection to mysql and it works fine...

root@gateway:~# mysql -h 192.168.1.3 -u mailwatch -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9696
Server version: 5.0.51a-community-log MySQL Community Edition (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>


I also had many errors on the MW install/upgrade dealing with various perl
modules like below.


file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz from install
of perl-Test-Simple-0.70-1 conflicts with file from package
perl-5.8.8-10.el5_2.3


The full list of the ones returning errors when running the MW install
script are

perl-ExtUtils-MakeMaker
perl-MIME-Base64
perl-Scalar-List-Utils
perl-Storable
perl-Getopt-Long
perl-Time-HiRes
perl-Test-Harness
perl-Test-Simple
perl-Sys-Syslog
perl-IO
perl-Math-BigInt
perl-Math-BigRat
perl-bignum


I tried to uninstall most and re-run the installer but for some reason "rpm
-e" seemd to think that some were not installed?

I dont know where to go from here?

try yum remove perl-bignum etc... On my systems CentOS since upgrade to 5.2 I need to do that, run yum update and then reinstall MailScanner to make sure its all happy...

Does MailScanner start up ok if you turn off the mailwatch functions?

Jason
From lists at openenterprise.ca  Tue Jul 22 11:13:06 2008
From: lists at openenterprise.ca (lists@openenterprise.ca)
Date: Tue Jul 22 11:13:19 2008
Subject: MS busted! Please Help
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>, 
	<654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>
Message-ID: 

I cant seem to uninstall some perl modules that the MS install script seems
to indicate a conflict with now? 

Is there anyway to force the MS install script to install all its own perl
modules?



.....from install of perl-MIME-Base64-3.07-1 conflicts with file from
package perl-5.8.8-10.el5_2.3
       
but if I run "yum remove perl-MIME-Base64" it does not seem to be
installed? Se below

I have certainly hooped perl so need to somehow start clean



root@gateway:~# yum remove perl-MIME-Base64
Loading "fastestmirror" plugin
Setting up Remove Process
Loading mirror speeds from cached hostfile
 * 4PSA: download1.4psa.com
 * virtualmin: software.virtualmin.com
 * virtualmin-universal: software.virtualmin.com
 * rpmforge: fr2.rpmfind.net
 * base: www.muug.mb.ca
 * updates: mirror.its.uidaho.edu
 * addons: www.muug.mb.ca
 * extras: mirror.stanford.edu
No Match for argument: perl-MIME-Base64
No Packages marked for removal




On Tue, 22 Jul 2008 10:42:55 +0100, Jason Ede
 wrote:
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info
> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> lists@openenterprise.ca [lists@openenterprise.ca]
> Sent: 22 July 2008 10:11
> To: MailScanner discussion
> Subject: Re: MS busted! Please Help
> 
> Yes I do run mailwatch and have tested the connection from the MS server
> to
> the mysql server (not on same machine). I took the same credntials right
> from MW's conf.php and tested the connection to mysql and it works
fine...
> 
> root@gateway:~# mysql -h 192.168.1.3 -u mailwatch -p
> Enter password:
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> Your MySQL connection id is 9696
> Server version: 5.0.51a-community-log MySQL Community Edition (GPL)
> 
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
> 
> mysql>
> 
> 
> I also had many errors on the MW install/upgrade dealing with various
perl
> modules like below.
> 
> 
> file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz from install
> of perl-Test-Simple-0.70-1 conflicts with file from package
> perl-5.8.8-10.el5_2.3
> 
> 
> The full list of the ones returning errors when running the MW install
> script are
> 
> perl-ExtUtils-MakeMaker
> perl-MIME-Base64
> perl-Scalar-List-Utils
> perl-Storable
> perl-Getopt-Long
> perl-Time-HiRes
> perl-Test-Harness
> perl-Test-Simple
> perl-Sys-Syslog
> perl-IO
> perl-Math-BigInt
> perl-Math-BigRat
> perl-bignum
> 
> 
> I tried to uninstall most and re-run the installer but for some reason
> "rpm
> -e" seemd to think that some were not installed?
> 
> I dont know where to go from here?
> 
> try yum remove perl-bignum etc... On my systems CentOS since upgrade to
> 5.2 I need to do that, run yum update and then reinstall MailScanner to
> make sure its all happy...
> 
> Does MailScanner start up ok if you turn off the mailwatch functions?
> 
> Jason
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From craig at csfs.co.za  Tue Jul 22 11:52:57 2008
From: craig at csfs.co.za (Craig Retief)
Date: Tue Jul 22 11:57:55 2008
Subject: MS busted! Please Help
In-Reply-To: 
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>
	,  <654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>
	
Message-ID: <1216723977.23536.7.camel@cX>

> I cant seem to uninstall some perl modules that the MS install script seems
> to indicate a conflict with now? 
> 
> Is there anyway to force the MS install script to install all its own perl
> modules?
> 
> 
> 
> .....from install of perl-MIME-Base64-3.07-1 conflicts with file from
> package perl-5.8.8-10.el5_2.3
>        
> but if I run "yum remove perl-MIME-Base64" it does not seem to be
> installed? Se below

The reason for this is that the packages get built from source and are
not installed as rpm's. Running yum or rpm -qva |grep modulename will
not produce any results as a result...if you know what I mean. :)

> 
> I have certainly hooped perl so need to somehow start clean
> 
> 
> 
> root@gateway:~# yum remove perl-MIME-Base64
> Loading "fastestmirror" plugin
> Setting up Remove Process
> Loading mirror speeds from cached hostfile
>  * 4PSA: download1.4psa.com
>  * virtualmin: software.virtualmin.com
>  * virtualmin-universal: software.virtualmin.com
>  * rpmforge: fr2.rpmfind.net
>  * base: www.muug.mb.ca
>  * updates: mirror.its.uidaho.edu
>  * addons: www.muug.mb.ca
>  * extras: mirror.stanford.edu
> No Match for argument: perl-MIME-Base64
> No Packages marked for removal
> 
> 

> 

From J.Ede at birchenallhowden.co.uk  Tue Jul 22 11:59:04 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul 22 12:00:03 2008
Subject: MS busted! Please Help
In-Reply-To: 
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>,
	<654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>,
	
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0054@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of lists@openenterprise.ca [lists@openenterprise.ca]
Sent: 22 July 2008 11:13
To: MailScanner discussion
Subject: RE: MS busted! Please Help

I cant seem to uninstall some perl modules that the MS install script seems
to indicate a conflict with now?

Is there anyway to force the MS install script to install all its own perl
modules?



.....from install of perl-MIME-Base64-3.07-1 conflicts with file from
package perl-5.8.8-10.el5_2.3

but if I run "yum remove perl-MIME-Base64" it does not seem to be
installed? Se below

I have certainly hooped perl so need to somehow start clean



root@gateway:~# yum remove perl-MIME-Base64
Loading "fastestmirror" plugin
Setting up Remove Process
Loading mirror speeds from cached hostfile
 * 4PSA: download1.4psa.com
 * virtualmin: software.virtualmin.com
 * virtualmin-universal: software.virtualmin.com
 * rpmforge: fr2.rpmfind.net
 * base: www.muug.mb.ca
 * updates: mirror.its.uidaho.edu
 * addons: www.muug.mb.ca
 * extras: mirror.stanford.edu
No Match for argument: perl-MIME-Base64
No Packages marked for removal



try yum list installed | grep -i MIME

Jason
From craig at csfs.co.za  Tue Jul 22 12:24:14 2008
From: craig at csfs.co.za (Craig Retief)
Date: Tue Jul 22 12:25:57 2008
Subject: MS busted! Please Help
In-Reply-To: <1216723977.23536.7.camel@cX>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org>
	,  <654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>
	
	<1216723977.23536.7.camel@cX>
Message-ID: <1216725854.23536.16.camel@cX>




On Tue, 2008-07-22 at 12:52 +0200, Craig Retief wrote:
> > I cant seem to uninstall some perl modules that the MS install script seems
> > to indicate a conflict with now? 
> > 
> > Is there anyway to force the MS install script to install all its own perl
> > modules?
> > 
> > 
> > 
> > .....from install of perl-MIME-Base64-3.07-1 conflicts with file from
> > package perl-5.8.8-10.el5_2.3
> >        
> > but if I run "yum remove perl-MIME-Base64" it does not seem to be
> > installed? Se below
> 
> The reason for this is that the packages get built from source and are
> not installed as rpm's. Running yum or rpm -qva |grep modulename will
> not produce any results as a result...if you know what I mean. :)
> 
Correction, Sorry, I am referring to the tar version and not the rpm
version of Julian's installation package. What version did you use to
upgrade? TAR/RPM?

> > 
> > I have certainly hooped perl so need to somehow start clean
> > 
> > 
> > 
> > root@gateway:~# yum remove perl-MIME-Base64
> > Loading "fastestmirror" plugin
> > Setting up Remove Process
> > Loading mirror speeds from cached hostfile
> >  * 4PSA: download1.4psa.com
> >  * virtualmin: software.virtualmin.com
> >  * virtualmin-universal: software.virtualmin.com
> >  * rpmforge: fr2.rpmfind.net
> >  * base: www.muug.mb.ca
> >  * updates: mirror.its.uidaho.edu
> >  * addons: www.muug.mb.ca
> >  * extras: mirror.stanford.edu
> > No Match for argument: perl-MIME-Base64
> > No Packages marked for removal
> > 
> > 
> 
> > 
> 

From paul.bijnens at xplanation.com  Tue Jul 22 13:05:49 2008
From: paul.bijnens at xplanation.com (Paul Bijnens)
Date: Tue Jul 22 13:05:59 2008
Subject: MS busted! Please Help
In-Reply-To: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
Message-ID: <4885CD1D.5000106@xplanation.com>

lists@openenterprise.ca wrote:
> I am not sure what happened but after a reboot of my CentOS 5.2 system, the
> bootup process stops at loading MailScanner and I need to manually reset. I
> disabled the service from autostarting and even when I run "MailScanner -v"
> from the shell it just hangs there!! I beleive I updated CentOS from 5.1 or
> something to 5.2 a few weeks back but I dont think I rebooted the system.
>   


As already noted by others, you probably have a perl-module
revert to an older version by the yum upgrade.

See:

https://bugzilla.redhat.com/show_bug.cgi?id=375621

To verify if you fell into this bug try if this command
gets an error like:

 $ perl -MScalar::Util=dualvar -e 1
    is only avaliable with the XS version at -e line 0
   BEGIN failed--compilation aborted.

      

If yes, then to fix this, do:

  $ perl -MCPAN -e shell
  cpan>  force install Scalar::Util




From mailadmin at midland-ics.ie  Tue Jul 22 13:30:16 2008
From: mailadmin at midland-ics.ie (Mail Administrator)
Date: Tue Jul 22 13:15:32 2008
Subject: Loads of incoming email to bogus email addresses with no from 
 address
Message-ID: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>

Hi all,

Today my mail server - fedora/sendmail/mailscanner/sa/mailwatch has approx
3000 non legitimate emails to one of the domains I scan and relay to
Exchange 2003. All these emails have no from address and the subject
varies from a)**Message you sent blocked by our bulk email filter** and
b)Mail System Error - Returned Mail

Is there a way to stop this?

I scan and fwd mails for many domain.
Maybe there is a way that somewhere I can set - these are the only email
addresses I want to accept email for , for a particulare domain, and drop
all other email. Then MS Can only receive genuine email addresses? This
maybe is not the best solution as if the exchange admin adds new accounts
he would have to notify us of the new addresses...

Any help or pointers would be greatly received

Regards
Kevin

This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use.

From martinh at solidstatelogic.com  Tue Jul 22 13:38:35 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul 22 13:38:53 2008
Subject: Loads of incoming email to bogus email addresses with no from
	address
In-Reply-To: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
Message-ID: <2b5815b81b4f0e4a9f13decd53704018@solidstatelogic.com>


http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:reject_non_existent_users

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Mail Administrator
> Sent: 22 July 2008 13:30
> To: mailscanner@lists.mailscanner.info
> Subject: Loads of incoming email to bogus email addresses
> with no from address
>
> Hi all,
>
> Today my mail server -
> fedora/sendmail/mailscanner/sa/mailwatch has approx 3000 non
> legitimate emails to one of the domains I scan and relay to
> Exchange 2003. All these emails have no from address and the
> subject varies from a)**Message you sent blocked by our bulk
> email filter** and b)Mail System Error - Returned Mail
>
> Is there a way to stop this?
>
> I scan and fwd mails for many domain.
> Maybe there is a way that somewhere I can set - these are the
> only email addresses I want to accept email for , for a
> particulare domain, and drop all other email. Then MS Can
> only receive genuine email addresses? This maybe is not the
> best solution as if the exchange admin adds new accounts he
> would have to notify us of the new addresses...
>
> Any help or pointers would be greatly received
>
> Regards
> Kevin
>
> This e-mail is intended solely for the addressee(s) and is
> strictly confidential. The unauthorised use, disclosure or
> copying of this e-mail, or any information it contains is
> prohibited. If you have received this e-mail in error, please
> notify us immediately and then permanently delete it.
> Although Midland Internet & Computer Solutions make every
> effort to keep our systems free from viruses you should check
> this e-mail and any attachments to it for viruses as we
> cannot accept any liability for viruses inadvertently
> transmitted by use.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From mailing_lists+mailscanner at caleotech.com  Tue Jul 22 13:40:46 2008
From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin)
Date: Tue Jul 22 13:41:02 2008
Subject: Loads of incoming email to bogus email addresses with no from 
 address
In-Reply-To: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
References: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
Message-ID: <52575.172.16.1.42.1216730446.squirrel@www.caleotech.com>

> Hi all,
>
> Today my mail server - fedora/sendmail/mailscanner/sa/mailwatch has approx
> 3000 non legitimate emails to one of the domains I scan and relay to
> Exchange 2003. All these emails have no from address and the subject
> varies from a)**Message you sent blocked by our bulk email filter** and
> b)Mail System Error - Returned Mail
>
> Is there a way to stop this?
>
> I scan and fwd mails for many domain.
> Maybe there is a way that somewhere I can set - these are the only email
> addresses I want to accept email for , for a particulare domain, and drop
> all other email. Then MS Can only receive genuine email addresses? This
> maybe is not the best solution as if the exchange admin adds new accounts
> he would have to notify us of the new addresses...
>
> Any help or pointers would be greatly received
>
> Regards
> Kevin

Hi,

For one of the installations I manage I'm running the MS box in front of a
Exchange server. I have a script that pulls all valid email addresses from
AD and builds a sendmail access file to be able to reject mail at MTA for
non valid addresses.

If you email me off list ( jah at caleotech dot com ) I could send you a
example script of how to do this.

        Jens
From J.Ede at birchenallhowden.co.uk  Tue Jul 22 13:45:51 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul 22 13:47:28 2008
Subject: Loads of incoming email to bogus email addresses with no from
 address
In-Reply-To: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
References: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0055@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mail Administrator [mailadmin@midland-ics.ie]
Sent: 22 July 2008 13:30
To: mailscanner@lists.mailscanner.info
Subject: Loads of incoming email to bogus email addresses with no from  address

Hi all,

Today my mail server - fedora/sendmail/mailscanner/sa/mailwatch has approx
3000 non legitimate emails to one of the domains I scan and relay to
Exchange 2003. All these emails have no from address and the subject
varies from a)**Message you sent blocked by our bulk email filter** and
b)Mail System Error - Returned Mail

Is there a way to stop this?

I scan and fwd mails for many domain.
Maybe there is a way that somewhere I can set - these are the only email
addresses I want to accept email for , for a particulare domain, and drop
all other email. Then MS Can only receive genuine email addresses? This
maybe is not the best solution as if the exchange admin adds new accounts
he would have to notify us of the new addresses...

Any help or pointers would be greatly received

Regards
Kevin

Look in your mailscanner.conf for the section on watermarking (assuming you have a recent version of MailScanner) and that should do what you're looking for.

Jason
From sandrews at andrewscompanies.com  Tue Jul 22 14:27:16 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jul 22 14:27:28 2008
Subject: Clam not scanning
Message-ID: <1964AAFBC212F742958F9275BF63DBB0906AF1@winchester.andrewscompanies.com>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1440 bytes
Desc: image001.gif
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/6cd51c99/attachment.gif
From MailScanner at ecs.soton.ac.uk  Tue Jul 22 14:41:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul 22 14:42:23 2008
Subject: Clam not scanning
In-Reply-To: 
References: 
Message-ID: <4885E3A2.9010901@ecs.soton.ac.uk>



Steven Andrews wrote:
>
> When I?ve got ?Maximum Archive Depth? set to 0, clam won?t scan inside 
> zip files even though the setting says it doesn?t affect scanning in 
> archives at all.
>
In which case something outside MailScanner is affecting your ClamAV 
setup. Believe me, the "Maximum Archive Depth" setting really has 
nothing to do with virus scanning whatsoever. Your ClamAV should be set 
to scan inside archives by default, check that for starters. Set "Virus 
Scanners = clamav" and try just using the command-line "clamscan" to 
scan a zip file by hand.
>
> MS is 4.70.7-1
>
> Clam is 0.91.1
>
> SA is 3.2.5
>
> Tried it with the eicar test from here: 
> http://www.aleph-tec.com/eicar/index.php
>
> I had set max archive depth at zero because we get a lot of zips and 
> sometimes they get blocked because it can?t unpack them.
>
> Thoughts?
>
> *Steven R. Andrews*, President
> Andrews Companies Incorporated
> /Small Business Information Technology Consultants/
> sandrews@andrewscompanies.com
> Phone: 317.536.1807
>
> View Steven Andrews's profile on LinkedIn 
> 
>
> "If your only tool is a hammer, every problem looks like a nail."
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From sandrews at andrewscompanies.com  Tue Jul 22 15:57:57 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jul 22 15:58:08 2008
Subject: Clam not scanning
In-Reply-To: <4885E3A2.9010901@ecs.soton.ac.uk>
References: 
	<4885E3A2.9010901@ecs.soton.ac.uk>
Message-ID: <1964AAFBC212F742958F9275BF63DBB0906AF8@winchester.andrewscompanies.com>

Actually, the more I look into this it appears that MS is catching them
as bad content since exe's are there when it's greater than zero; so I
suppose that is correct behavior, no?  When is clam triggered?



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Tuesday, July 22, 2008 9:42 AM
To: MailScanner discussion
Subject: Re: Clam not scanning



Steven Andrews wrote:
>
> When I've got "Maximum Archive Depth" set to 0, clam won't scan inside

> zip files even though the setting says it doesn't affect scanning in 
> archives at all.
>
In which case something outside MailScanner is affecting your ClamAV 
setup. Believe me, the "Maximum Archive Depth" setting really has 
nothing to do with virus scanning whatsoever. Your ClamAV should be set 
to scan inside archives by default, check that for starters. Set "Virus 
Scanners = clamav" and try just using the command-line "clamscan" to 
scan a zip file by hand.
>
> MS is 4.70.7-1
>
> Clam is 0.91.1
>
> SA is 3.2.5
>
> Tried it with the eicar test from here: 
> http://www.aleph-tec.com/eicar/index.php
>
> I had set max archive depth at zero because we get a lot of zips and 
> sometimes they get blocked because it can't unpack them.
>
> Thoughts?
>
> *Steven R. Andrews*, President
> Andrews Companies Incorporated
> /Small Business Information Technology Consultants/
> sandrews@andrewscompanies.com
> Phone: 317.536.1807
>
> View Steven Andrews's profile on LinkedIn 
> 
>
> "If your only tool is a hammer, every problem looks like a nail."
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From lists at openenterprise.ca  Tue Jul 22 16:28:27 2008
From: lists at openenterprise.ca (Johnny Stork)
Date: Tue Jul 22 16:28:39 2008
Subject: MS busted! Please Help
In-Reply-To: <1216725854.23536.16.camel@cX>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB004E@server02.bhl.local>
	<8c9ffd928096b13a9a148692bcd0b46a@openenterprise.ca>
	<4885A1CF.6070906@farrows.org> ,
	<654b8fa9e877fbfe8ae10c068e413666@openenterprise.ca>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C77E9AB0052@server02.bhl.local>
	
	<1216723977.23536.7.camel@cX> <1216725854.23536.16.camel@cX>
Message-ID: <4885FC9B.7090102@openenterprise.ca>

It was the rpm version

Craig Retief wrote:
>
> On Tue, 2008-07-22 at 12:52 +0200, Craig Retief wrote:
>   
>>> I cant seem to uninstall some perl modules that the MS install script seems
>>> to indicate a conflict with now? 
>>>
>>> Is there anyway to force the MS install script to install all its own perl
>>> modules?
>>>
>>>
>>>
>>> .....from install of perl-MIME-Base64-3.07-1 conflicts with file from
>>> package perl-5.8.8-10.el5_2.3
>>>        
>>> but if I run "yum remove perl-MIME-Base64" it does not seem to be
>>> installed? Se below
>>>       
>> The reason for this is that the packages get built from source and are
>> not installed as rpm's. Running yum or rpm -qva |grep modulename will
>> not produce any results as a result...if you know what I mean. :)
>>
>>     
> Correction, Sorry, I am referring to the tar version and not the rpm
> version of Julian's installation package. What version did you use to
> upgrade? TAR/RPM?
>
>   
>>> I have certainly hooped perl so need to somehow start clean
>>>
>>>
>>>
>>> root@gateway:~# yum remove perl-MIME-Base64
>>> Loading "fastestmirror" plugin
>>> Setting up Remove Process
>>> Loading mirror speeds from cached hostfile
>>>  * 4PSA: download1.4psa.com
>>>  * virtualmin: software.virtualmin.com
>>>  * virtualmin-universal: software.virtualmin.com
>>>  * rpmforge: fr2.rpmfind.net
>>>  * base: www.muug.mb.ca
>>>  * updates: mirror.its.uidaho.edu
>>>  * addons: www.muug.mb.ca
>>>  * extras: mirror.stanford.edu
>>> No Match for argument: perl-MIME-Base64
>>> No Packages marked for removal
>>>
>>>
>>>       
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/a20e0022/attachment.html
From MailScanner at ecs.soton.ac.uk  Tue Jul 22 16:36:45 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul 22 16:37:18 2008
Subject: Clam not scanning
In-Reply-To: 
References: 	<4885E3A2.9010901@ecs.soton.ac.uk>
	
Message-ID: <4885FE8D.8040703@ecs.soton.ac.uk>



Steven Andrews wrote:
> Actually, the more I look into this it appears that MS is catching them
> as bad content since exe's are there when it's greater than zero; so I
> suppose that is correct behavior, no?  When is clam triggered?
>   
ClamAV is triggered any time there is a virus. The archive unpacking 
(when scanning for viruses) is completely left up to the virus scanner 
to do, MailScanner does not attempt to exert any control over that.

However, MailScanner does control the unpacking for all tests such as 
filename and filetype tests. So when Max Archive Depth > 0, executables 
and *.exe files in archives will trigger the filename and filetype traps.

I hope this makes some sense to you. Virus scanners are already very 
good at unpacking and scanning inside archives of all sorts, so I leave 
them to do it. I only do it myself when I need to for other tests on the 
archives' contents.

Jules.

>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: Tuesday, July 22, 2008 9:42 AM
> To: MailScanner discussion
> Subject: Re: Clam not scanning
>
>
>
> Steven Andrews wrote:
>   
>> When I've got "Maximum Archive Depth" set to 0, clam won't scan inside
>>     
>
>   
>> zip files even though the setting says it doesn't affect scanning in 
>> archives at all.
>>
>>     
> In which case something outside MailScanner is affecting your ClamAV 
> setup. Believe me, the "Maximum Archive Depth" setting really has 
> nothing to do with virus scanning whatsoever. Your ClamAV should be set 
> to scan inside archives by default, check that for starters. Set "Virus 
> Scanners = clamav" and try just using the command-line "clamscan" to 
> scan a zip file by hand.
>   
>> MS is 4.70.7-1
>>
>> Clam is 0.91.1
>>
>> SA is 3.2.5
>>
>> Tried it with the eicar test from here: 
>> http://www.aleph-tec.com/eicar/index.php
>>
>> I had set max archive depth at zero because we get a lot of zips and 
>> sometimes they get blocked because it can't unpack them.
>>
>> Thoughts?
>>
>> *Steven R. Andrews*, President
>> Andrews Companies Incorporated
>> /Small Business Information Technology Consultants/
>> sandrews@andrewscompanies.com
>> Phone: 317.536.1807
>>
>> View Steven Andrews's profile on LinkedIn 
>> 
>>
>> "If your only tool is a hammer, every problem looks like a nail."
>>
>>     
>
> Jules
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Tue Jul 22 17:03:08 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul 22 17:03:30 2008
Subject: MS busted! Please Help
In-Reply-To: <4885CD1D.5000106@xplanation.com>
References: <7592cb3187b803dc036b2fc845943559@openenterprise.ca>
	<4885CD1D.5000106@xplanation.com>
Message-ID: 

on 7-22-2008 5:05 AM Paul Bijnens spake the following:
> lists@openenterprise.ca wrote:
>> I am not sure what happened but after a reboot of my CentOS 5.2 
>> system, the
>> bootup process stops at loading MailScanner and I need to manually 
>> reset. I
>> disabled the service from autostarting and even when I run 
>> "MailScanner -v"
>> from the shell it just hangs there!! I beleive I updated CentOS from 
>> 5.1 or
>> something to 5.2 a few weeks back but I dont think I rebooted the system.
>>   
> 
> 
> As already noted by others, you probably have a perl-module
> revert to an older version by the yum upgrade.
> 
> See:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=375621
> 
> To verify if you fell into this bug try if this command
> gets an error like:
> 
> $ perl -MScalar::Util=dualvar -e 1
>    is only avaliable with the XS version at -e line 0
>   BEGIN failed--compilation aborted.
> 
>     
> If yes, then to fix this, do:
> 
>  $ perl -MCPAN -e shell
>  cpan>  force install Scalar::Util
> 
Please do not hose your RPM based system further by using CPAN.
Forcing the RPM's is less evil, but using CPAN will just set you up for more 
problems later when some RPM clobbers the CPAN installed perl modules because 
it had no idea they were different.

rpmforge has all those perl modules if you want to force them.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/70263145/signature.bin
From hvdkooij at vanderkooij.org  Tue Jul 22 23:03:04 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Jul 22 23:03:13 2008
Subject: Loads of incoming email to bogus email addresses with no from
 address
In-Reply-To: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
References: <63059.88.96.152.46.1216729816.squirrel@webmail.midland-ics.ie>
Message-ID: <48865918.5000109@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mail Administrator wrote:

| I scan and fwd mails for many domain.
| Maybe there is a way that somewhere I can set - these are the only email
| addresses I want to accept email for , for a particulare domain, and drop
| all other email. Then MS Can only receive genuine email addresses? This
| maybe is not the best solution as if the exchange admin adds new accounts
| he would have to notify us of the new addresses...

Educate them to do the right thing on SMTP level. So any sSMTP
connection with email to non existing address is not accepted on Exchange.

Then configure your MTA to call ahead and verify the recipient before
you accept the message.

That should care of a lot of bogus messages.

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIhlkWBvzDRVjxmYERAhDtAKCoRUqvb+efS/rvW02dKQeTOsLmzQCgnKIb
rwVTWm/vYQvG4ZqoCnGgLXM=
=Mfn8
-----END PGP SIGNATURE-----
From mgaudreault at reference.qc.ca  Wed Jul 23 01:28:09 2008
From: mgaudreault at reference.qc.ca (Maxime Gaudreault)
Date: Wed Jul 23 01:28:15 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8664C48@jupiter.reference.local>

Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113: client=unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header Received: from mercure (unknown [192.168.1.23])??by pf.reference.qc.ca (Postfix) with SMTP id E8D714AC113??for ; Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23]; from= to= proto=SMTP helo=

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>

Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from unknown[192.168.1.23]

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages waiting

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 1 messages, 925 bytes

Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting

Jul 22 20:22:05 pf MailScanner[31547]: Message E8D714AC113.1981C from 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is n'est pas un polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80, BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)

 

It stops there.. the mail stays in postfix queue after beeing scanned by Mailscanner.

 

pf:/var/spool/MailScanner# postqueue -p

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

42B144AC10E!     371 Tue Jul 22 19:23:22  somemail@gmail.com

                                         somemail@somedomain.com

 

5FD1D4AC110!     378 Tue Jul 22 19:29:19  somemail@gmail.com

                                         somemail@somedomain.com

 

30A814AC112!     374 Tue Jul 22 20:18:16  somemail@somedomain.com

                                         somemail@somedomain.com

 

E8D714AC113!     358 Tue Jul 22 20:21:54  somemail@gmail.com

                                         somemail@somedomain.com

 

-- 3 Kbytes in 4 Requests.

 

Any suggestion ?

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/0e172ae2/attachment.html
From mgaudreault at reference.qc.ca  Wed Jul 23 01:58:39 2008
From: mgaudreault at reference.qc.ca (Maxime Gaudreault)
Date: Wed Jul 23 01:58:46 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8664C48@jupiter.reference.local>
References: <6DD6B2C8A11BFC4092A148347F6126B8664C48@jupiter.reference.local>
Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8664C49@jupiter.reference.local>

If I manually move all the mail from /var/spool/postfix/hold to /var/spool/postfix/incoming all the emails gets delivred

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault
Sent: July 22, 2008 8:28 PM
To: mailscanner@lists.mailscanner.info
Subject: URGENT.. Big problem with my anti-spam gateway..

 

Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113: client=unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header Received: from mercure (unknown [192.168.1.23])??by pf.reference.qc.ca (Postfix) with SMTP id E8D714AC113??for ; Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23]; from= to= proto=SMTP helo=

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>

Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from unknown[192.168.1.23]

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages waiting

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 1 messages, 925 bytes

Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting

Jul 22 20:22:05 pf MailScanner[31547]: Message E8D714AC113.1981C from 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is n'est pas un polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80, BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)

 

It stops there.. the mail stays in postfix queue after beeing scanned by Mailscanner.

 

pf:/var/spool/MailScanner# postqueue -p

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

42B144AC10E!     371 Tue Jul 22 19:23:22  somemail@gmail.com

                                         somemail@somedomain.com

 

5FD1D4AC110!     378 Tue Jul 22 19:29:19  somemail@gmail.com

                                         somemail@somedomain.com

 

30A814AC112!     374 Tue Jul 22 20:18:16  somemail@somedomain.com

                                         somemail@somedomain.com

 

E8D714AC113!     358 Tue Jul 22 20:21:54  somemail@gmail.com

                                         somemail@somedomain.com

 

-- 3 Kbytes in 4 Requests.

 

Any suggestion ?

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/856d3297/attachment-0001.html
From mgaudreault at reference.qc.ca  Wed Jul 23 02:35:04 2008
From: mgaudreault at reference.qc.ca (Maxime Gaudreault)
Date: Wed Jul 23 02:35:12 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8664C49@jupiter.reference.local>
References: <6DD6B2C8A11BFC4092A148347F6126B8664C48@jupiter.reference.local>
	<6DD6B2C8A11BFC4092A148347F6126B8664C49@jupiter.reference.local>
Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8664C4A@jupiter.reference.local>

I think I found something..

 

postfix  32424 99.9  2.1  63096 43732 ?        S    21:22   8:18 MailScanner: extracting attachments

 

Extracting process never ends and use 100% CPU

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault
Sent: July 22, 2008 8:59 PM
To: MailScanner discussion
Subject: RE: URGENT.. Big problem with my anti-spam gateway..

 

If I manually move all the mail from /var/spool/postfix/hold to /var/spool/postfix/incoming all the emails gets delivred

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault
Sent: July 22, 2008 8:28 PM
To: mailscanner@lists.mailscanner.info
Subject: URGENT.. Big problem with my anti-spam gateway..

 

Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113: client=unknown[192.168.1.23]

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header Received: from mercure (unknown [192.168.1.23])??by pf.reference.qc.ca (Postfix) with SMTP id E8D714AC113??for ; Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23]; from= to= proto=SMTP helo=

Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>

Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from unknown[192.168.1.23]

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages waiting

Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 1 messages, 925 bytes

Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting

Jul 22 20:22:05 pf MailScanner[31547]: Message E8D714AC113.1981C from 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is n'est pas un polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80, BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)

 

It stops there.. the mail stays in postfix queue after beeing scanned by Mailscanner.

 

pf:/var/spool/MailScanner# postqueue -p

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

42B144AC10E!     371 Tue Jul 22 19:23:22  somemail@gmail.com

                                         somemail@somedomain.com

 

5FD1D4AC110!     378 Tue Jul 22 19:29:19  somemail@gmail.com

                                         somemail@somedomain.com

 

30A814AC112!     374 Tue Jul 22 20:18:16  somemail@somedomain.com

                                         somemail@somedomain.com

 

E8D714AC113!     358 Tue Jul 22 20:21:54  somemail@gmail.com

                                         somemail@somedomain.com

 

-- 3 Kbytes in 4 Requests.

 

Any suggestion ?

 

Maxime Gaudreault

Technicien

                                                  

R?f?rence Syst?mes inc.

T?l. : 418.650.0997

T?l?c. : 418.650.9668

Courriel : mgaudreault@reference.qc.ca  

Site Internet : http://www.reference.qc.ca/  

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080722/47d887e9/attachment.html
From mailscanner at lists.mailscanner.info  Wed Jul 23 06:45:34 2008
From: mailscanner at lists.mailscanner.info (mailscanner@lists.mailscanner.info)
Date: Wed Jul 23 06:45:43 2008
Subject: Anjelina Jolie XXX Video Free.
Message-ID: <20080723124607.8435.qmail@9nnkxb5hd7rowpe>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/57890af5/attachment.html
From Neal at Morgan-Systems.com  Wed Jul 23 07:00:20 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Wed Jul 23 07:00:59 2008
Subject: {Spam?} Anjelina Jolie XXX Video Free.
In-Reply-To: <20080723124607.8435.qmail@9nnkxb5hd7rowpe>
References: <20080723124607.8435.qmail@9nnkxb5hd7rowpe>
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC38E01E@server-16.MorganSys.net>

> Free Video Nude Anjelina Jolie  

Jees.  Now this is ironic...

Clever to use the forged MSN footer to fool SA.  Darn spammers.


From edward at tdcs.com.au  Wed Jul 23 07:09:50 2008
From: edward at tdcs.com.au (Edward Dekkers)
Date: Wed Jul 23 07:10:42 2008
Subject: Anjelina Jolie XXX Video Free.
In-Reply-To: <20080723124607.8435.qmail@9nnkxb5hd7rowpe>
References: <20080723124607.8435.qmail@9nnkxb5hd7rowpe>
Message-ID: 

Funny. Person responsible for this really truly is my hero.

 

I smell a troll.

 

Ed.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/18c8d90b/attachment.html
From uxbod at splatnix.net  Wed Jul 23 08:09:16 2008
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Wed Jul 23 08:09:45 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8664C4A@jupiter.reference.local>
Message-ID: <25253396.5431216796956839.JavaMail.root@office.splatnix.net>

What version of MS are you using ?

Regards,

-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net

----- "Maxime Gaudreault"  wrote:

> I think I found something..
> 
> 
> 
> postfix 32424 99.9 2.1 63096 43732 ? S 21:22 8:18 MailScanner:
> extracting attachments
> 
> 
> 
> Extracting process never ends and use 100% CPU
> 
> 
> 
> 
> Maxime Gaudreault
> 
> 
> Technicien
> 
> 
> 
> 
> 
> R?f?rence Syst?mes inc.
> 
> 
> T?l. : 418.650.0997
> 
> 
> T?l?c. : 418.650.9668
> 
> 
> Courriel : mgaudreault @reference.qc.ca
> 
> 
> Site Internet : http://www.reference.qc.ca/
> 
> 
> 
> 
> 
> 
> 
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Maxime Gaudreault
> Sent: July 22, 2008 8:59 PM
> To: MailScanner discussion
> Subject: RE: URGENT.. Big problem with my anti-spam gateway..
> 
> 
> 
> If I manually move all the mail from /var/spool/postfix/hold to
> /var/spool/postfix/incoming all the emails gets delivred
> 
> 
> 
> 
> Maxime Gaudreault
> 
> 
> Technicien
> 
> 
> 
> 
> 
> R?f?rence Syst?mes inc.
> 
> 
> T?l. : 418.650.0997
> 
> 
> T?l?c. : 418.650.9668
> 
> 
> Courriel : mgaudreault @reference.qc.ca
> 
> 
> Site Internet : http://www.reference.qc.ca/
> 
> 
> 
> 
> 
> 
> 
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Maxime Gaudreault
> Sent: July 22, 2008 8:28 PM
> To: mailscanner@lists.mailscanner.info
> Subject: URGENT.. Big problem with my anti-spam gateway..
> 
> 
> 
> Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from
> unknown[192.168.1.23]
> 
> Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113:
> client=unknown[192.168.1.23]
> 
> Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header
> Received: from mercure (unknown [192.168.1.23])??by pf.reference.qc.ca
> (Postfix) with SMTP id E8D714AC113??for ;
> Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23];
> from= to= proto=SMTP
> helo=
> 
> Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113:
> message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>
> 
> Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from
> unknown[192.168.1.23]
> 
> Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages
> waiting
> 
> Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 1 messages,
> 925 bytes
> 
> Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting
> 
> Jul 22 20:22:05 pf MailScanner[31547]: Message E8D714AC113.1981C from
> 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is n'est pas un
> polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80,
> BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)
> 
> 
> 
> It stops there.. the mail stays in postfix queue after beeing scanned
> by Mailscanner.
> 
> 
> 
> pf:/var/spool/MailScanner# postqueue -p
> 
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> 
> 42B144AC10E! 371 Tue Jul 22 19:23:22 somemail@gmail.com
> 
> somemail@somedomain.com
> 
> 
> 
> 5FD1D4AC110! 378 Tue Jul 22 19:29:19 somemail@gmail.com
> 
> somemail@somedomain.com
> 
> 
> 
> 30A814AC112! 374 Tue Jul 22 20:18:16 somemail@somedomain.com
> 
> somemail@somedomain.com
> 
> 
> 
> E8D714AC113! 358 Tue Jul 22 20:21:54 somemail@gmail.com
> 
> somemail@somedomain.com

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From fabien.garziano at caliseo.com  Wed Jul 23 08:32:57 2008
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Wed Jul 23 08:33:15 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
Message-ID: 

Looks like process is just hanging. Did you try a worthy kill and restart ?
You can contact me on my personnal Email adress if you need (french speaking). 


> -----Message d'origine-----
> De : mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] De la 
> part de --[ UxBoD ]--
> Envoy? : mercredi 23 juillet 2008 09:09
> ? : MailScanner discussion
> Objet : Re: URGENT.. Big problem with my anti-spam gateway..
> 
> What version of MS are you using ?
> 
> Regards,
> 
> --
> --[ UxBoD ]--
> // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 
> 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // 
> Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
> 
> ----- "Maxime Gaudreault"  wrote:
> 
> > I think I found something..
> > 
> > 
> > 
> > postfix 32424 99.9 2.1 63096 43732 ? S 21:22 8:18 MailScanner:
> > extracting attachments
> > 
> > 
> > 
> > Extracting process never ends and use 100% CPU
> > 
> > 
> > 
> > 
> > Maxime Gaudreault
> > 
> > 
> > Technicien
> > 
> > 
> > 
> > 
> > 
> > R?f?rence Syst?mes inc.
> > 
> > 
> > T?l. : 418.650.0997
> > 
> > 
> > T?l?c. : 418.650.9668
> > 
> > 
> > Courriel : mgaudreault @reference.qc.ca
> > 
> > 
> > Site Internet : http://www.reference.qc.ca/
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
> > Maxime Gaudreault
> > Sent: July 22, 2008 8:59 PM
> > To: MailScanner discussion
> > Subject: RE: URGENT.. Big problem with my anti-spam gateway..
> > 
> > 
> > 
> > If I manually move all the mail from /var/spool/postfix/hold to 
> > /var/spool/postfix/incoming all the emails gets delivred
> > 
> > 
> > 
> > 
> > Maxime Gaudreault
> > 
> > 
> > Technicien
> > 
> > 
> > 
> > 
> > 
> > R?f?rence Syst?mes inc.
> > 
> > 
> > T?l. : 418.650.0997
> > 
> > 
> > T?l?c. : 418.650.9668
> > 
> > 
> > Courriel : mgaudreault @reference.qc.ca
> > 
> > 
> > Site Internet : http://www.reference.qc.ca/
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
> > Maxime Gaudreault
> > Sent: July 22, 2008 8:28 PM
> > To: mailscanner@lists.mailscanner.info
> > Subject: URGENT.. Big problem with my anti-spam gateway..
> > 
> > 
> > 
> > Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from 
> > unknown[192.168.1.23]
> > 
> > Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113:
> > client=unknown[192.168.1.23]
> > 
> > Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header
> > Received: from mercure (unknown [192.168.1.23])??by 
> pf.reference.qc.ca
> > (Postfix) with SMTP id E8D714AC113??for ; 
> > Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23]; 
> > from= to= proto=SMTP 
> > helo=
> > 
> > Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113:
> > message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>
> > 
> > Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from 
> > unknown[192.168.1.23]
> > 
> > Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages 
> > waiting
> > 
> > Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 
> 1 messages,
> > 925 bytes
> > 
> > Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting
> > 
> > Jul 22 20:22:05 pf MailScanner[31547]: Message 
> E8D714AC113.1981C from
> > 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is 
> n'est pas un 
> > polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80, 
> > BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)
> > 
> > 
> > 
> > It stops there.. the mail stays in postfix queue after 
> beeing scanned 
> > by Mailscanner.
> > 
> > 
> > 
> > pf:/var/spool/MailScanner# postqueue -p
> > 
> > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> > 
> > 42B144AC10E! 371 Tue Jul 22 19:23:22 somemail@gmail.com
> > 
> > somemail@somedomain.com
> > 
> > 
> > 
> > 5FD1D4AC110! 378 Tue Jul 22 19:29:19 somemail@gmail.com
> > 
> > somemail@somedomain.com
> > 
> > 
> > 
> > 30A814AC112! 374 Tue Jul 22 20:18:16 somemail@somedomain.com
> > 
> > somemail@somedomain.com
> > 
> > 
> > 
> > E8D714AC113! 358 Tue Jul 22 20:21:54 somemail@gmail.com
> > 
> > somemail@somedomain.com
> 
> --
> This message has been scanned for viruses and dangerous 
> content by MailScanner, and is believed to be clean.
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From marco.mangione at gmail.com  Wed Jul 23 10:38:42 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Wed Jul 23 10:38:51 2008
Subject: Google gmail
Message-ID: 

hello,

anyone know the ip pool of gmail? so i can put them in withelist

Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/6509a9ea/attachment.html
From ram at netcore.co.in  Wed Jul 23 11:05:58 2008
From: ram at netcore.co.in (ram)
Date: Wed Jul 23 11:06:17 2008
Subject: Google gmail
In-Reply-To: 
References: 
Message-ID: <1216807558.10529.43.camel@darkstar.netcore.co.in>

Look up the SPF records of  gmail.com 




On Wed, 2008-07-23 at 11:38 +0200, Marco mangione wrote:
> hello,
> 
> anyone know the ip pool of gmail? so i can put them in withelist
> 
> Marco
> 

From steve.freegard at fsl.com  Wed Jul 23 11:06:36 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Wed Jul 23 11:06:46 2008
Subject: Google gmail
In-Reply-To: 
References: 
Message-ID: <488702AC.30509@fsl.com>

Marco mangione wrote:
> anyone know the ip pool of gmail? so i can put them in withelist

Sure:

[root@mail ~]# host -t TXT google.com
google.com text "v=spf1 include:_netblocks.google.com ~all"
[root@mail ~]# host -t TXT _netblocks.google.com
_netblocks.google.com text "v=spf1 ip4:216.239.32.0/19 
ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 
ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 
ip4:207.126.144.0/20 ?all"

Alternatively - I can recommend using 'list.dnswl.org' as a whitelist 
which will include these already:

[root@mail ~]# host 159.252.14.72.list.dnswl.org
159.252.14.72.list.dnswl.org has address 127.0.5.0

Whatever you do though - don't bypass SpamAssassin for Google IPs unless 
you want a load of spam.  Google's outbounds have been on several 
blacklists recently as they don't seem to be able to keep on top of the 
abuse of their services.

Google mail is a nice target for spammers due to Google's own privacy 
policy stating that they will not disclose the injection IP address 
anywhere in the headers as it allows the spammers and bots to hide 
behind them.

Regards,
Steve.
From prandal at herefordshire.gov.uk  Wed Jul 23 11:09:20 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Wed Jul 23 11:09:38 2008
Subject: Google gmail
In-Reply-To: 
References: 
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA04470378@HC-MBX02.herefordshire.gov.uk>

Why on earth would you want to do that?
 
See, for example...
 
http://www.zdnet.com.au/news/software/soa/Gmail-crack-causes-spam-flood/
0,130061733,339286636,00.htm
 
Cheers,
 
Phil

-- 
Phil Randal 
Networks Engineer 
Herefordshire Council 
Hereford, UK 

 

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marco
mangione
Sent: 23 July 2008 10:39
To: MailScanner discussion
Subject: Google gmail


hello,

anyone know the ip pool of gmail? so i can put them in withelist

Marco

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/ef4f361d/attachment.html
From Sylvain.Phaneuf at imsu.ox.ac.uk  Wed Jul 23 11:10:55 2008
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Wed Jul 23 11:11:13 2008
Subject: Google gmail
In-Reply-To: 
References: 
Message-ID: <488711BF.FEA8.00EB.0@imsu.ox.ac.uk>

>>> On 23/07/2008 at 10:38, "Marco mangione"  wrote:
> anyone know the ip pool of gmail? so i can put them in withelist
> 

Are you sure you want to whitelist such a large domain?

Anyway something like this should do the trick:

From:   *@gmail.com   yes
From:   *@googlemail.com   yes


Sylvain 


From peter at farrows.org  Wed Jul 23 11:39:32 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul 23 11:39:55 2008
Subject: Google gmail
In-Reply-To: 
References: 
Message-ID: <48870A64.2080403@farrows.org>

Marco mangione wrote:
> hello,
>
> anyone know the ip pool of gmail? so i can put them in withelist
>
> Marco
>
> -- 
>
Since google(mail) is in the top 100 of the world spamming charts, are 
you sure you want to do that?

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From marco.mangione at gmail.com  Wed Jul 23 12:08:02 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Wed Jul 23 12:08:11 2008
Subject: Google gmail
In-Reply-To: <48870A64.2080403@farrows.org>
References: 
	<48870A64.2080403@farrows.org>
Message-ID: 

uhm.. and what do you suggest for greylisting? gmail have too much server
that reply...

2008/7/23 Peter Farrow :

> Marco mangione wrote:
>
>> hello,
>>
>> anyone know the ip pool of gmail? so i can put them in withelist
>>
>> Marco
>>
>> --
>>
>>  Since google(mail) is in the top 100 of the world spamming charts, are
> you sure you want to do that?
>
> Pete
>
>
> --
> This message has been scanned for viruses and
> dangerous content by the Inexcom system Scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-].
> http://www.inexcom.co.uk
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/eaa8432c/attachment.html
From MailScanner at ecs.soton.ac.uk  Wed Jul 23 12:19:10 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jul 23 12:19:42 2008
Subject: Google gmail
In-Reply-To: 
References: 	<48870A64.2080403@farrows.org>
	
Message-ID: <488713AE.2090002@ecs.soton.ac.uk>

May I suggest you take a look at BarricadeMX?
Their grey-listing implementation handles this setup just fine.

Marco mangione wrote:
> uhm.. and what do you suggest for greylisting? gmail have too much 
> server that reply...
>
> 2008/7/23 Peter Farrow >:
>
>     Marco mangione wrote:
>
>         hello,
>
>         anyone know the ip pool of gmail? so i can put them in withelist
>
>         Marco
>
>         -- 
>
>     Since google(mail) is in the top 100 of the world spamming charts,
>     are you sure you want to do that?
>
>     Pete
>
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by the Inexcom system Scanner,
>     and is believed to be clean.
>     Advanced heuristic mail scanning server [-].
>     http://www.inexcom.co.uk
>
>
>     -- 
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From malli at mcrirents.com  Wed Jul 23 13:57:51 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Wed Jul 23 12:58:59 2008
Subject: Is anyone using Dspam with their configuration?
Message-ID: <3B1A431BDA34C54581BE43253BC1BD93A66A99@exchange.computerrents.com>

Hi Guys,

 

I wasn't sure but I'd really like to know if Dspam could be added as a
spam scanner along with Spamassassin.  Does anyone have a setup like
this?

 

Rocky

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/c00e1811/attachment.html
From nils.o.bekken at hiof.no  Wed Jul 23 13:32:59 2008
From: nils.o.bekken at hiof.no (Nils Olav Brandstorp Bekken)
Date: Wed Jul 23 13:33:11 2008
Subject: F-secure alternative?
In-Reply-To: <200807231101.m6NB03pI008282@safir.blacknight.ie>
References: <200807231101.m6NB03pI008282@safir.blacknight.ie>
Message-ID: <488724FB.1000607@hiof.no>

Since the updates for 4.65 is gone, I'm looking for
an alternative. Our systems (Debian Etch) and MailScanner
doesn't seem very happy with the F-Secure 5 version, and I'm not sure if 
F-Secure 7 is supported yet. (It scans and find infected email, but
they're delivered anyway)

I've tried Clamav but I'm not sure about how frequently
it is updated.

So if anyone can recommend an antivirus scanner
that I dont need to install the entire Debian repository
to get working, I would appreciate it. (I dont like to
waste cpu and memory on X and friends so I would prefer
command-line)

I'm thinking of installing MailScanner from source as
the Debian package in Etch is a little bit "outdated" ;-)

Thanks in advance.

Nils.
From mgaudreault at reference.qc.ca  Wed Jul 23 13:41:37 2008
From: mgaudreault at reference.qc.ca (Maxime Gaudreault)
Date: Wed Jul 23 13:41:52 2008
Subject: URGENT.. Big problem with my anti-spam gateway..
In-Reply-To: <25253396.5431216796956839.JavaMail.root@office.splatnix.net>
References: <6DD6B2C8A11BFC4092A148347F6126B8664C4A@jupiter.reference.local>
	<25253396.5431216796956839.JavaMail.root@office.splatnix.net>
Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8664C4F@jupiter.reference.local>

My problem is fixed.. 

After some research on google I found that my MailScanner.conf file was corrupted. I started over with the file from deb package and it's working now

Maxime Gaudreault
Technicien
??????????????????????????????????????????????????
R?f?rence Syst?mes inc.
T?l. : 418.650.0997
T?l?c. : 418.650.9668
Courriel : mgaudreault@reference.qc.ca
Site Internet : http://www.reference.qc.ca/



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]--
Sent: July 23, 2008 3:09 AM
To: MailScanner discussion
Subject: Re: URGENT.. Big problem with my anti-spam gateway..

What version of MS are you using ?

Regards,

-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net

----- "Maxime Gaudreault"  wrote:

> I think I found something..
> 
> 
> 
> postfix 32424 99.9 2.1 63096 43732 ? S 21:22 8:18 MailScanner:
> extracting attachments
> 
> 
> 
> Extracting process never ends and use 100% CPU
> 
> 
> 
> 
> Maxime Gaudreault
> 
> 
> Technicien
> 
> 
> 
> 
> 
> R?f?rence Syst?mes inc.
> 
> 
> T?l. : 418.650.0997
> 
> 
> T?l?c. : 418.650.9668
> 
> 
> Courriel : mgaudreault @reference.qc.ca
> 
> 
> Site Internet : http://www.reference.qc.ca/
> 
> 
> 
> 
> 
> 
> 
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Maxime Gaudreault
> Sent: July 22, 2008 8:59 PM
> To: MailScanner discussion
> Subject: RE: URGENT.. Big problem with my anti-spam gateway..
> 
> 
> 
> If I manually move all the mail from /var/spool/postfix/hold to
> /var/spool/postfix/incoming all the emails gets delivred
> 
> 
> 
> 
> Maxime Gaudreault
> 
> 
> Technicien
> 
> 
> 
> 
> 
> R?f?rence Syst?mes inc.
> 
> 
> T?l. : 418.650.0997
> 
> 
> T?l?c. : 418.650.9668
> 
> 
> Courriel : mgaudreault @reference.qc.ca
> 
> 
> Site Internet : http://www.reference.qc.ca/
> 
> 
> 
> 
> 
> 
> 
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Maxime Gaudreault
> Sent: July 22, 2008 8:28 PM
> To: mailscanner@lists.mailscanner.info
> Subject: URGENT.. Big problem with my anti-spam gateway..
> 
> 
> 
> Jul 22 20:21:40 pf postfix/smtpd[31673]: connect from
> unknown[192.168.1.23]
> 
> Jul 22 20:22:04 pf postfix/smtpd[31673]: E8D714AC113:
> client=unknown[192.168.1.23]
> 
> Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113: hold: header
> Received: from mercure (unknown [192.168.1.23])??by pf.reference.qc.ca
> (Postfix) with SMTP id E8D714AC113??for ;
> Tue, 22 Jul 2008 20:21:54 -0400 (EDT) from unknown[192.168.1.23];
> from= to= proto=SMTP
> helo=
> 
> Jul 22 20:22:04 pf postfix/cleanup[31676]: E8D714AC113:
> message-id=<20080723002204.E8D714AC113@pf.reference.qc.ca>
> 
> Jul 22 20:22:04 pf postfix/smtpd[31673]: disconnect from
> unknown[192.168.1.23]
> 
> Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Found 4 messages
> waiting
> 
> Jul 22 20:22:05 pf MailScanner[31547]: New Batch: Scanning 1 messages,
> 925 bytes
> 
> Jul 22 20:22:05 pf MailScanner[31547]: Spam Checks: Starting
> 
> Jul 22 20:22:05 pf MailScanner[31547]: Message E8D714AC113.1981C from
> 192.168.1.23 (somemail@gmail.com) to reference.qc.ca is n'est pas un
> polluriel, SpamAssassin (score=-2.649, requis 3, ALL_TRUSTED -1.80,
> BAYES_00 -2.60, MISSING_SUBJECT 0.75, TVD_SPACE_RATIO 1.00)
> 
> 
> 
> It stops there.. the mail stays in postfix queue after beeing scanned
> by Mailscanner.
> 
> 
> 
> pf:/var/spool/MailScanner# postqueue -p
> 
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> 
> 42B144AC10E! 371 Tue Jul 22 19:23:22 somemail@gmail.com
> 
> somemail@somedomain.com
> 
> 
> 
> 5FD1D4AC110! 378 Tue Jul 22 19:29:19 somemail@gmail.com
> 
> somemail@somedomain.com
> 
> 
> 
> 30A814AC112! 374 Tue Jul 22 20:18:16 somemail@somedomain.com
> 
> somemail@somedomain.com
> 
> 
> 
> E8D714AC113! 358 Tue Jul 22 20:21:54 somemail@gmail.com
> 
> somemail@somedomain.com

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From richard.frovarp at sendit.nodak.edu  Wed Jul 23 14:10:17 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed Jul 23 14:10:27 2008
Subject: Google gmail
In-Reply-To: 
References: 	<48870A64.2080403@farrows.org>
	
Message-ID: <48872DB9.8070503@sendit.nodak.edu>

Marco mangione wrote:
> uhm.. and what do you suggest for greylisting? gmail have too much 
> server that reply...

Don't greylist google. You can't trust blacklists containing Google, so 
the delay is of no help there. You know that google is going to retry 
again, as they have proper SMTPs. I don't know that there is much 
purpose in greylisting them.
From peter at farrows.org  Wed Jul 23 14:28:10 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul 23 14:28:41 2008
Subject: Google gmail
In-Reply-To: <48872DB9.8070503@sendit.nodak.edu>
References: 	<48870A64.2080403@farrows.org>	
	<48872DB9.8070503@sendit.nodak.edu>
Message-ID: <488731EA.4050506@farrows.org>

Richard Frovarp wrote:
> Marco mangione wrote:
>> uhm.. and what do you suggest for greylisting? gmail have too much 
>> server that reply...
>
> Don't greylist google. You can't trust blacklists containing Google, 
> so the delay is of no help there. You know that google is going to 
> retry again, as they have proper SMTPs. I don't know that there is 
> much purpose in greylisting them.
Well, get the IP range and blacklist  it.    My experience of googlemail 
is cheap/nasty/spammy, to be avoided, anyone who uses it for business 
purposes isn't serious about business...

Just my pennies worth.

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From richard.frovarp at sendit.nodak.edu  Wed Jul 23 15:59:04 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed Jul 23 15:59:15 2008
Subject: Google gmail
In-Reply-To: <488731EA.4050506@farrows.org>
References: 	<48870A64.2080403@farrows.org>		<48872DB9.8070503@sendit.nodak.edu>
	<488731EA.4050506@farrows.org>
Message-ID: <48874738.60202@sendit.nodak.edu>

Peter Farrow wrote:
> Richard Frovarp wrote:
>> Marco mangione wrote:
>>> uhm.. and what do you suggest for greylisting? gmail have too much 
>>> server that reply...
>>
>> Don't greylist google. You can't trust blacklists containing Google, 
>> so the delay is of no help there. You know that google is going to 
>> retry again, as they have proper SMTPs. I don't know that there is 
>> much purpose in greylisting them.
> Well, get the IP range and blacklist  it.    My experience of 
> googlemail is cheap/nasty/spammy, to be avoided, anyone who uses it 
> for business purposes isn't serious about business...
>
> Just my pennies worth.
>
> Pete
>
Um, okay. Customers using gmail are still customers. I'm also pretty 
certain that not every piece of mail coming in is business only. I would 
never use it as my business email. However, I do use it to contact 
businesses as my work, school, and apache accounts are for those uses.
From tenderby at mailwash.com.au  Wed Jul 23 17:10:15 2008
From: tenderby at mailwash.com.au (Tony Enderby)
Date: Wed Jul 23 17:10:38 2008
Subject: MySQL code for MailScanner file operations
Message-ID: <488757E7.6030604@mailwash.com.au>

Hi All,

Was wondering if anyone had developed SQL code for handling some of the 
filename / type behavior in
MailScanner.conf  (Allow Filenames / Deny Filenames etc.) and if so 
would be willing to publish / sell their
efforts.

Many thanks in advance.

Tony.

-----------------------------------------------------------------------------------
Scanned by MailWash Australia - http://www.mailwash.com.au
-----------------------------------------------------------------------------------

From gerard at seibercom.net  Wed Jul 23 17:14:30 2008
From: gerard at seibercom.net (Gerard)
Date: Wed Jul 23 17:14:45 2008
Subject: Google gmail
In-Reply-To: 
References: 
	<48870A64.2080403@farrows.org>
	
Message-ID: <20080723121430.10301b77@scorpio>

On Wed, 23 Jul 2008 13:08:02 +0200
"Marco mangione"  wrote:

> uhm.. and what do you suggest for greylisting? gmail have too much
> server that reply...

Would you please hit the 'plain-text' button when replying from GMail.
This HTML crap is a real PIA. You might also consider losing the
'top-posting' habit as well.

Unfortunately, doing a scorched earth policy regarding GMail might
result in unexpected consequences. How much SPAM from GMail is actually
getting past your filters anyway?

-- 
Gerard
gerard@seibercom.net

Poverty must have its satisfactions, else there would not be so many
poor people.
		-- Don Herold
From hvdkooij at vanderkooij.org  Wed Jul 23 17:24:22 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed Jul 23 17:24:32 2008
Subject: F-secure alternative?
In-Reply-To: <488724FB.1000607@hiof.no>
References: <200807231101.m6NB03pI008282@safir.blacknight.ie>
	<488724FB.1000607@hiof.no>
Message-ID: <48875B36.2010607@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nils Olav Brandstorp Bekken wrote:
| Since the updates for 4.65 is gone, I'm looking for
| an alternative. Our systems (Debian Etch) and MailScanner
| doesn't seem very happy with the F-Secure 5 version, and I'm not sure if
| F-Secure 7 is supported yet. (It scans and find infected email, but
| they're delivered anyway)
|
| I've tried Clamav but I'm not sure about how frequently
| it is updated.

More frequent then just about any other malware scanner.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIh1szBvzDRVjxmYERArozAJ91cJ/Ru13cmFuSfuAbOO/c2X6Y3ACdHDnw
2EUsaeaIZjV5HDnALOxjD/Q=
=jUZC
-----END PGP SIGNATURE-----
From mogens at fumlersoft.dk  Wed Jul 23 18:22:13 2008
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Wed Jul 23 18:23:39 2008
Subject: Whitelisted or Not?
Message-ID: 

Hi list

I just recieved a mail, from a whitelisted sender, containing
only a gif image. The image is ok, but i was curious about
the MCP and SA reports. MCP _always_ report score=0 unless
the required=5 is reached. Why don't i get the full MCP report,
as i do with SA ? I'm probably missing something basic :)

Both MCP and SA report whitelisted, but SA is close to hitting
the required=5 spamscore. What will happen is it scores above
the required 5? Will the mail be allowed to pass as whitelisted, or ???

Any clues, anybody?

Here's the headers in question:

X-TIT-GPH-MailScanner: Found to be clean
X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean (MCP-Whitelisted),
MCP-Checker (score=0, required 5)
X-TIT-GPH-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=4.774, required 5, AWL -3.33,
BAYES_00 -1.00, DC_IMG_HTML_RATIO 1.00, DC_IMG_TEXT_RATIO 1.00,
HTML_IMAGE_ONLY_04 2.04, HTML_MESSAGE 0.00,
HTML_MIME_NO_HTML_TAG 0.10, MIME_HTML_ONLY 1.46,
MISSING_HEADERS 1.29, SPF_PASS -0.00, TVD_SPACE_RATIO 2.22)

# spamassassin --version
SpamAssassin version 3.2.4
  running on Perl version 5.8.8

# MailScanner --version
Running on
Linux gph 2.6.24.2 #1 SMP PREEMPT Mon Feb 18 21:24:35 CET 2008
 i686 Intel(R) Celeron(R) CPU 2.93GHz GenuineIntel GNU/Linux
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.67.6
Module versions are:
1.00    AnyDBM_File
1.23    Archive::Zip
1.04    Carp
2.008   Compress::Zlib
1.119   Convert::BinHex
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
2.04    File::Path
0.20    File::Temp
0.92    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.02    Mail::Header
1.87    Math::BigInt
3.07    MIME::Base64
5.426   MIME::Decoder
5.426   MIME::Decoder::UU
5.426   MIME::Head
5.426   MIME::Parser
3.07    MIME::QuotedPrint
5.426   MIME::Tools
0.11    Net::CIDR
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
1.4     Sys::Hostname::Long
0.24    Sys::Syslog
1.9712  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.38    Archive::Tar
0.22    bignum
2.03    Business::ISBN
1.17    Business::ISBN::Data
1.08    Data::Dump
1.816   DB_File
1.14    DBD::SQLite
1.603   DBI
1.15    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
1.00    Encode::Detect
0.17012 Error
0.22    ExtUtils::CBuilder
2.19    ExtUtils::ParseXS
2.37    Getopt::Long
0.44    Inline
1.08    IO::String
1.09    IO::Zlib
2.24    IP::Country
0.21    Mail::ClamAV
3.002004        Mail::SpamAssassin
v2.005  Mail::SPF
1.999001        Mail::SPF::Query
0.2808  Module::Build
0.20    Net::CIDR::Lite
0.63    Net::DNS
v0.003  Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.007  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
3.10    Test::Harness
1.22    Test::Manifest
2.0.0   Text::Balanced
1.35    URI
0.74    version
0.66    YAML

-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter at farrows.org  Wed Jul 23 18:58:51 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul 23 18:59:17 2008
Subject: Google gmail
In-Reply-To: <20080723121430.10301b77@scorpio>
References: 	<48870A64.2080403@farrows.org>	
	<20080723121430.10301b77@scorpio>
Message-ID: <4887715B.6010506@farrows.org>



Gerard wrote:
> On Wed, 23 Jul 2008 13:08:02 +0200
> "Marco mangione"  wrote:
>
>   
>> uhm.. and what do you suggest for greylisting? gmail have too much
>> server that reply...
>>     
>
> Would you please hit the 'plain-text' button when replying from GMail.
> This HTML crap is a real PIA. You might also consider losing the
> 'top-posting' habit as well.
>
> Unfortunately, doing a scorched earth policy regarding GMail might
> result in unexpected consequences. How much SPAM from GMail is actually
> getting past your filters anyway?
>
>   
Get with program this is the 21st Century, I don't have any issues with 
html, and can work from a top posted reply  too.

You could always ask him to send it written in crayon on piece of 
papyrus strapped to a pigeons leg.....

:-)


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/13fe3e90/attachment.html
From peter at farrows.org  Wed Jul 23 18:59:58 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul 23 19:00:22 2008
Subject: F-secure alternative?
In-Reply-To: <488724FB.1000607@hiof.no>
References: <200807231101.m6NB03pI008282@safir.blacknight.ie>
	<488724FB.1000607@hiof.no>
Message-ID: <4887719E.1070906@farrows.org>


Nils Olav Brandstorp Bekken wrote:
> Since the updates for 4.65 is gone, I'm looking for
> an alternative. Our systems (Debian Etch) and MailScanner
> doesn't seem very happy with the F-Secure 5 version, and I'm not sure 
> if F-Secure 7 is supported yet. (It scans and find infected email, but
> they're delivered anyway)
>
> I've tried Clamav but I'm not sure about how frequently
> it is updated.
>
> So if anyone can recommend an antivirus scanner
> that I dont need to install the entire Debian repository
> to get working, I would appreciate it. (I dont like to
> waste cpu and memory on X and friends so I would prefer
> command-line)
>
> I'm thinking of installing MailScanner from source as
> the Debian package in Etch is a little bit "outdated" ;-)
>
> Thanks in advance.
>
> Nils.
One word: AVAST


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From peter at farrows.org  Wed Jul 23 19:02:55 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul 23 19:03:19 2008
Subject: F-secure alternative?
In-Reply-To: <48875B36.2010607@vanderkooij.org>
References: <200807231101.m6NB03pI008282@safir.blacknight.ie>	<488724FB.1000607@hiof.no>
	<48875B36.2010607@vanderkooij.org>
Message-ID: <4887724F.8020105@farrows.org>



Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nils Olav Brandstorp Bekken wrote:
> | Since the updates for 4.65 is gone, I'm looking for
> | an alternative. Our systems (Debian Etch) and MailScanner
> | doesn't seem very happy with the F-Secure 5 version, and I'm not 
> sure if
> | F-Secure 7 is supported yet. (It scans and find infected email, but
> | they're delivered anyway)
> |
> | I've tried Clamav but I'm not sure about how frequently
> | it is updated.
>
> More frequent then just about any other malware scanner.
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>     A: Yes.
>     >Q: Are you sure?
>     >>A: Because it reverses the logical flow of conversation.
>     >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIh1szBvzDRVjxmYERArozAJ91cJ/Ru13cmFuSfuAbOO/c2X6Y3ACdHDnw
> 2EUsaeaIZjV5HDnALOxjD/Q=
> =jUZC
> -----END PGP SIGNATURE-----
Yes I would agree with that, I just posted AVAST as a a solution as I 
thought since he was using f-secure he wanted a commercial alternative.
Myself I use clamav and sh*tdefender sorry bitdefender.....  bitdefender 
is sort of an "also ran", you don't really need both if you have clamav.

-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/b036db99/attachment.html
From Denis.Beauchemin at USherbrooke.ca  Wed Jul 23 19:06:58 2008
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jul 23 19:07:16 2008
Subject: Whitelisted or Not?
In-Reply-To: 
References: 
Message-ID: <48877342.3020102@USherbrooke.ca>

Mogens Melander a ?crit :
> Hi list
>
> I just recieved a mail, from a whitelisted sender, containing
> only a gif image. The image is ok, but i was curious about
> the MCP and SA reports. MCP _always_ report score=0 unless
> the required=5 is reached. Why don't i get the full MCP report,
> as i do with SA ? I'm probably missing something basic :)
>
> Both MCP and SA report whitelisted, but SA is close to hitting
> the required=5 spamscore. What will happen is it scores above
> the required 5? Will the mail be allowed to pass as whitelisted, or ???
>
> Any clues, anybody?
>
> Here's the headers in question:
>
> X-TIT-GPH-MailScanner: Found to be clean
> X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean (MCP-Whitelisted),
> MCP-Checker (score=0, required 5)
> X-TIT-GPH-MailScanner-SpamCheck: not spam (whitelisted),
> SpamAssassin (not cached, score=4.774, required 5, AWL -3.33,
> BAYES_00 -1.00, DC_IMG_HTML_RATIO 1.00, DC_IMG_TEXT_RATIO 1.00,
> HTML_IMAGE_ONLY_04 2.04, HTML_MESSAGE 0.00,
> HTML_MIME_NO_HTML_TAG 0.10, MIME_HTML_ONLY 1.46,
> MISSING_HEADERS 1.29, SPF_PASS -0.00, TVD_SPACE_RATIO 2.22)
>   

Mogens,

I don't know about MCP (don't use it), but if there is a rule in MS to 
whitelist an email il will be whitelisted even if it gets a huge SA 
score. Thus it will be delivered.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


From dnsadmin at 1bigthink.com  Wed Jul 23 19:31:48 2008
From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com)
Date: Wed Jul 23 19:32:11 2008
Subject: Google gmail
In-Reply-To: <4887715B.6010506@farrows.org>
References: 
	<48870A64.2080403@farrows.org>
	
	<20080723121430.10301b77@scorpio> <4887715B.6010506@farrows.org>
Message-ID: <200807231831.m6NIVvDH013179@mxt.1bigthink.com>

At 01:58 PM 7/23/2008, you wrote:


>Gerard wrote:
>>
>>On Wed, 23 Jul 2008 13:08:02 +0200
>>"Marco mangione" 
>> wrote:
>>
>>
>>>
>>>uhm.. and what do you suggest for greylisting? gmail have too much
>>>server that reply...
>>>
>>
>>
>>Would you please hit the 'plain-text' button when replying from GMail.
>>This HTML crap is a real PIA. You might also consider losing the
>>'top-posting' habit as well.
>>
>>Unfortunately, doing a scorched earth policy regarding GMail might
>>result in unexpected consequences. How much SPAM from GMail is actually
>>getting past your filters anyway?
>>
>>
>Get with program this is the 21st Century, I don't have any issues 
>with html, and can work from a top posted reply  too.
>
>You could always ask him to send it written in crayon on piece of 
>papyrus strapped to a pigeons leg.....
>
>:-)

The Apache group would give HTML replies a score toward spam. 
Yesterday, had someone posting with a bad MX record and HTML. The 
HTML set him over the threshold and got him blocked.

Cheers! 
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/e1f5627b/attachment.html
From richard.frovarp at sendit.nodak.edu  Wed Jul 23 20:18:51 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed Jul 23 20:19:02 2008
Subject: Google gmail
In-Reply-To: <200807231831.m6NIVvDH013179@mxt.1bigthink.com>
References: 	<48870A64.2080403@farrows.org>		<20080723121430.10301b77@scorpio>
	<4887715B.6010506@farrows.org>
	<200807231831.m6NIVvDH013179@mxt.1bigthink.com>
Message-ID: <4887841B.3020807@sendit.nodak.edu>

dnsadmin 1bigthink.com wrote:
> At 01:58 PM 7/23/2008, you wrote:
>
>
>> Gerard wrote:
>>>
>>> On Wed, 23 Jul 2008 13:08:02 +0200
>>> "Marco mangione"
>>>
>>>   wrote:
>>>
>>>  
>>>       
>>>>
>>>> uhm.. and what do you suggest for greylisting? gmail have too much
>>>> server that reply...
>>>>    
>>>>         
>>>
>>> Would you please hit the 'plain-text' button when replying from GMail.
>>> This HTML crap is a real PIA. You might also consider losing the
>>> 'top-posting' habit as well.
>>>
>>> Unfortunately, doing a scorched earth policy regarding GMail might
>>> result in unexpected consequences. How much SPAM from GMail is actually
>>> getting past your filters anyway?
>>>
>>>   
>> Get with program this is the 21st Century, I don't have any issues 
>> with html, and can work from a top posted reply  too.
>>
>> You could always ask him to send it written in crayon on piece of 
>> papyrus strapped to a pigeons leg.....
>>
>> :-)
>
> The Apache group would give HTML replies a score toward spam. 
> Yesterday, had someone posting with a bad MX record and HTML. The HTML 
> set him over the threshold and got him blocked.
>
> Cheers!

The SA group does not consider it a spam sign alone. It is a visible 
meta rule, so it had to get a score. It would either be 0.001 or -0.001. 
They went with the positive value.
From cbarber at techquility.net  Wed Jul 23 20:59:08 2008
From: cbarber at techquility.net (Chris Barber)
Date: Wed Jul 23 20:59:37 2008
Subject: If virus, don't scan with SA
Message-ID: <43F62CA225017044BC84CFAF92B4333B01E11D@sbsserver.Techquility.net>

Hi All,

I was wondering if the following is possible with MS:

If a message can be virus scanned first, and it found to be a virus, can
SA scanning be skipped?

The reason I ask is that I use the sanesecurity signatures for clamav.
If sanesecurity says it is spam/phish/etc then no need for SA processing
taking up resources. 

On a side note, to date I have never had a false positive with these
signatures.

Thanks much,
Chris

From ssilva at sgvwater.com  Wed Jul 23 22:47:35 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul 23 22:47:38 2008
Subject: F-secure alternative?
In-Reply-To: <488724FB.1000607@hiof.no>
References: <200807231101.m6NB03pI008282@safir.blacknight.ie>
	<488724FB.1000607@hiof.no>
Message-ID: 

on 7-23-2008 5:32 AM Nils Olav Brandstorp Bekken spake the following:
> Since the updates for 4.65 is gone, I'm looking for
> an alternative. Our systems (Debian Etch) and MailScanner
> doesn't seem very happy with the F-Secure 5 version, and I'm not sure if 
> F-Secure 7 is supported yet. (It scans and find infected email, but
> they're delivered anyway)
> 
> I've tried Clamav but I'm not sure about how frequently
> it is updated.
> 
> So if anyone can recommend an antivirus scanner
> that I dont need to install the entire Debian repository
> to get working, I would appreciate it. (I dont like to
> waste cpu and memory on X and friends so I would prefer
> command-line)
> 
> I'm thinking of installing MailScanner from source as
> the Debian package in Etch is a little bit "outdated" ;-)
> 
> Thanks in advance.
> 
> Nils.
I see multiple clam updates every day but sunday. Sometimes 8 or 10 in a 24 
hour period. And MailScanner tries to update any "recognized" virus scanner 
every hour.
I have McAfee, BitDefender, and Clam, and Clam catches everything while the 
others sometimes miss things. The Clam sane security signatures catch a lot of 
phishing and bank fraud type of junk. I only run the others just in case clam 
gets a hosed signature by accident and chokes.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/d68a6c56/signature.bin
From ssilva at sgvwater.com  Wed Jul 23 22:51:33 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul 23 22:55:10 2008
Subject: If virus, don't scan with SA
In-Reply-To: <43F62CA225017044BC84CFAF92B4333B01E11D@sbsserver.Techquility.net>
References: <43F62CA225017044BC84CFAF92B4333B01E11D@sbsserver.Techquility.net>
Message-ID: 

on 7-23-2008 12:59 PM Chris Barber spake the following:
> Hi All,
> 
> I was wondering if the following is possible with MS:
> 
> If a message can be virus scanned first, and it found to be a virus, can
> SA scanning be skipped?
> 
> The reason I ask is that I use the sanesecurity signatures for clamav.
> If sanesecurity says it is spam/phish/etc then no need for SA processing
> taking up resources. 
> 
> On a side note, to date I have never had a false positive with these
> signatures.
> 
> Thanks much,
> Chris
> 
If you want to virus scan first, run a milter. That way you can drop it at the 
smtp phase.
Personally, I have had false positives with the sane sigs, but it has been 
when they posted a bad signature, and they fixed it quickly.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/51015574/signature.bin
From cbarber at techquility.net  Wed Jul 23 23:34:39 2008
From: cbarber at techquility.net (Chris Barber)
Date: Wed Jul 23 23:35:06 2008
Subject: If virus, don't scan with SA
In-Reply-To: 
References: <43F62CA225017044BC84CFAF92B4333B01E11D@sbsserver.Techquility.net>
	
Message-ID: <43F62CA225017044BC84CFAF92B4333B035B37@sbsserver.Techquility.net>

on 7-23-2008 12:59 PM Chris Barber spake the following:
> Hi All,
> 
> I was wondering if the following is possible with MS:
> 
> If a message can be virus scanned first, and it found to be a virus, 
> can SA scanning be skipped?
> 
> The reason I ask is that I use the sanesecurity signatures for clamav.
> If sanesecurity says it is spam/phish/etc then no need for SA 
> processing taking up resources.
> 
> On a side note, to date I have never had a false positive with these 
> signatures.
> 
> Thanks much,
> Chris
> 
If you want to virus scan first, run a milter. That way you can drop it at the smtp phase.
Personally, I have had false positives with the sane sigs, but it has been when they posted a bad signature, and they fixed it quickly.


That is not a bad idea using a milter. Only issue is that I use MailWatch with daily reports, users like to see that viruses are being blocked. I'll have to think about this one.
Thanks
From kc5goi at gmail.com  Wed Jul 23 23:47:35 2008
From: kc5goi at gmail.com (Guy Story KC5GOI)
Date: Wed Jul 23 23:47:46 2008
Subject: Google gmail
In-Reply-To: <48874738.60202@sendit.nodak.edu>
References: 	<48870A64.2080403@farrows.org>		<48872DB9.8070503@sendit.nodak.edu>	<488731EA.4050506@farrows.org>
	<48874738.60202@sendit.nodak.edu>
Message-ID: <4887B507.60107@kc5goi.net>

Richard Frovarp wrote:
> Peter Farrow wrote:
>> Richard Frovarp wrote:
>>> Marco mangione wrote:
>>>> uhm.. and what do you suggest for greylisting? gmail have too much 
>>>> server that reply...
>>>
>>> Don't greylist google. You can't trust blacklists containing Google, 
>>> so the delay is of no help there. You know that google is going to 
>>> retry again, as they have proper SMTPs. I don't know that there is 
>>> much purpose in greylisting them.
>> Well, get the IP range and blacklist  it.    My experience of 
>> googlemail is cheap/nasty/spammy, to be avoided, anyone who uses it 
>> for business purposes isn't serious about business...
>>
>> Just my pennies worth.
>>
>> Pete
>>
> Um, okay. Customers using gmail are still customers. I'm also pretty 
> certain that not every piece of mail coming in is business only. I 
> would never use it as my business email. However, I do use it to 
> contact businesses as my work, school, and apache accounts are for 
> those uses.
Richard, I have the same concerns about the spam issue but I understand 
your viewpoint about customers.   I personally would use the whitelist 
file and add the domain.  It will force a dns look up but you will not 
have to worry about the IP addresses.

Guy
From ssilva at sgvwater.com  Wed Jul 23 23:56:35 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul 23 23:56:22 2008
Subject: If virus, don't scan with SA
In-Reply-To: <43F62CA225017044BC84CFAF92B4333B035B37@sbsserver.Techquility.net>
References: <43F62CA225017044BC84CFAF92B4333B01E11D@sbsserver.Techquility.net>	
	<43F62CA225017044BC84CFAF92B4333B035B37@sbsserver.Techquility.net>
Message-ID: 

on 7-23-2008 3:34 PM Chris Barber spake the following:
> on 7-23-2008 12:59 PM Chris Barber spake the following:
>> Hi All,
>>
>> I was wondering if the following is possible with MS:
>>
>> If a message can be virus scanned first, and it found to be a virus, 
>> can SA scanning be skipped?
>>
>> The reason I ask is that I use the sanesecurity signatures for clamav.
>> If sanesecurity says it is spam/phish/etc then no need for SA 
>> processing taking up resources.
>>
>> On a side note, to date I have never had a false positive with these 
>> signatures.
>>
>> Thanks much,
>> Chris
>>
> If you want to virus scan first, run a milter. That way you can drop it at the smtp phase.
> Personally, I have had false positives with the sane sigs, but it has been when they posted a bad signature, and they fixed it quickly.
> 
> 
> That is not a bad idea using a milter. Only issue is that I use MailWatch with daily reports, users like to see that viruses are being blocked. I'll have to think about this one.
> Thanks
> 
You can't really do it in mailscanner, since it scans in batches and it is 
hard to control if spams and viruses are mixed in a batch. Here at least, the 
percentage of things that hit the sane sigs is small as a percentage of total 
spam. So having 1% or less of your spam get skipped is not that big of a deal. 
Maybe you could run messages through a milter like mimedefang and just add a 
header. Then you could use a custom function to not scan those messages. But 
it is a lot of work for a small return.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080723/309ce00d/signature.bin
From peter at farrows.org  Thu Jul 24 00:23:28 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 24 00:23:56 2008
Subject: Google gmail
In-Reply-To: <200807231831.m6NIVvDH013179@mxt.1bigthink.com>
References: 	<48870A64.2080403@farrows.org>		<20080723121430.10301b77@scorpio>
	<4887715B.6010506@farrows.org>
	<200807231831.m6NIVvDH013179@mxt.1bigthink.com>
Message-ID: <4887BD70.5060807@farrows.org>


> At 01:58 PM 7/23/2008, you wrote:
>
>
>> Gerard wrote:
>>>
>>> On Wed, 23 Jul 2008 13:08:02 +0200
>>> "Marco mangione"
>>>
>>>   wrote:
>>>
>>>  
>>>       
>>>>
>>>> uhm.. and what do you suggest for greylisting? gmail have too much
>>>> server that reply...
>>>>    
>>>>         
>>>
>>> Would you please hit the 'plain-text' button when replying from GMail.
>>> This HTML crap is a real PIA. You might also consider losing the
>>> 'top-posting' habit as well.
>>>
>>> Unfortunately, doing a scorched earth policy regarding GMail might
>>> result in unexpected consequences. How much SPAM from GMail is actually
>>> getting past your filters anyway?
>>>
>>>   
>> Get with program this is the 21st Century, I don't have any issues 
>> with html, and can work from a top posted reply  too.
>>
>> You could always ask him to send it written in crayon on piece of 
>> papyrus strapped to a pigeons leg.....
>>
>> :-)
>
> The Apache group would give HTML replies a score toward spam. 
> Yesterday, had someone posting with a bad MX record and HTML. The HTML 
> set him over the threshold and got him blocked.
>
> Cheers!
> --
That would be a flase positive then,  if html emails give you false 
positives, your scoring stratgey needs modification...

-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/09aa4630/attachment-0001.html
From tenderby at mailwash.com.au  Thu Jul 24 04:16:20 2008
From: tenderby at mailwash.com.au (Tony Enderby)
Date: Thu Jul 24 04:16:41 2008
Subject: Cannot match against destination IP address when resolving
 configuration option "virusscan"
Message-ID: <4887F404.3040005@mailwash.com.au>

Hi All, have just started to see this in the logs with the latest Beta 
after tailing the logs.

Could anyone shed some light on what may be causing it?

Thanks in advance.

Tony.

-----------------------------------------------------------------------------------
Scanned by MailWash Australia - http://www.mailwash.com.au
-----------------------------------------------------------------------------------

From peter at farrows.org  Thu Jul 24 09:24:07 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 24 09:24:33 2008
Subject: Canadian pharmacy
Message-ID: <48883C27.3030502@farrows.org>

Hi There,

The *only* spam getting through our MailScanner setup is simple one 
liner drug spam that links eventually to Canadian Pharmacy via a 
redirect, one user is getting just a couple every few days, which seems 
to be more annoying for him that being flooded with them because he 
notices it more.

Usually the link is via imageshack or some other blog type site.

If you follow the link in Explorer it eventually ends up at one of the 
hundreds of Canadian Pharmacy urls.

If you "wget" the link you get a temporarily unavailable message because 
the site checks the user agent,

but if you set the user agent sting you get the site, for example:

wget -U "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 
1.1.4322)" http://onlinedrugwin.com

Has any one written a plugin for MailScanner or does such a Sendmail 
Milter exist that could go to these urls and then pipe it through spam 
assassin, or is there a blacklist of known spam urls like the phishing 
urls...

Any help greatly appreciated.

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From MailScanner at ecs.soton.ac.uk  Thu Jul 24 09:27:15 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul 24 09:27:45 2008
Subject: Whitelisted or Not?
In-Reply-To: 
References: 
	
Message-ID: <48883CE3.2000605@ecs.soton.ac.uk>



Denis Beauchemin wrote:
> Mogens Melander a ?crit :
>> Hi list
>>
>> I just recieved a mail, from a whitelisted sender, containing
>> only a gif image. The image is ok, but i was curious about
>> the MCP and SA reports. MCP _always_ report score=0 unless
>> the required=5 is reached. Why don't i get the full MCP report,
>> as i do with SA ? I'm probably missing something basic :)
>>
>> Both MCP and SA report whitelisted, but SA is close to hitting
>> the required=5 spamscore. What will happen is it scores above
>> the required 5? Will the mail be allowed to pass as whitelisted, or ???
>>
>> Any clues, anybody?
>>
>> Here's the headers in question:
>>
>> X-TIT-GPH-MailScanner: Found to be clean
>> X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean (MCP-Whitelisted),
>> MCP-Checker (score=0, required 5)
>> X-TIT-GPH-MailScanner-SpamCheck: not spam (whitelisted),
>> SpamAssassin (not cached, score=4.774, required 5, AWL -3.33,
>> BAYES_00 -1.00, DC_IMG_HTML_RATIO 1.00, DC_IMG_TEXT_RATIO 1.00,
>> HTML_IMAGE_ONLY_04 2.04, HTML_MESSAGE 0.00,
>> HTML_MIME_NO_HTML_TAG 0.10, MIME_HTML_ONLY 1.46,
>> MISSING_HEADERS 1.29, SPF_PASS -0.00, TVD_SPACE_RATIO 2.22)
>>   
>
> Mogens,
>
> I don't know about MCP (don't use it), but if there is a rule in MS to 
> whitelist an email il will be whitelisted even if it gets a huge SA 
> score. Thus it will be delivered.
The only time the whitelisting (if you have done it with my default 
example spam.whitelist.rules) will be over-ridden is if it has lots and 
lots of recipients (as set by the "Ignore Spam Whitelist If Recipients 
Exceed = 20" in MailScanner.conf).

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul 24 09:30:01 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul 24 09:30:41 2008
Subject: If virus, don't scan with SA
In-Reply-To: 
References: 
Message-ID: <48883D89.4020406@ecs.soton.ac.uk>



Chris Barber wrote:
> Hi All,
>
> I was wondering if the following is possible with MS:
>
> If a message can be virus scanned first, and it found to be a virus, can
> SA scanning be skipped?
>   
No.
> The reason I ask is that I use the sanesecurity signatures for clamav.
> If sanesecurity says it is spam/phish/etc then no need for SA processing
> taking up resources. 
>   
The reason I haven't tried to implement it is that viruses (incl what 
sanesecurity finds) are a very small percentage of your total mail 
volume. Probably 2 or 3% at a guess. So it wouldn't actually make any 
noticeable difference to your MailScanner server load.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul 24 09:32:29 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul 24 09:32:52 2008
Subject: Cannot match against destination IP address when resolving
 configuration option "virusscan"
In-Reply-To: 
References: 
Message-ID: <48883E1D.6000206@ecs.soton.ac.uk>



Tony Enderby wrote:
> Hi All, have just started to see this in the logs with the latest Beta 
> after tailing the logs.
You would have got the same error with version 4.00.1.
>
> Could anyone shed some light on what may be causing it?
Due to the way mail delivery works, you don't know the destination IP 
until you have actually already started to deliver the message to it. 
And that is way too late to change the message. So it simply cannot be 
done, not by MailScanner nor anyone else, unless they did the SMTP for 
you to the target server. MailScanner doesn't do SMTP service at all, 
there are already some very good programs out there for doing that (your 
MTA), and I don't believe in re-inventing the wheel :-)

So sorry, but there is simply no way this can be done.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Hostmaster at computerservicecentre.com  Thu Jul 24 09:34:54 2008
From: Hostmaster at computerservicecentre.com (Hostmaster)
Date: Thu Jul 24 09:35:08 2008
Subject: Canadian pharmacy
In-Reply-To: <48883C27.3030502@farrows.org>
References: <48883C27.3030502@farrows.org>
Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7FA3@commssrv01.computerservicecentre.com>

>Has any one written a plugin for MailScanner or does such a Sendmail 
>Milter exist that could go to these urls and then pipe it through spam 
>assassin, or is there a blacklist of known spam urls like the phishing 
>urls...

You might want to take a look at SURBL:
http://www.surbl.org/


--
Best Regards, 
Richard Garner (A+, N+, AMBCS, MOS-O) 
Hostmaster 
Computer Service Centre 
web???? http://www.computerservicecentre.com? 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From ms-list at alexb.ch  Thu Jul 24 09:53:46 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jul 24 09:53:59 2008
Subject: Canadian pharmacy
In-Reply-To: <48883C27.3030502@farrows.org>
References: <48883C27.3030502@farrows.org>
Message-ID: <4888431A.1090404@alexb.ch>

On 7/24/2008 10:24 AM, Peter Farrow wrote:
> Hi There,
> 
> The *only* spam getting through our MailScanner setup is simple one 
> liner drug spam that links eventually to Canadian Pharmacy via a 
> redirect, one user is getting just a couple every few days, which seems 
> to be more annoying for him that being flooded with them because he 
> notices it more.
> 
> Usually the link is via imageshack or some other blog type site.
> 
> If you follow the link in Explorer it eventually ends up at one of the 
> hundreds of Canadian Pharmacy urls.
> 
> If you "wget" the link you get a temporarily unavailable message because 
> the site checks the user agent,
> 
> but if you set the user agent sting you get the site, for example:
> 
> wget -U "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 
> 1.1.4322)" http://onlinedrugwin.com
> 
> Has any one written a plugin for MailScanner or does such a Sendmail 
> Milter exist that could go to these urls and then pipe it through spam 
> assassin, or is there a blacklist of known spam urls like the phishing 
> urls...

http://uribl.com (accepts URI submissions via web form)
http://surbl.org (no public submissions)

Alex




From prandal at herefordshire.gov.uk  Thu Jul 24 10:21:09 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 10:21:25 2008
Subject: If virus, don't scan with SA
In-Reply-To: <48883D89.4020406@ecs.soton.ac.uk>
References: 
	<48883D89.4020406@ecs.soton.ac.uk>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk>

There is another very good reason for not bothering to micro-optimi[sz]e
this.

If you're scanning your viruses with spamassassin there's a good chance
they'll be auto-learned as spam.  So when the phishing attack is mutated
to avoid existing signatures Bayes can still get them.

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 24 July 2008 09:30
To: MailScanner discussion
Subject: Re: If virus, don't scan with SA

The reason I haven't tried to implement it is that viruses (incl what
sanesecurity finds) are a very small percentage of your total mail
volume. Probably 2 or 3% at a guess. So it wouldn't actually make any
noticeable difference to your MailScanner server load.

Jules
From martyn at invictawiz.com  Thu Jul 24 10:36:41 2008
From: martyn at invictawiz.com (Martyn Routley)
Date: Thu Jul 24 10:36:51 2008
Subject: Messagelabs
Message-ID: <48884D29.5040908@invictawiz.com>

Here's a wide open question.

Is it safe to whitelist the messagelabs.com mail servers?

How much do you all trust them?

-- 

Martyn Routley

From peter at farrows.org  Thu Jul 24 10:57:56 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 24 10:58:20 2008
Subject: Messagelabs
In-Reply-To: <48884D29.5040908@invictawiz.com>
References: <48884D29.5040908@invictawiz.com>
Message-ID: <48885224.2000900@farrows.org>



Martyn Routley wrote:
> Here's a wide open question.
>
> Is it safe to whitelist the messagelabs.com mail servers?
>
> How much do you all trust them?
>
Since they don't handle greylisting properly I whitelist them for 
greylisting purposes, other than that no way would I whitelist them....

They have had serveral notable high profile "breaches" in their history, 
and they pass some spam...

So "no" would be my answer.

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From prandal at herefordshire.gov.uk  Thu Jul 24 14:18:11 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 14:18:29 2008
Subject: {Spam?} New Trojan
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>

Folks, there's a new trojan being bulk spammed.

Block the attachment Tax_Invoice.zip if you can.

Body text is similar to:

"Good day,

We have received a parcel for you, sent from France on July 9. Please
fill
out the customs declaration attached to this message and send it to us
by
mail or fax. The address and the fax number are at the bottom of the
declaration form.

Kind regards,
Stephen Kenney
Your Customs Service"

Very few detect it but we're seeing hundreds already.

Phil


--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-------------- next part --------------
New Trojan
Folks, there's a new trojan being bulk spammed.
Block the attachment Tax_Invoice.zip if you can.
Body text is similar to:
"
Good day,
We have received a parcel for you, sent from France on July 9. Please fill
out the customs declaration attached to this message and send it to us by
mail or fax. The address and the fax number are at the bottom of the
declaration form.
Kind regards,
Stephen Kenney
Your Customs Service
"
Very few detect it but we're seeing hundreds already.
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
From martinh at solidstatelogic.com  Thu Jul 24 14:24:47 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jul 24 14:25:01 2008
Subject: New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
Message-ID: 

Phil

Blocking exe's works for us ;-)

Varient of the UPS parcel virus that's been going around. Looks like the malware writers maybe going back to email.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Randal, Phil
> Sent: 24 July 2008 14:18
> To: mailscanner@lists.mailscanner.info
> Subject: {Spam?} New Trojan
>
> New Trojan
> Folks, there's a new trojan being bulk spammed.
> Block the attachment Tax_Invoice.zip if you can.
> Body text is similar to:
> "
> Good day,
> We have received a parcel for you, sent from France on July
> 9. Please fill out the customs declaration attached to this
> message and send it to us by mail or fax. The address and the
> fax number are at the bottom of the declaration form.
> Kind regards,
> Stephen Kenney
> Your Customs Service
> "
> Very few detect it but we're seeing hundreds already.
> Phil
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From ka at pacific.net  Thu Jul 24 14:34:00 2008
From: ka at pacific.net (Ken A)
Date: Thu Jul 24 14:34:15 2008
Subject: Canadian pharmacy
In-Reply-To: <48883C27.3030502@farrows.org>
References: <48883C27.3030502@farrows.org>
Message-ID: <488884C8.6040500@pacific.net>

Peter Farrow wrote:
> Hi There,
> 
> The *only* spam getting through our MailScanner setup is simple one 
> liner drug spam that links eventually to Canadian Pharmacy via a 
> redirect, one user is getting just a couple every few days, which seems 
> to be more annoying for him that being flooded with them because he 
> notices it more.
> 
> Usually the link is via imageshack or some other blog type site.
> 
> If you follow the link in Explorer it eventually ends up at one of the 
> hundreds of Canadian Pharmacy urls.
> 
> If you "wget" the link you get a temporarily unavailable message because 
> the site checks the user agent,
> 
> but if you set the user agent sting you get the site, for example:
> 
> wget -U "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 
> 1.1.4322)" http://onlinedrugwin.com
> 
> Has any one written a plugin for MailScanner or does such a Sendmail 
> Milter exist that could go to these urls and then pipe it through spam 
> assassin, or is there a blacklist of known spam urls like the phishing 
> urls...

SA should already be checking URI blacklists.

milter-link can also check the uris found in spam against uribl and 
surbl. It can react to a broken link, but it won't check remote page 
content. That could be a bit dangerous.

Ken
Pacific.Net


> 
> Any help greatly appreciated.
> 
> Pete
> 
> 


-- 
Ken Anderson
Pacific.Net

From Hostmaster at computerservicecentre.com  Thu Jul 24 14:34:43 2008
From: Hostmaster at computerservicecentre.com (Hostmaster)
Date: Thu Jul 24 14:35:09 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7FBC@commssrv01.computerservicecentre.com>

>Varient of the UPS parcel virus that's been going around. Looks like the
malware writers maybe going back to email.

Please also note that these are also flying round in zip format, precisely the
same as the UPS ones.
--
Best Regards, 
Richard Garner (A+, N+, AMBCS, MOS-O) 
Hostmaster 
Computer Service Centre 
web     http://www.computerservicecentre.com  
From prandal at herefordshire.gov.uk  Thu Jul 24 14:42:45 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 14:43:09 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0447060C@HC-MBX02.herefordshire.gov.uk>

I'll block all .exes under all circumstances if I was the supreme
commander of this organisation.

But I'm not.

Just thought I'd mention it in case there were others who don't block
.exes in .zip files.

Forefront and Antigen will catch it.

Microsoft, first for a change!  *faints*

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: 24 July 2008 14:25
To: MailScanner discussion
Subject: RE: New Trojan

Phil

Blocking exe's works for us ;-)

Varient of the UPS parcel virus that's been going around. Looks like the
malware writers maybe going back to email.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
> Randal, Phil
> Sent: 24 July 2008 14:18
> To: mailscanner@lists.mailscanner.info
> Subject: {Spam?} New Trojan
>
> New Trojan
> Folks, there's a new trojan being bulk spammed.
> Block the attachment Tax_Invoice.zip if you can.
> Body text is similar to:
> "
> Good day,
> We have received a parcel for you, sent from France on July 9. Please 
> fill out the customs declaration attached to this message and send it 
> to us by mail or fax. The address and the fax number are at the bottom

> of the declaration form.
> Kind regards,
> Stephen Kenney
> Your Customs Service
> "
> Very few detect it but we're seeing hundreds already.
> Phil
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error you
must take no action based on them, nor must you copy or show them to
anyone. Please advise the sender by replying to this e-mail immediately
and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales (Company
No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5
1RU, United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From prandal at herefordshire.gov.uk  Thu Jul 24 14:46:59 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 14:47:23 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>

ClamAV have just released 7811 which catches it.

Phil 


--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: 24 July 2008 14:25
To: MailScanner discussion
Subject: RE: New Trojan

Phil

Blocking exe's works for us ;-)

Varient of the UPS parcel virus that's been going around. Looks like the
malware writers maybe going back to email.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
> Randal, Phil
> Sent: 24 July 2008 14:18
> To: mailscanner@lists.mailscanner.info
> Subject: {Spam?} New Trojan
>
> New Trojan
> Folks, there's a new trojan being bulk spammed.
> Block the attachment Tax_Invoice.zip if you can.
> Body text is similar to:
> "
> Good day,
> We have received a parcel for you, sent from France on July 9. Please 
> fill out the customs declaration attached to this message and send it 
> to us by mail or fax. The address and the fax number are at the bottom

> of the declaration form.
> Kind regards,
> Stephen Kenney
> Your Customs Service
> "
> Very few detect it but we're seeing hundreds already.
> Phil
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error you
must take no action based on them, nor must you copy or show them to
anyone. Please advise the sender by replying to this e-mail immediately
and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales (Company
No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5
1RU, United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From a.peacock at chime.ucl.ac.uk  Thu Jul 24 14:54:16 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 24 14:54:27 2008
Subject: New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	
	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
Message-ID: <48888988.2020809@chime.ucl.ac.uk>

Randal, Phil wrote:
> ClamAV have just released 7811 which catches it.

Sophos has been detecting it for a fews days now.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From prandal at herefordshire.gov.uk  Thu Jul 24 15:01:45 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 15:02:04 2008
Subject: New Trojan
In-Reply-To: <48888988.2020809@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
	<48888988.2020809@chime.ucl.ac.uk>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>

Not according to VirusTotal!

ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.

Cheers,

Phil 


--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony
Peacock
Sent: 24 July 2008 14:54
To: MailScanner discussion
Subject: Re: New Trojan

Randal, Phil wrote:
> ClamAV have just released 7811 which catches it.

Sophos has been detecting it for a fews days now.

--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From mcornes at loreto.ac.uk  Thu Jul 24 15:05:30 2008
From: mcornes at loreto.ac.uk (Mark)
Date: Thu Jul 24 15:05:39 2008
Subject: New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
Message-ID: 

Time to run
#sudo freshclam

me thinks!


On 24/07/2008 14:46, "Randal, Phil"  wrote:

> ClamAV have just released 7811 which catches it.
> 
> Phil 
> 
> 
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Martin.Hepworth
> Sent: 24 July 2008 14:25
> To: MailScanner discussion
> Subject: RE: New Trojan
> 
> Phil
> 
> Blocking exe's works for us ;-)
> 
> Varient of the UPS parcel virus that's been going around. Looks like the
> malware writers maybe going back to email.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>> Randal, Phil
>> Sent: 24 July 2008 14:18
>> To: mailscanner@lists.mailscanner.info
>> Subject: {Spam?} New Trojan
>> 
>> New Trojan
>> Folks, there's a new trojan being bulk spammed.
>> Block the attachment Tax_Invoice.zip if you can.
>> Body text is similar to:
>> "
>> Good day,
>> We have received a parcel for you, sent from France on July 9. Please
>> fill out the customs declaration attached to this message and send it
>> to us by mail or fax. The address and the fax number are at the bottom
> 
>> of the declaration form.
>> Kind regards,
>> Stephen Kenney
>> Your Customs Service
>> "
>> Very few detect it but we're seeing hundreds already.
>> Phil
>> --
>> Phil Randal
>> Networks Engineer
>> Herefordshire Council
>> Hereford, UK
>> 
> 
> 
> 
> 
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error you
> must take no action based on them, nor must you copy or show them to
> anyone. Please advise the sender by replying to this e-mail immediately
> and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales (Company
> No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5
> 1RU, United Kingdom
> **********************************************************************
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From a.peacock at chime.ucl.ac.uk  Thu Jul 24 15:18:55 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 24 15:19:09 2008
Subject: New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
Message-ID: <48888F4F.7090900@chime.ucl.ac.uk>

Randal, Phil wrote:
> Not according to VirusTotal!
> 
> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.

OK, it may have morphed, but Sophos has been detecting something in the 
UPS invoice zip files, which clamav didn't since the weekend.

"The following e-mails were found to have: Virus Detected

     Sender: tequilas25@hotmail.com
IP Address: 75.147.196.1
  Recipient: ecits-enquiries@chime.ucl.ac.uk, ecm-support@chime.ucl.ac.uk
    Subject: UPS Tracking Number 7282167863
  MessageID: m6M1QGRq014777
Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
     Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by 
Troj/Agent-HFZ"

As I say, I have no way of knowing if this is the same thing as what you 
are seeing, but Sophos detected it and clamav didn't, and it was coming 
in similar emails to those you are describing.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From prandal at herefordshire.gov.uk  Thu Jul 24 15:28:09 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 24 15:28:24 2008
Subject: New Trojan
In-Reply-To: <48888F4F.7090900@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
	<48888F4F.7090900@chime.ucl.ac.uk>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0447062F@HC-MBX02.herefordshire.gov.uk>

Different trojan, which ClamAv has been catching for days.

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony
Peacock
Sent: 24 July 2008 15:19
To: MailScanner discussion
Subject: Re: New Trojan

Randal, Phil wrote:
> Not according to VirusTotal!
> 
> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.

OK, it may have morphed, but Sophos has been detecting something in the
UPS invoice zip files, which clamav didn't since the weekend.

"The following e-mails were found to have: Virus Detected

     Sender: tequilas25@hotmail.com
IP Address: 75.147.196.1
  Recipient: ecits-enquiries@chime.ucl.ac.uk,
ecm-support@chime.ucl.ac.uk
    Subject: UPS Tracking Number 7282167863
  MessageID: m6M1QGRq014777
Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
     Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by
Troj/Agent-HFZ"

As I say, I have no way of knowing if this is the same thing as what you
are seeing, but Sophos detected it and clamav didn't, and it was coming
in similar emails to those you are describing.

--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From mcornes at loreto.ac.uk  Thu Jul 24 15:28:28 2008
From: mcornes at loreto.ac.uk (Mark)
Date: Thu Jul 24 15:28:40 2008
Subject: New Trojan
In-Reply-To: <48888988.2020809@chime.ucl.ac.uk>
Message-ID: 

And right after I updated clam to detect it it caught two. There had been
three others already but they had such high spam ratings already they had
been quarantined already.

M


On 24/07/2008 14:54, "Anthony Peacock"  wrote:

> Randal, Phil wrote:
>> ClamAV have just released 7811 which catches it.
> 
> Sophos has been detecting it for a fews days now.

From a.peacock at chime.ucl.ac.uk  Thu Jul 24 15:34:45 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 24 15:34:57 2008
Subject: New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0447062F@HC-MBX02.herefordshire.gov.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447062F@HC-MBX02.herefordshire.gov.uk>
Message-ID: <48889305.7030100@chime.ucl.ac.uk>

Randal, Phil wrote:
> Different trojan, which ClamAv has been catching for days.

Ahh! OK!  I haven't yet seen any of the ones you are describing.



> 
> Cheers,
> 
> Phil
> 
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony
> Peacock
> Sent: 24 July 2008 15:19
> To: MailScanner discussion
> Subject: Re: New Trojan
> 
> Randal, Phil wrote:
>> Not according to VirusTotal!
>>
>> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
> 
> OK, it may have morphed, but Sophos has been detecting something in the
> UPS invoice zip files, which clamav didn't since the weekend.
> 
> "The following e-mails were found to have: Virus Detected
> 
>      Sender: tequilas25@hotmail.com
> IP Address: 75.147.196.1
>   Recipient: ecits-enquiries@chime.ucl.ac.uk,
> ecm-support@chime.ucl.ac.uk
>     Subject: UPS Tracking Number 7282167863
>   MessageID: m6M1QGRq014777
> Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
>      Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by
> Troj/Agent-HFZ"
> 
> As I say, I have no way of knowing if this is the same thing as what you
> are seeing, but Sophos detected it and clamav didn't, and it was coming
> in similar emails to those you are describing.
> 
> --
> Anthony Peacock
> CHIME, Royal Free & University College Medical School
> WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
> Study Health Informatics - Modular Postgraduate Degree
> http://www.chime.ucl.ac.uk/study-health-informatics/
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From a.peacock at chime.ucl.ac.uk  Thu Jul 24 15:47:08 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 24 15:47:22 2008
Subject: New Trojan
In-Reply-To: <48889305.7030100@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447062F@HC-MBX02.herefordshire.gov.uk>
	<48889305.7030100@chime.ucl.ac.uk>
Message-ID: <488895EC.6030404@chime.ucl.ac.uk>

Anthony Peacock wrote:
> Randal, Phil wrote:
>> Different trojan, which ClamAv has been catching for days.
> 
> Ahh! OK!  I haven't yet seen any of the ones you are describing.

And 5 minutes after sending that email, a user walks in to say they have 
double clicked an attachment and now their computer is doing weird 
things.  Doh!



-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From ajcartmell at fonant.com  Thu Jul 24 15:58:30 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Thu Jul 24 15:58:37 2008
Subject: New Trojan
In-Reply-To: <48888F4F.7090900@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
	<48888988.2020809@chime.ucl.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
	<48888F4F.7090900@chime.ucl.ac.uk>
Message-ID: 

>> Not according to VirusTotal!
>>  ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
>
> OK, it may have morphed, but Sophos has been detecting something in the  
> UPS invoice zip files, which clamav didn't since the weekend.

It seems to be morphing quite a bit, and clamav has had several more  
updates: I'm seeing 7814 at the mo.

Anthony
-- 
www.fonant.com - Quality web sites
From paul.hutchings at mira.co.uk  Thu Jul 24 16:06:50 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Thu Jul 24 16:07:02 2008
Subject: New Trojan
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk><7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk><48888988.2020809@chime.ucl.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk><48888F4F.7090900@chime.ucl.ac.uk>
	
Message-ID: 

It's been morphing quite a lot.  We noticed it coming in yesterday, the Trend on our Exchange ignored it as did Clam on MailScanner, various other engines did find it, each giving it a different name, and it's been a similar pattern for the last day or so with it morphing.

It's been an interesting experience for me actually as one of our renewals is up in a month or two and seeing the response times of various vendors has been an education.

Cheers,

Paul

Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:paul.hutchings@mira.co.uk

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell
Sent: 24 July 2008 15:59
To: MailScanner discussion
Subject: Re: New Trojan

>> Not according to VirusTotal!
>>  ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
>
> OK, it may have morphed, but Sophos has been detecting something in the  
> UPS invoice zip files, which clamav didn't since the weekend.

It seems to be morphing quite a bit, and clamav has had several more  
updates: I'm seeing 7814 at the mo.

Anthony
-- 
www.fonant.com - Quality web sites
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From ms-list at alexb.ch  Thu Jul 24 16:23:06 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jul 24 16:23:19 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>
	
Message-ID: <48889E5A.2040803@alexb.ch>

On 7/24/2008 4:58 PM, Anthony Cartmell wrote:
>>> Not according to VirusTotal!
>>>  ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
>>
>> OK, it may have morphed, but Sophos has been detecting something in 
>> the UPS invoice zip files, which clamav didn't since the weekend.
> 
> It seems to be morphing quite a bit, and clamav has had several more 
> updates: I'm seeing 7814 at the mo.
> 

are the file names consistent?

if yes, a SA mimeheader header rule can do the magic

From martinh at solidstatelogic.com  Thu Jul 24 16:56:06 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jul 24 16:56:21 2008
Subject: New Trojan
In-Reply-To: <48889E5A.2040803@alexb.ch>
Message-ID: <713fc62384633b498a5f9e007b11bd0a@solidstatelogic.com>

Coming in thick and fast here...well relatively 4 an hour when we'd normally 4 viruses a week max in last few months.

Now migrated to Rechnung______.exe

Which is German for Invoice!

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Alex Broens
> Sent: 24 July 2008 16:23
> To: MailScanner discussion
> Subject: Re: New Trojan
>
> On 7/24/2008 4:58 PM, Anthony Cartmell wrote:
> >>> Not according to VirusTotal!
> >>>  ClamAV, Microsoft, and VBA32 are the only ones which
> dtect my sample.
> >>
> >> OK, it may have morphed, but Sophos has been detecting
> something in
> >> the UPS invoice zip files, which clamav didn't since the weekend.
> >
> > It seems to be morphing quite a bit, and clamav has had several more
> > updates: I'm seeing 7814 at the mo.
> >
>
> are the file names consistent?
>
> if yes, a SA mimeheader header rule can do the magic
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From ajcartmell at fonant.com  Thu Jul 24 17:14:31 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Thu Jul 24 17:14:41 2008
Subject: New Trojan
In-Reply-To: <48889E5A.2040803@alexb.ch>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
	<48888988.2020809@chime.ucl.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
	<48888F4F.7090900@chime.ucl.ac.uk> 
	<48889E5A.2040803@alexb.ch>
Message-ID: 

> are the file names consistent?

Possibly, yes, but I suspect only slightly. The filename in two zip files  
I've seen is

Tax_Invoice_________________________NHHDLS883298792929.exe

Oddly Mailscanner doesn't stop this with .exe filename blocking although I  
have max archive depth set to 3 (so it _should_ extract and inspect the  
zip file contents?).

The unzipped .exe does get blocked as expected.

If I save the nasty carefully to my WinXP machine it appears with a fake  
Word document icon (fake 'cause I use OpenOffice, not Word!).

HTH,

Anthony
-- 
www.fonant.com - Quality web sites
From a.peacock at chime.ucl.ac.uk  Thu Jul 24 17:42:00 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 24 17:42:15 2008
Subject: New Trojan
In-Reply-To: <488895EC.6030404@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447062F@HC-MBX02.herefordshire.gov.uk>	<48889305.7030100@chime.ucl.ac.uk>
	<488895EC.6030404@chime.ucl.ac.uk>
Message-ID: <4888B0D8.4060909@chime.ucl.ac.uk>

Anthony Peacock wrote:
> Anthony Peacock wrote:
>> Randal, Phil wrote:
>>> Different trojan, which ClamAv has been catching for days.
>>
>> Ahh! OK!  I haven't yet seen any of the ones you are describing.
> 
> And 5 minutes after sending that email, a user walks in to say they have 
> double clicked an attachment and now their computer is doing weird 
> things.  Doh!
> 
> 
> 


Looks like Sophos had caught up:

"Quarantine: /var/spool/MailScanner/quarantine/20080724/m6OGcBvL013849
     Report: Clamd: Tax_Invoice.zip was infected: 
./m6OGcBvL013849/Tax_Invoice.zip: Trojan.Zbot-1712 FOUND
             SophosSAVI: Tax_Invoice.zip was infected by Troj/Spy-AT"



-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From hvdkooij at vanderkooij.org  Thu Jul 24 17:45:25 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu Jul 24 17:45:36 2008
Subject: Messagelabs
In-Reply-To: <48884D29.5040908@invictawiz.com>
References: <48884D29.5040908@invictawiz.com>
Message-ID: <4888B1A5.1030508@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martyn Routley wrote:
| Here's a wide open question.
|
| Is it safe to whitelist the messagelabs.com mail servers?
|
| How much do you all trust them?

Hmm. Guess how many messages an average Spam Filter will stop after
MessageLabs? I rather trust Osama.

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIiLGjBvzDRVjxmYERAgPzAJ9GBymsMhm0t6aE7BSlutpKKD1gCgCeJMAV
0Np/JyABq9u7Y4hB+MLuEUg=
=8KUc
-----END PGP SIGNATURE-----
From ssilva at sgvwater.com  Thu Jul 24 17:57:45 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 17:58:33 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>
		<48889E5A.2040803@alexb.ch>
	
Message-ID: 

on 7-24-2008 9:14 AM Anthony Cartmell spake the following:
>> are the file names consistent?
> 
> Possibly, yes, but I suspect only slightly. The filename in two zip 
> files I've seen is
> 
> Tax_Invoice_________________________NHHDLS883298792929.exe
> 
> Oddly Mailscanner doesn't stop this with .exe filename blocking although 
> I have max archive depth set to 3 (so it _should_ extract and inspect 
> the zip file contents?).
> 
> The unzipped .exe does get blocked as expected.
> 
> If I save the nasty carefully to my WinXP machine it appears with a fake 
> Word document icon (fake 'cause I use OpenOffice, not Word!).
> 
> HTH,
> 
> Anthony
I guess the blacklists have been helping me because I haven't seen any. But it 
is early, and now that I said something I will be flooded.  ;-P



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/96532d72/signature.bin
From hvdkooij at vanderkooij.org  Thu Jul 24 18:53:25 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu Jul 24 18:53:35 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>	
	
Message-ID: <4888C195.9040306@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote:

| I guess the blacklists have been helping me because I haven't seen any.
| But it is early, and now that I said something I will be flooded.  ;-P

If that helps to lay your hands on them I might want to claim I have not
yet received a single one of them.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIiMGTBvzDRVjxmYERAr/wAKCvFyxsyZI2LInLZ2hf8l/KRDtu3ACfeyaC
SAJR6fpdwbarTf5utVU0DUg=
=gOdN
-----END PGP SIGNATURE-----
From derek at csolve.net  Thu Jul 24 19:17:34 2008
From: derek at csolve.net (Derek Buttineau)
Date: Thu Jul 24 19:17:44 2008
Subject: New Trojan
In-Reply-To: <4888C195.9040306@vanderkooij.org>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>	
	 <4888C195.9040306@vanderkooij.org>
Message-ID: 


On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Scott Silva wrote:
>
> | I guess the blacklists have been helping me because I haven't seen  
> any.
> | But it is early, and now that I said something I will be  
> flooded.  ;-P
>
> If that helps to lay your hands on them I might want to claim I have  
> not
> yet received a single one of them.
>
> Hugo.
>

We're seeing a ton of them incoming now too, clamav is still not  
detecting them either :(

Derek

From ka at pacific.net  Thu Jul 24 19:33:43 2008
From: ka at pacific.net (Ken A)
Date: Thu Jul 24 19:34:00 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>		
	<4888C195.9040306@vanderkooij.org>
	
Message-ID: <4888CB07.3090802@pacific.net>

Derek Buttineau wrote:
> 
> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Scott Silva wrote:
>>
>> | I guess the blacklists have been helping me because I haven't seen any.
>> | But it is early, and now that I said something I will be flooded.  ;-P
>>
>> If that helps to lay your hands on them I might want to claim I have not
>> yet received a single one of them.
>>
>> Hugo.
>>
> 
> We're seeing a ton of them incoming now too, clamav is still not 
> detecting them either :(
> 
> Derek
> 


What sig file are you running? Daily here is 7815
We are catching them, and have been since sometime yesterday afternoon 
(GMT-7).

Clam calls them as Trojan.Zbot-1711, Trojan.Zbot-1712

Ken

-- 
Ken Anderson
Pacific.Net

From ssilva at sgvwater.com  Thu Jul 24 19:35:15 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 19:36:21 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>		
	<4888C195.9040306@vanderkooij.org>
	
Message-ID: 

on 7-24-2008 11:17 AM Derek Buttineau spake the following:
> 
> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Scott Silva wrote:
>>
>> | I guess the blacklists have been helping me because I haven't seen any.
>> | But it is early, and now that I said something I will be flooded.  ;-P
>>
>> If that helps to lay your hands on them I might want to claim I have not
>> yet received a single one of them.
>>
>> Hugo.
>>
> 
> We're seeing a ton of them incoming now too, clamav is still not 
> detecting them either :(
> 
> Derek
> 
Maybe you could test samples on http://www.virustotal.com/ and report nisses 
to your virus scanner provider.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/71c36432/signature-0001.bin
From ssilva at sgvwater.com  Thu Jul 24 19:47:29 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 19:48:29 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>	
	
Message-ID: 

on 7-24-2008 11:35 AM Scott Silva spake the following:
> on 7-24-2008 11:17 AM Derek Buttineau spake the following:
>>
>> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Scott Silva wrote:
>>>
>>> | I guess the blacklists have been helping me because I haven't seen 
>>> any.
>>> | But it is early, and now that I said something I will be flooded.  ;-P
>>>
>>> If that helps to lay your hands on them I might want to claim I have not
>>> yet received a single one of them.
>>>
>>> Hugo.
>>>
>>
>> We're seeing a ton of them incoming now too, clamav is still not 
>> detecting them either :(
>>
>> Derek
>>
> Maybe you could test samples on http://www.virustotal.com/ and report 
> nisses to your virus scanner provider.
> 
> 
> 
s/nisses/misses...

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/0eec88b6/signature.bin
From derek at csolve.net  Thu Jul 24 19:55:31 2008
From: derek at csolve.net (Derek Buttineau)
Date: Thu Jul 24 19:55:41 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>	
	 
Message-ID: <1B17CC3F-0074-44E1-A1D1-C27B4E586EC3@csolve.net>


On 2008-Jul-24, at 2:47 PM, Scott Silva wrote:
>>>
>> Maybe you could test samples on http://www.virustotal.com/ and  
>> report nisses to your virus scanner provider.
> s/nisses/misses...


:) Thanks, sent in the file.

As for sig file, my daily is showing 7815.  Tested it on 4  
installations of clam all with the same signature and it's not being  
caught.  I do have an earlier one that is though.


--
Regards,

Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc

Phone:  705-725-1212 x255
E-Mail:  derek@csolve.net


From dnsadmin at 1bigthink.com  Thu Jul 24 19:56:17 2008
From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com)
Date: Thu Jul 24 19:56:37 2008
Subject: New Trojan
In-Reply-To: <4888CB07.3090802@pacific.net>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	
	<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>
	<48888988.2020809@chime.ucl.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>
	<48888F4F.7090900@chime.ucl.ac.uk> 
	<48889E5A.2040803@alexb.ch> 
	 <4888C195.9040306@vanderkooij.org>
	
	<4888CB07.3090802@pacific.net>
Message-ID: <200807241856.m6OIuO7d008693@mxt.1bigthink.com>

At 02:33 PM 7/24/2008, you wrote:
>Derek Buttineau wrote:
>>On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Scott Silva wrote:
>>>
>>>| I guess the blacklists have been helping me because I haven't seen any.
>>>| But it is early, and now that I said something I will be flooded.  ;-P
>>>
>>>If that helps to lay your hands on them I might want to claim I have not
>>>yet received a single one of them.
>>>
>>>Hugo.
>>We're seeing a ton of them incoming now too, clamav is still not 
>>detecting them either :(
>>Derek
>
>
>What sig file are you running? Daily here is 7815
>We are catching them, and have been since sometime yesterday 
>afternoon (GMT-7).
>
>Clam calls them as Trojan.Zbot-1711, Trojan.Zbot-1712
>
>Ken

I'm still not catching them with clamscan, I've got 7815 here, too, 
but running ClamAV 0.92.1 and suspect that is why.

Thinking very seriously about upgrade today.

Cheers,
Glenn 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mogens at fumlersoft.dk  Thu Jul 24 19:55:51 2008
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Thu Jul 24 19:56:41 2008
Subject: Whitelisted or Not?
In-Reply-To: <48883CE3.2000605@ecs.soton.ac.uk>
References: 
	
	<48883CE3.2000605@ecs.soton.ac.uk>
Message-ID: 


On Thu, July 24, 2008 10:27, Julian Field wrote:
>
>
> Denis Beauchemin wrote:
>> Mogens Melander a ?crit :
>>> Hi list
>>>
>>> I just recieved a mail, from a whitelisted sender, containing
>>> only a gif image. The image is ok, but i was curious about
>>> the MCP and SA reports. MCP _always_ report score=0 unless
>>> the required=5 is reached. Why don't i get the full MCP report,
>>> as i do with SA ? I'm probably missing something basic :)
>>>
>>> Both MCP and SA report whitelisted, but SA is close to hitting
>>> the required=5 spamscore. What will happen is it scores above
>>> the required 5? Will the mail be allowed to pass as whitelisted, or ???
>>>
>>> Any clues, anybody?
>>>
>>> Here's the headers in question:
>>>
>>> X-TIT-GPH-MailScanner: Found to be clean
>>> X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean (MCP-Whitelisted),
>>> MCP-Checker (score=0, required 5)
>>> X-TIT-GPH-MailScanner-SpamCheck: not spam (whitelisted),
>>> SpamAssassin (not cached, score=4.774, required 5, AWL -3.33,
>>> BAYES_00 -1.00, DC_IMG_HTML_RATIO 1.00, DC_IMG_TEXT_RATIO 1.00,
>>> HTML_IMAGE_ONLY_04 2.04, HTML_MESSAGE 0.00,
>>> HTML_MIME_NO_HTML_TAG 0.10, MIME_HTML_ONLY 1.46,
>>> MISSING_HEADERS 1.29, SPF_PASS -0.00, TVD_SPACE_RATIO 2.22)
>>>
>>
>> Mogens,
>>
>> I don't know about MCP (don't use it), but if there is a rule in MS to
>> whitelist an email il will be whitelisted even if it gets a huge SA
>> score. Thus it will be delivered.
> The only time the whitelisting (if you have done it with my default
> example spam.whitelist.rules) will be over-ridden is if it has lots and
> lots of recipients (as set by the "Ignore Spam Whitelist If Recipients
> Exceed = 20" in MailScanner.conf).

Ok, thanks. Then i'll be safe. Ther's no To: headers, only a some -

  Reccieved: from blabla@sowhere.net For somone@aroundhere.net

Funny enough, there's a Bcc: header, but it's emty.

BTW. How come MCP always report "MCP-Checker (score=0, required 5)", when
the mail is below the 5 point marker ? When i watch maillog, i can see
what rules is hit, when it's above 5.

-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From derek at csolve.net  Thu Jul 24 19:57:07 2008
From: derek at csolve.net (Derek Buttineau)
Date: Thu Jul 24 19:57:16 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>	
	 
Message-ID: <299A9D70-2B15-4210-8AFA-826DF7B959E8@csolve.net>

Oh, in case any one is interested, here's the result from the  
submitted file:

http://www.virustotal.com/analisis/ca9556874de25932246cd491bdc32638


Derek
From mogens at fumlersoft.dk  Thu Jul 24 20:06:47 2008
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Thu Jul 24 20:08:25 2008
Subject: Error after upgrading to ClamAV 0.93.3 via Easy Install
In-Reply-To: <5A3FEF92FC07F34B9EE30C0D13957164ACD2F8@monarchs.dokkenengineering.com
	>
References: <5A3FEF92FC07F34B9EE30C0D13957164ACD2DF@monarchs.dokkenengineering.com>
	<4880E369.4000301@vanderkooij.org>
	<5A3FEF92FC07F34B9EE30C0D13957164ACD2F8@monarchs.dokkenengineering.com>
Message-ID: <747063c96da628f7574efc36807ac6de.squirrel@mail.fumlersoft.dk>


On Fri, July 18, 2008 21:01, Brad Dokken wrote:
> Thanks Hugo! I found two threads in the MailWatch list saying it is
> harmless and ignore it. Also, after reading your message, found a thread
> on this list about disabling AutoCommit. Will keep reading, but looks
> like I'm pointed in the right direction now.
> Brad
>

AUTOCOMMIT is only interresting if you are using a db-engine that supports
transactions. Take a look a mysql/pgsql doc's for indepth coverage.

MySQL "If you are using a transaction-safe storage engine (such as InnoDB, or NDB Cluster),
 you can disable autocommit mode"

-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ka at pacific.net  Thu Jul 24 20:14:23 2008
From: ka at pacific.net (Ken A)
Date: Thu Jul 24 20:14:37 2008
Subject: New Trojan
In-Reply-To: <299A9D70-2B15-4210-8AFA-826DF7B959E8@csolve.net>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>		
	
	<299A9D70-2B15-4210-8AFA-826DF7B959E8@csolve.net>
Message-ID: <4888D48F.7030800@pacific.net>

Derek Buttineau wrote:
> Oh, in case any one is interested, here's the result from the submitted 
> file:
> 
> http://www.virustotal.com/analisis/ca9556874de25932246cd491bdc32638
> 
> 
> Derek

Ah.. interesting. It's a zip file filename="invoice_8712.zip"

We are seeing the Sanesecurity sigs hit that one as 
Email.Malware.Sanesecurity.08072227

So that explains why virustotal said clamav wasn't hitting it.

Ken

-- 
Ken Anderson
Pacific.Net

From ssilva at sgvwater.com  Thu Jul 24 20:25:51 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 20:26:55 2008
Subject: New Trojan
In-Reply-To: <200807241856.m6OIuO7d008693@mxt.1bigthink.com>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>
		<48889E5A.2040803@alexb.ch>
		
	<4888C195.9040306@vanderkooij.org>		<4888CB07.3090802@pacific.net>
	<200807241856.m6OIuO7d008693@mxt.1bigthink.com>
Message-ID: 

on 7-24-2008 11:56 AM dnsadmin 1bigthink.com spake the following:
> At 02:33 PM 7/24/2008, you wrote:
>> Derek Buttineau wrote:
>>> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Scott Silva wrote:
>>>>
>>>> | I guess the blacklists have been helping me because I haven't seen 
>>>> any.
>>>> | But it is early, and now that I said something I will be flooded.  
>>>> ;-P
>>>>
>>>> If that helps to lay your hands on them I might want to claim I have 
>>>> not
>>>> yet received a single one of them.
>>>>
>>>> Hugo.
>>> We're seeing a ton of them incoming now too, clamav is still not 
>>> detecting them either :(
>>> Derek
>>
>>
>> What sig file are you running? Daily here is 7815
>> We are catching them, and have been since sometime yesterday afternoon 
>> (GMT-7).
>>
>> Clam calls them as Trojan.Zbot-1711, Trojan.Zbot-1712
>>
>> Ken
> 
> I'm still not catching them with clamscan, I've got 7815 here, too, but 
> running ClamAV 0.92.1 and suspect that is why.
> 
> Thinking very seriously about upgrade today.
> 
> Cheers,
> Glenn
> 
Clam engines lose functionality the farther out of date they are even though 
the signatures still load. That is why you get those functionality warnings of 
how bad it might be out of date. See http://www.clamav.net/support/faq


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/0e43cd9c/signature.bin
From gugafer51 at gmail.com  Thu Jul 24 22:40:28 2008
From: gugafer51 at gmail.com (Gustavo FC)
Date: Thu Jul 24 22:40:40 2008
Subject: Recipients receives messages from Mailscanner.
Message-ID: <73e0f9580807241440i5f004b8ct6f7211b44bad6d54@mail.gmail.com>

Hi everyone,

The recipients of my network are receiving notifications from Mailscanner.
This occurs when a message is blocked by the rules of the
filename.rules.conf. The content of the notification is the same in
%report-dir%/stored.content.message.txt and the messages` subject  is
modified, adding {Filename?} to the start of the line.

I don`t want the recipients receive this messages. How can I disable this?


My Mailscanner`s version is 4.55.10.

My Mailscanner.conf:

Silent Viruses = HTML-IFrame HTML-Codebase HTML-Script HTML-Form All-Viruses

Still Deliver Silent Viruses = no

Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
%report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report        = %report-dir%/stored.size.message.txt

Notify Senders = no

Spam Actions = store

High Scoring Spam Actions = store


Thanks for your help and I`m sorry for my bad english.

Gustavo F. Carvalho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/073e57e5/attachment.html
From raubvogel at gmail.com  Thu Jul 24 23:05:50 2008
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Thu Jul 24 23:05:58 2008
Subject: Quick envelope_sender_header question
Message-ID: <4888FCBE.6000209@gmail.com>

	I recently decided to add mailscanner to my postfix-based mail server. 
After it was installed and I unleashed it, I decided to

# MailScanner --lint

which gave me only one error message (assuming my domain is mydomain.com):

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-mydomain_com-MailScanner-From


I have defined in MailScanner.conf org-name and org-long-name as

%org-name% = mydomain

%org-long-name% = This is my domain

and, to be on the safe side, I defined envelope_sender_header in 
spam.assassin.prefs.conf to be "mydomain." What am I missing here?
From ssilva at sgvwater.com  Thu Jul 24 23:12:32 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 23:13:00 2008
Subject: Recipients receives messages from Mailscanner.
In-Reply-To: <73e0f9580807241440i5f004b8ct6f7211b44bad6d54@mail.gmail.com>
References: <73e0f9580807241440i5f004b8ct6f7211b44bad6d54@mail.gmail.com>
Message-ID: 

on 7-24-2008 2:40 PM Gustavo FC spake the following:
> Hi everyone,
> 
> The recipients of my network are receiving notifications from 
> Mailscanner. This occurs when a message is blocked by the rules of the 
> filename.rules.conf. The content of the notification is the same in 
> %report-dir%/stored.content.message.txt and the messages` subject  is 
> modified, adding {Filename?} to the start of the line.
> 
> I don`t want the recipients receive this messages. How can I disable this?
> 
> 
> My Mailscanner`s version is 4.55.10. 
> 
This version is so old I'm surprised your mail isn't delivered with dust on 
it. You must be using Debian or Ubuntu and don't know about backports.

Maybe an upgrade will fix some things. Your version is from January of 2006. 
There has been a new stable version almost every month since then.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/ed18d0ad/signature.bin
From itdept at fractalweb.com  Thu Jul 24 23:16:53 2008
From: itdept at fractalweb.com (Chris Yuzik)
Date: Thu Jul 24 23:17:15 2008
Subject: OT: quick question about sorbs
Message-ID: <1216937813.31587.36.camel@chris-desktop>

Hi everyone,

For some reason, Sorbs keeps blacklisting IPs that belong to Google.com.
I regularly see lines in the maillog that look like so:

Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
ruleset=check_rcpt, arg1=, relay=ag-out-0708.google.com
[72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
safe.dnsbl.sorbs.net

Is there an easy (yet also safe) way of still using sorbs but explicitly
allowing email from Google in to the server? Something tells me this
will be done as an entry to /etc/mail/access, but I'm not sure if that
overrides the RBLs that are specified in sendmail.mc.

Thanks.

Cheers

From ssilva at sgvwater.com  Thu Jul 24 23:30:43 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 24 23:31:00 2008
Subject: OT: quick question about sorbs
In-Reply-To: <1216937813.31587.36.camel@chris-desktop>
References: <1216937813.31587.36.camel@chris-desktop>
Message-ID: 

on 7-24-2008 3:16 PM Chris Yuzik spake the following:
> Hi everyone,
> 
> For some reason, Sorbs keeps blacklisting IPs that belong to Google.com.
> I regularly see lines in the maillog that look like so:
> 
> Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
> ruleset=check_rcpt, arg1=, relay=ag-out-0708.google.com
> [72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
> safe.dnsbl.sorbs.net
> 
> Is there an easy (yet also safe) way of still using sorbs but explicitly
> allowing email from Google in to the server? Something tells me this
> will be done as an entry to /etc/mail/access, but I'm not sure if that
> overrides the RBLs that are specified in sendmail.mc.
> 
> Thanks.
> 
> Cheers
> 
http://www.technoids.org/spamlovers.html


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/871b84a0/signature.bin
From smlists at shaw.ca  Fri Jul 25 00:12:45 2008
From: smlists at shaw.ca (Steve Mason)
Date: Fri Jul 25 00:12:56 2008
Subject: Yum updates for Perl, just say no?
Message-ID: <008e01c8ede2$c8740e60$1424010a@mcscore>

I just finished building a new server , Centos 5.2 with MailScanner 4.70.7
(from, RPM)  and Mailwatch 1.0.4. It's running absolutely beautifully!
I almost did a yum -y update today, but decided I'd better check what it
wants to update.

Looks like it wants to update a boatload of Perl modules.  I'm assuming that
I *don't* want it to do that.
Should I configure yum to exclude perl modules?  Anything else I should
exclude to prevent MailScanner troubles?

Thanks,

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/b25dfc06/attachment.html
From gregg at mochabomb.com  Fri Jul 25 00:23:59 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 00:24:10 2008
Subject: Yum updates for Perl, just say no?
Message-ID: <200807242324.m6ONO1Vj014065@safir.blacknight.ie>

Look in the july archives - I updated the same setup you have and it broke.  In the email was what worked for me - but yeah test it out first if you can...  Mine was messed up for a couple days until I got it fixed with a hack. 

-----Original Message-----
From:  Steve Mason
Date:  7/24/08 4:13 pm
To:  'MailScanner discussion'
Subj:  Yum updates for Perl, just say no?

I just finished building a new server , Centos 5.2 with MailScanner 4.70.7
(from, RPM)  and Mailwatch 1.0.4. It's running absolutely beautifully!
I almost did a yum -y update today, but decided I'd better check what it
wants to update.

Looks like it wants to update a boatload of Perl modules.  I'm assuming that
I *don't* want it to do that.
Should I configure yum to exclude perl modules?  Anything else I should
exclude to prevent MailScanner troubles?

Thanks,

Steve
From gregg at mochabomb.com  Fri Jul 25 00:23:59 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 00:24:16 2008
Subject: Yum updates for Perl, just say no?
Message-ID: <200807242324.m6ONO6ha014064@safir.blacknight.ie>

Look in the july archives - I updated the same setup you have and it broke.  In the email was what worked for me - but yeah test it out first if you can...  Mine was messed up for a couple days until I got it fixed with a hack. 

-----Original Message-----
From:  Steve Mason
Date:  7/24/08 4:13 pm
To:  'MailScanner discussion'
Subj:  Yum updates for Perl, just say no?

I just finished building a new server , Centos 5.2 with MailScanner 4.70.7
(from, RPM)  and Mailwatch 1.0.4. It's running absolutely beautifully!
I almost did a yum -y update today, but decided I'd better check what it
wants to update.

Looks like it wants to update a boatload of Perl modules.  I'm assuming that
I *don't* want it to do that.
Should I configure yum to exclude perl modules?  Anything else I should
exclude to prevent MailScanner troubles?

Thanks,

Steve
From ssilva at sgvwater.com  Fri Jul 25 00:28:45 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 00:29:10 2008
Subject: Yum updates for Perl, just say no?
In-Reply-To: <008e01c8ede2$c8740e60$1424010a@mcscore>
References: <008e01c8ede2$c8740e60$1424010a@mcscore>
Message-ID: 

on 7-24-2008 4:12 PM Steve Mason spake the following:
> I just finished building a new server , Centos 5.2 with MailScanner 
> 4.70.7 (from, RPM)  and Mailwatch 1.0.4. It's running absolutely 
> beautifully!
> 
> I almost did a yum -y update today, but decided I'd better check what it 
> wants to update.
> 
> Looks like it wants to update a boatload of Perl modules.  I'm assuming 
> that I *don't* want it to do that.
> Should I configure yum to exclude perl modules?  Anything else I should 
> exclude to prevent MailScanner troubles?
> 
> Thanks,
> 
> Steve
> 
What repos are you using? I have installed all the mailscanner prerequisites 
from rpmforge, and all is well here.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080724/9a268a63/signature.bin
From lists at sequestered.net  Fri Jul 25 00:48:50 2008
From: lists at sequestered.net (Jay Chandler)
Date: Fri Jul 25 00:49:16 2008
Subject: OT: quick question about sorbs
In-Reply-To: 
References: <1216937813.31587.36.camel@chris-desktop>
	
Message-ID: <2521227C-2F6A-4AE9-A26E-128166B31B2D@sequestered.net>


On Jul 24, 2008, at 3:30 PM, Scott Silva wrote:

> on 7-24-2008 3:16 PM Chris Yuzik spake the following:
>> Hi everyone,
>> For some reason, Sorbs keeps blacklisting IPs that belong to  
>> Google.com.
>> I regularly see lines in the maillog that look like so:
>> Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
>> ruleset=check_rcpt, arg1=, relay=ag- 
>> out-0708.google.com
>> [72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
>> safe.dnsbl.sorbs.net
>> Is there an easy (yet also safe) way of still using sorbs but  
>> explicitly
>> allowing email from Google in to the server? Something tells me this
>> will be done as an entry to /etc/mail/access, but I'm not sure if  
>> that
>> overrides the RBLs that are specified in sendmail.mc.
>> Thanks.
>> Cheers
> http://www.technoids.org/spamlovers.html
>

Meh, that's work. :-p

I'd use DNSWL (dnswl.org) and be done with it.

--Jay
From smlists at shaw.ca  Fri Jul 25 00:57:40 2008
From: smlists at shaw.ca (Steve Mason)
Date: Fri Jul 25 00:57:50 2008
Subject: Yum updates for Perl, just say no?
In-Reply-To: 
References: <008e01c8ede2$c8740e60$1424010a@mcscore>
	
Message-ID: <00ab01c8ede9$0e8a59d0$1424010a@mcscore>

>What repos are you using? I have installed all the mailscanner
prerequisites from rpmforge, >and all is well here.

Using the standard base, plus atrpms and rpmforge.
Here's what came up:

============================================================================
=
 Package                 Arch       Version          Repository        Size 
============================================================================
=
Updating:
 alsa-driver             i386       1.0.17-69.el5    atrpms            152 k
 alsa-kmdl-2.6.18-92.1.6.el5PAE  i686       1.0.17-69.el5    atrpms
1.3 M
 perl-Archive-Zip        noarch     1.16-1.2.1       base              138 k
 perl-Compress-Zlib      i386       1.42-1.fc6       base               52 k
 perl-Convert-BinHex     noarch     1.119-2.2.el5.rf  rpmforge           34
k
 perl-Convert-TNEF       noarch     0.17-3.2.el5.rf  rpmforge           18 k
 perl-DBD-SQLite         i386       1.14-1.el5.rf    rpmforge          762 k
 perl-Digest-SHA1        i386       2.11-1.2.1       base               48 k
 perl-File-Temp          noarch     0.20-1.el5.rf    rpmforge           46 k
 perl-Filesys-Df         i386       0.92-1.el5.rf    rpmforge           35 k
 perl-HTML-Tagset        noarch     3.10-2.1.1       base               15 k
 perl-IO                 i386       1.2301-1.el5.rf  rpmforge           99 k
 perl-IO-stringy         noarch     2.110-1.2.el5.rf  rpmforge           70
k
 perl-Math-BigInt        noarch     1.89-1.el5.rf    rpmforge          174 k
 perl-Math-BigRat        noarch     0.22-1.el5.rf    rpmforge           30 k
 perl-Net-CIDR           noarch     0.11-1.2.el5.rf  rpmforge           15 k
 perl-OLE-Storage_Lite   noarch     0.17-1.el5.rf    rpmforge           21 k
 perl-Pod-Escapes        noarch     1.04-1.2.el5.rf  rpmforge           15 k
 perl-Pod-Simple         noarch     3.05-1.el5.rf    rpmforge          218 k
 perl-Test-Pod           noarch     1.26-1.el5.rf    rpmforge           11 k
 perl-TimeDate           noarch     1:1.16-5.el5     base               32 k
 perl-bignum             noarch     0.23-1.el5.rf    rpmforge           40 k
 tnef                    i386       1.4.3-1.el5.rf   rpmforge           44 k

From gregg at mochabomb.com  Fri Jul 25 03:08:33 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 03:08:50 2008
Subject: Yum updates for Perl, just say no?
Message-ID: <200807250208.m6P28ff6018710@safir.blacknight.ie>

Just check to make sure the perl version bug from a couple weeks ago is fixed else you might break something. It was perl -V ginving out a too  specific version and that broke a lot of things - anyone else experience this?? 

-----Original Message-----
From:  Steve Mason
Date:  7/24/08 4:58 pm
To:  'MailScanner discussion'
Subj:  RE: Yum updates for Perl, just say no?

>What repos are you using? I have installed all the mailscanner
prerequisites from rpmforge, >and all is well here.

Using the standard base, plus atrpms and rpmforge.
Here's what came up:

==============================================================================
=
 Package                 Arch       Version          Repository        Size 
==============================================================================
=
Updating:
 alsa-driver             i386       1.0.17-69.el5    atrpms            152 k
 alsa-kmdl-2.6.18-92.1.6.el5PAE  i686       1.0.17-69.el5    atrpms
1.3 M
 perl-Archive-Zip        noarch     1.16-1.2.1       base              138 k
 perl-Compress-Zlib      i386       1.42-1.fc6       base               52 k
 perl-Convert-BinHex     noarch     1.119-2.2.el5.rf  rpmforge            34
k
 perl-Convert-TNEF       noarch     0.17-3.2.el5.rf  rpmforge           18 k
 perl-DBD-SQLite         i386       1.14-1.el5.rf    rpmforge          762 k
 perl-Digest-SHA1        i386       2.11-1.2.1       base               48 k
 perl-File-Temp          noarch     0.20-1.el5.rf    rpmforge           46 k
 perl-Filesys-Df         i386       0.92-1.el5.rf    rpmforge           35 k
 perl-HTML-Tagset        noarch     3.10-2.1.1       base               15 k
 perl-IO                 i386       1.2301-1.el5.rf  rpmforge           99 k
 perl-IO-stringy         noarch     2.110-1.2.el5.rf  rpmforge            70
k
 perl-Math-BigInt        noarch     1.89-1.el5.rf    rpmforge          174 k
 perl-Math-BigRat        noarch     0.22-1.el5.rf    rpmforge           30 k
 perl-Net-CIDR           noarch     0.11-1.2.el5.rf  rpmforge           15 k
 perl-OLE-Storage_Lite   noarch     0.17-1.el5.rf    rpmforge           21 k
 perl-Pod-Escapes        noarch     1.04-1.2.el5.rf  rpmforge           15 k
 perl-Pod-Simple         noarch     3.05-1.el5.rf    rpmforge          218 k
 perl-Test-Pod           noarch     1.26-1.el5.rf    rpmforge           11 k
 perl-TimeDate           noarch     1:1.16-5.el5     base               32 k
 perl-bignum             noarch     0.23-1.el5.rf    rpmforge           40 k
 tnef                    i386       1.4.3-1.el5.rf   rpmforge           44 k

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From gregg at mochabomb.com  Fri Jul 25 03:08:33 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 03:08:51 2008
Subject: Yum updates for Perl, just say no?
Message-ID: <200807250208.m6P28fAN018709@safir.blacknight.ie>

Just check to make sure the perl version bug from a couple weeks ago is fixed else you might break something. It was perl -V ginving out a too  specific version and that broke a lot of things - anyone else experience this?? 

-----Original Message-----
From:  Steve Mason
Date:  7/24/08 4:58 pm
To:  'MailScanner discussion'
Subj:  RE: Yum updates for Perl, just say no?

>What repos are you using? I have installed all the mailscanner
prerequisites from rpmforge, >and all is well here.

Using the standard base, plus atrpms and rpmforge.
Here's what came up:

==============================================================================
=
 Package                 Arch       Version          Repository        Size 
==============================================================================
=
Updating:
 alsa-driver             i386       1.0.17-69.el5    atrpms            152 k
 alsa-kmdl-2.6.18-92.1.6.el5PAE  i686       1.0.17-69.el5    atrpms
1.3 M
 perl-Archive-Zip        noarch     1.16-1.2.1       base              138 k
 perl-Compress-Zlib      i386       1.42-1.fc6       base               52 k
 perl-Convert-BinHex     noarch     1.119-2.2.el5.rf  rpmforge            34
k
 perl-Convert-TNEF       noarch     0.17-3.2.el5.rf  rpmforge           18 k
 perl-DBD-SQLite         i386       1.14-1.el5.rf    rpmforge          762 k
 perl-Digest-SHA1        i386       2.11-1.2.1       base               48 k
 perl-File-Temp          noarch     0.20-1.el5.rf    rpmforge           46 k
 perl-Filesys-Df         i386       0.92-1.el5.rf    rpmforge           35 k
 perl-HTML-Tagset        noarch     3.10-2.1.1       base               15 k
 perl-IO                 i386       1.2301-1.el5.rf  rpmforge           99 k
 perl-IO-stringy         noarch     2.110-1.2.el5.rf  rpmforge            70
k
 perl-Math-BigInt        noarch     1.89-1.el5.rf    rpmforge          174 k
 perl-Math-BigRat        noarch     0.22-1.el5.rf    rpmforge           30 k
 perl-Net-CIDR           noarch     0.11-1.2.el5.rf  rpmforge           15 k
 perl-OLE-Storage_Lite   noarch     0.17-1.el5.rf    rpmforge           21 k
 perl-Pod-Escapes        noarch     1.04-1.2.el5.rf  rpmforge           15 k
 perl-Pod-Simple         noarch     3.05-1.el5.rf    rpmforge          218 k
 perl-Test-Pod           noarch     1.26-1.el5.rf    rpmforge           11 k
 perl-TimeDate           noarch     1:1.16-5.el5     base               32 k
 perl-bignum             noarch     0.23-1.el5.rf    rpmforge           40 k
 tnef                    i386       1.4.3-1.el5.rf   rpmforge           44 k

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From Richard.Frovarp at sendit.nodak.edu  Fri Jul 25 04:34:15 2008
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Fri Jul 25 04:34:34 2008
Subject: OT: quick question about sorbs
In-Reply-To: <1216937813.31587.36.camel@chris-desktop>
References: <1216937813.31587.36.camel@chris-desktop>
Message-ID: <488949B7.1070308@sendit.nodak.edu>

Chris Yuzik wrote:
> Hi everyone,
>
> For some reason, Sorbs keeps blacklisting IPs that belong to Google.com.
> I regularly see lines in the maillog that look like so:
>
> Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
> ruleset=check_rcpt, arg1=, relay=ag-out-0708.google.com
> [72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
> safe.dnsbl.sorbs.net
>
> Is there an easy (yet also safe) way of still using sorbs but explicitly
> allowing email from Google in to the server? Something tells me this
> will be done as an entry to /etc/mail/access, but I'm not sure if that
> overrides the RBLs that are specified in sendmail.mc.
>
> Thanks.
>
> Cheers
>
>   
Yeah, safe.dnsbl.sorbs.net isn't very safe in my opinion. Safe includes 
new.spam.dnsbl.sorbs.net which will hit Google (and probably others) 
from time to time. You could instead just use the parts of sorbs that 
you do consider to be okay. Results in more lookups, but I've found 
new.spam makes safe.dnsbl unacceptable to use.
From hvdkooij at vanderkooij.org  Fri Jul 25 06:08:00 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri Jul 25 06:08:14 2008
Subject: Yum updates for Perl, just say no?
In-Reply-To: <200807250208.m6P28fAN018709@safir.blacknight.ie>
References: <200807250208.m6P28fAN018709@safir.blacknight.ie>
Message-ID: <48895FB0.70200@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregg LainJr. wrote:
| Just check to make sure the perl version bug from a couple weeks ago
is fixed else you might break something. It was perl -V ginving out a
too  specific version and that broke a lot of things - anyone else
experience this??

Gregg,

We might forgive you your top posting. But sending each message twice to
the mailinglist? That is a major offence. I think you should be saying
hail julians for a week at least. ;-)

Your headers give it all away:

X-Mailer: Handspring Mail (1.0)
From: =?ISO-8859-1?Q?Gregg=20LainJr=2E?= 
To: mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info


Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIiV+uBvzDRVjxmYERAv8UAKCuDAZhV1qJ74rTFnwe8Ap67FIoqQCgqF5T
gC/1qrcctUvaPEDAmhz7twE=
=H8W5
-----END PGP SIGNATURE-----
From a.peacock at chime.ucl.ac.uk  Fri Jul 25 08:17:20 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Fri Jul 25 08:17:35 2008
Subject: New Trojan
In-Reply-To: <200807241856.m6OIuO7d008693@mxt.1bigthink.com>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>
		<48889E5A.2040803@alexb.ch>
		
	<4888C195.9040306@vanderkooij.org>		<4888CB07.3090802@pacific.net>
	<200807241856.m6OIuO7d008693@mxt.1bigthink.com>
Message-ID: <48897E00.5030307@chime.ucl.ac.uk>

Hi,

dnsadmin 1bigthink.com wrote:
> At 02:33 PM 7/24/2008, you wrote:
>> Derek Buttineau wrote:
>>> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Scott Silva wrote:
>>>>
>>>> | I guess the blacklists have been helping me because I haven't seen 
>>>> any.
>>>> | But it is early, and now that I said something I will be flooded.  
>>>> ;-P
>>>>
>>>> If that helps to lay your hands on them I might want to claim I have 
>>>> not
>>>> yet received a single one of them.
>>>>
>>>> Hugo.
>>> We're seeing a ton of them incoming now too, clamav is still not 
>>> detecting them either :(
>>> Derek
>>
>>
>> What sig file are you running? Daily here is 7815
>> We are catching them, and have been since sometime yesterday afternoon 
>> (GMT-7).
>>
>> Clam calls them as Trojan.Zbot-1711, Trojan.Zbot-1712
>>
>> Ken
> 
> I'm still not catching them with clamscan, I've got 7815 here, too, but 
> running ClamAV 0.92.1 and suspect that is why.
> 
> Thinking very seriously about upgrade today.

Clamav is still not catching the ones that claim to be from "Customs" 
here, and I am running the latest version with the latest sigs.  Clam is 
catching the 'Tax_invoice' variant though.


-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From gmatt at nerc.ac.uk  Fri Jul 25 11:46:25 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri Jul 25 11:46:52 2008
Subject: Mail-ClamAV-0.22 fails to install
Message-ID: <4889AF01.4030702@nerc.ac.uk>

The Mail-ClamAV module shipped with JFs tarball for SA and Clam fails 
during make test:

# make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/Mail-ClamAV....ok 3/10 

#   Failed test 'Scan File'
#   at t/Mail-ClamAV.t line 106.
t/Mail-ClamAV....NOK 6 

#   Failed test 'Scan FileHandle'
#   at t/Mail-ClamAV.t line 108.
t/Mail-ClamAV....NOK 7 

#   Failed test 'Scan File overload'
#   at t/Mail-ClamAV.t line 111.
t/Mail-ClamAV....NOK 8 

#   Failed test 'Scan FileHandle overload'
#   at t/Mail-ClamAV.t line 114.
t/Mail-ClamAV....NOK 9# Looks like you failed 4 tests of 10. 

t/Mail-ClamAV....dubious 

	Test returned status 4 (wstat 1024, 0x400)
DIED. FAILED tests 6-9
	Failed 4/10 tests, 60.00% okay
Failed Test     Stat Wstat Total Fail  Failed  List of Failed
-------------------------------------------------------------------------------
t/Mail-ClamAV.t    4  1024    10    4  40.00%  6-9
Failed 1/1 test scripts, 0.00% okay. 4/10 subtests failed, 60.00% okay.
make: *** [test_dynamic] Error 4

looks pretty dead.

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From gmatt at nerc.ac.uk  Fri Jul 25 12:13:05 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri Jul 25 12:13:59 2008
Subject: Mail-ClamAV-0.22 fails to install
In-Reply-To: <4889AF01.4030702@nerc.ac.uk>
References: <4889AF01.4030702@nerc.ac.uk>
Message-ID: <4889B541.6050909@nerc.ac.uk>

Greg Matthews wrote:
> The Mail-ClamAV module shipped with JFs tarball for SA and Clam fails 
> during make test:

should say that this is on long serving CentOS 4.6 server with:

MailScanner 4.68.8
ClamAV 0.93.3 <- since downgraded again to 0.92.1
SpamAssassin 3.2.5
perl 5.8.5 <- this is 5.8.5-36.el4_5.2 not the most recent el4-6.3

GREG


> 
> # make test
> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/Mail-ClamAV....ok 3/10
> #   Failed test 'Scan File'
> #   at t/Mail-ClamAV.t line 106.
> t/Mail-ClamAV....NOK 6
> #   Failed test 'Scan FileHandle'
> #   at t/Mail-ClamAV.t line 108.
> t/Mail-ClamAV....NOK 7
> #   Failed test 'Scan File overload'
> #   at t/Mail-ClamAV.t line 111.
> t/Mail-ClamAV....NOK 8
> #   Failed test 'Scan FileHandle overload'
> #   at t/Mail-ClamAV.t line 114.
> t/Mail-ClamAV....NOK 9# Looks like you failed 4 tests of 10.
> t/Mail-ClamAV....dubious
>     Test returned status 4 (wstat 1024, 0x400)
> DIED. FAILED tests 6-9
>     Failed 4/10 tests, 60.00% okay
> Failed Test     Stat Wstat Total Fail  Failed  List of Failed
> ------------------------------------------------------------------------------- 
> 
> t/Mail-ClamAV.t    4  1024    10    4  40.00%  6-9
> Failed 1/1 test scripts, 0.00% okay. 4/10 subtests failed, 60.00% okay.
> make: *** [test_dynamic] Error 4
> 
> looks pretty dead.
> 
> GREG


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From ssilva at sgvwater.com  Fri Jul 25 16:39:30 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 16:40:04 2008
Subject: Happy SysAdmin Day
Message-ID: 

Happy SysAdmin day to all!  ;-)
-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/6d2ab74d/signature.bin
From ssilva at sgvwater.com  Fri Jul 25 16:42:41 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 16:45:13 2008
Subject: Yum updates for Perl, just say no?
In-Reply-To: <00ab01c8ede9$0e8a59d0$1424010a@mcscore>
References: <008e01c8ede2$c8740e60$1424010a@mcscore>	
	<00ab01c8ede9$0e8a59d0$1424010a@mcscore>
Message-ID: 

on 7-24-2008 4:57 PM Steve Mason spake the following:
>> What repos are you using? I have installed all the mailscanner
> prerequisites from rpmforge, >and all is well here.
> 
> Using the standard base, plus atrpms and rpmforge.
> Here's what came up:
> 
> ============================================================================
> =
>  Package                 Arch       Version          Repository        Size 
> ============================================================================
> =
> Updating:
>  alsa-driver             i386       1.0.17-69.el5    atrpms            152 k
>  alsa-kmdl-2.6.18-92.1.6.el5PAE  i686       1.0.17-69.el5    atrpms
> 1.3 M
>  perl-Archive-Zip        noarch     1.16-1.2.1       base              138 k
>  perl-Compress-Zlib      i386       1.42-1.fc6       base               52 k
>  perl-Convert-BinHex     noarch     1.119-2.2.el5.rf  rpmforge           34
> k
>  perl-Convert-TNEF       noarch     0.17-3.2.el5.rf  rpmforge           18 k
>  perl-DBD-SQLite         i386       1.14-1.el5.rf    rpmforge          762 k
>  perl-Digest-SHA1        i386       2.11-1.2.1       base               48 k
>  perl-File-Temp          noarch     0.20-1.el5.rf    rpmforge           46 k
>  perl-Filesys-Df         i386       0.92-1.el5.rf    rpmforge           35 k
>  perl-HTML-Tagset        noarch     3.10-2.1.1       base               15 k
>  perl-IO                 i386       1.2301-1.el5.rf  rpmforge           99 k
>  perl-IO-stringy         noarch     2.110-1.2.el5.rf  rpmforge           70
> k
>  perl-Math-BigInt        noarch     1.89-1.el5.rf    rpmforge          174 k
>  perl-Math-BigRat        noarch     0.22-1.el5.rf    rpmforge           30 k
>  perl-Net-CIDR           noarch     0.11-1.2.el5.rf  rpmforge           15 k
>  perl-OLE-Storage_Lite   noarch     0.17-1.el5.rf    rpmforge           21 k
>  perl-Pod-Escapes        noarch     1.04-1.2.el5.rf  rpmforge           15 k
>  perl-Pod-Simple         noarch     3.05-1.el5.rf    rpmforge          218 k
>  perl-Test-Pod           noarch     1.26-1.el5.rf    rpmforge           11 k
>  perl-TimeDate           noarch     1:1.16-5.el5     base               32 k
>  perl-bignum             noarch     0.23-1.el5.rf    rpmforge           40 k
>  tnef                    i386       1.4.3-1.el5.rf   rpmforge           44 k
> 
If you are using both atrpms and rpmforge, are you using priorities plugin? 
Since the two repos have different goals, sometimes there is conflict.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/8232887d/signature.bin
From ssilva at sgvwater.com  Fri Jul 25 16:40:26 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 16:50:11 2008
Subject: New Trojan
In-Reply-To: <48897E00.5030307@chime.ucl.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>		<4888CB07.3090802@pacific.net>	<200807241856.m6OIuO7d008693@mxt.1bigthink.com>
	<48897E00.5030307@chime.ucl.ac.uk>
Message-ID: 

on 7-25-2008 12:17 AM Anthony Peacock spake the following:
> Hi,
> 
> dnsadmin 1bigthink.com wrote:
>> At 02:33 PM 7/24/2008, you wrote:
>>> Derek Buttineau wrote:
>>>> On 2008-Jul-24, at 1:53 PM, Hugo van der Kooij wrote:
>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> Scott Silva wrote:
>>>>>
>>>>> | I guess the blacklists have been helping me because I haven't 
>>>>> seen any.
>>>>> | But it is early, and now that I said something I will be 
>>>>> flooded.  ;-P
>>>>>
>>>>> If that helps to lay your hands on them I might want to claim I 
>>>>> have not
>>>>> yet received a single one of them.
>>>>>
>>>>> Hugo.
>>>> We're seeing a ton of them incoming now too, clamav is still not 
>>>> detecting them either :(
>>>> Derek
>>>
>>>
>>> What sig file are you running? Daily here is 7815
>>> We are catching them, and have been since sometime yesterday 
>>> afternoon (GMT-7).
>>>
>>> Clam calls them as Trojan.Zbot-1711, Trojan.Zbot-1712
>>>
>>> Ken
>>
>> I'm still not catching them with clamscan, I've got 7815 here, too, 
>> but running ClamAV 0.92.1 and suspect that is why.
>>
>> Thinking very seriously about upgrade today.
> 
> Clamav is still not catching the ones that claim to be from "Customs" 
> here, and I am running the latest version with the latest sigs.  Clam is 
> catching the 'Tax_invoice' variant though.
> 
> 
Have you submitted a sample to the Clam folks?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/57df1d22/signature.bin
From cbarber at techquility.net  Fri Jul 25 16:56:58 2008
From: cbarber at techquility.net (Chris Barber)
Date: Fri Jul 25 16:57:29 2008
Subject: If virus, don't scan with SA
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk>
References: <48883D89.4020406@ecs.soton.ac.uk>
	<7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk>
Message-ID: <43F62CA225017044BC84CFAF92B4333B035B5C@sbsserver.Techquility.net>


There is another very good reason for not bothering to micro-optimi[sz]e
this.

If you're scanning your viruses with spamassassin there's a good chance
they'll be auto-learned as spam.  So when the phishing attack is mutated
to avoid existing signatures Bayes can still get them.

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 24 July 2008 09:30
To: MailScanner discussion
Subject: Re: If virus, don't scan with SA

The reason I haven't tried to implement it is that viruses (incl what
sanesecurity finds) are a very small percentage of your total mail
volume. Probably 2 or 3% at a guess. So it wouldn't actually make any
noticeable difference to your MailScanner server load.

Jules
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



Thanks for all the responses guys. I see about 25-30% viruses now that I
use sane security. I guess it is different for everyone. But the added
bayes entries are prob worth leaving it alone.

Thanks again,
Chris
From dstraka at caspercollege.edu  Fri Jul 25 17:01:31 2008
From: dstraka at caspercollege.edu (Daniel Straka)
Date: Fri Jul 25 17:01:56 2008
Subject: Using list.dnswl.org with MailScanner
Message-ID: <4889A47A.61A4.0000.0@caspercollege.edu>

Is there a way to use a whitelist service like "list.dnswl.org" with MS? I'm using the blacklist feature as below.

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = spamhaus-ZEN spamcop.net SORBS-SPAM


Thanks,
-- 

Dan Straka
Systems Coordinator
Casper College
307.268.2399
www.caspercollege.edu ( http://www.caspercollege.edu/ )


From ssilva at sgvwater.com  Fri Jul 25 16:45:18 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 17:05:11 2008
Subject: Mail-ClamAV-0.22 fails to install
In-Reply-To: <4889B541.6050909@nerc.ac.uk>
References: <4889AF01.4030702@nerc.ac.uk> <4889B541.6050909@nerc.ac.uk>
Message-ID: 

on 7-25-2008 4:13 AM Greg Matthews spake the following:
> Greg Matthews wrote:
>> The Mail-ClamAV module shipped with JFs tarball for SA and Clam fails 
>> during make test:
> 
> should say that this is on long serving CentOS 4.6 server with:
> 
> MailScanner 4.68.8
> ClamAV 0.93.3 <- since downgraded again to 0.92.1
> SpamAssassin 3.2.5
> perl 5.8.5 <- this is 5.8.5-36.el4_5.2 not the most recent el4-6.3
> 
> GREG
> 
> 
>>
>> # make test
>> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
>> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
>> t/Mail-ClamAV....ok 3/10
>> #   Failed test 'Scan File'
>> #   at t/Mail-ClamAV.t line 106.
>> t/Mail-ClamAV....NOK 6
>> #   Failed test 'Scan FileHandle'
>> #   at t/Mail-ClamAV.t line 108.
>> t/Mail-ClamAV....NOK 7
>> #   Failed test 'Scan File overload'
>> #   at t/Mail-ClamAV.t line 111.
>> t/Mail-ClamAV....NOK 8
>> #   Failed test 'Scan FileHandle overload'
>> #   at t/Mail-ClamAV.t line 114.
>> t/Mail-ClamAV....NOK 9# Looks like you failed 4 tests of 10.
>> t/Mail-ClamAV....dubious
>>     Test returned status 4 (wstat 1024, 0x400)
>> DIED. FAILED tests 6-9
>>     Failed 4/10 tests, 60.00% okay
>> Failed Test     Stat Wstat Total Fail  Failed  List of Failed
>> ------------------------------------------------------------------------------- 
>>
>> t/Mail-ClamAV.t    4  1024    10    4  40.00%  6-9
>> Failed 1/1 test scripts, 0.00% okay. 4/10 subtests failed, 60.00% okay.
>> make: *** [test_dynamic] Error 4
>>
>> looks pretty dead.
>>
>> GREG
> 
> 
Switch to clamd and be done with it. That module can lag for a few weeks 
sometimes.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/3f42f636/signature.bin
From ssilva at sgvwater.com  Fri Jul 25 17:41:15 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 17:41:38 2008
Subject: If virus, don't scan with SA
In-Reply-To: <43F62CA225017044BC84CFAF92B4333B035B5C@sbsserver.Techquility.net>
References: <48883D89.4020406@ecs.soton.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk>
	<43F62CA225017044BC84CFAF92B4333B035B5C@sbsserver.Techquility.net>
Message-ID: 

on 7-25-2008 8:56 AM Chris Barber spake the following:
> There is another very good reason for not bothering to micro-optimi[sz]e
> this.
> 
> If you're scanning your viruses with spamassassin there's a good chance
> they'll be auto-learned as spam.  So when the phishing attack is mutated
> to avoid existing signatures Bayes can still get them.
> 
> Cheers,
> 
> Phil
> 
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 24 July 2008 09:30
> To: MailScanner discussion
> Subject: Re: If virus, don't scan with SA
> 
> The reason I haven't tried to implement it is that viruses (incl what
> sanesecurity finds) are a very small percentage of your total mail
> volume. Probably 2 or 3% at a guess. So it wouldn't actually make any
> noticeable difference to your MailScanner server load.
> 
> Jules
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 
> Thanks for all the responses guys. I see about 25-30% viruses now that I
> use sane security. I guess it is different for everyone. But the added
> bayes entries are prob worth leaving it alone.
> 
> Thanks again,
> Chris
A lot of those are probably coming from places that others of us don't see 
because of blacklists. But I have to agree on the bayes training only helping.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/ad70d225/signature.bin
From steve.freegard at fsl.com  Fri Jul 25 17:46:19 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Fri Jul 25 17:46:30 2008
Subject: Using list.dnswl.org with MailScanner
In-Reply-To: <4889A47A.61A4.0000.0@caspercollege.edu>
References: <4889A47A.61A4.0000.0@caspercollege.edu>
Message-ID: <488A035B.4060504@fsl.com>

Daniel Straka wrote:
> Is there a way to use a whitelist service like "list.dnswl.org" with MS? I'm using the blacklist feature as below.

Bad idea to do this in MailScanner.  You really don't want to use 
list.dnswl.org to skip Spam Checks as you *will* get spam these hosts 
(e.g. Hotmail and Google are listed here).

SpamAssassin already does lookups to list.dnswl.org - it's best to leave 
it to SA to assign a score instead.

Cheers,
Steve.
From derek at csolve.net  Fri Jul 25 18:24:16 2008
From: derek at csolve.net (Derek Buttineau)
Date: Fri Jul 25 18:24:27 2008
Subject: New Trojan
In-Reply-To: 
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>		<7EF0EE5CB3B263488C8C18823239BEBA0447060F@HC-MBX02.herefordshire.gov.uk>	<48888988.2020809@chime.ucl.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447061E@HC-MBX02.herefordshire.gov.uk>	<48888F4F.7090900@chime.ucl.ac.uk>		<48889E5A.2040803@alexb.ch>			<4888C195.9040306@vanderkooij.org>		<4888CB07.3090802@pacific.net>	<200807241856.m6OIuO7d008693@mxt.1bigthink.com>
	<48897E00.5030307@chime.ucl.ac.uk> 
Message-ID: <8151122A-0221-4B4A-84F2-FFFE846379FB@csolve.net>


On 2008-Jul-25, at 11:40 AM, Scott Silva wrote:
>>
> Have you submitted a sample to the Clam folks?

I did, and can confirm that 7826 is catching it.

Derek
From gregg at mochabomb.com  Fri Jul 25 19:42:19 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 19:42:31 2008
Subject: OT: quick question about sorbs
Message-ID: <200807251842.m6PIgMUR016380@safir.blacknight.ie>

I won't use sorbs at all anymore - my hosting was recently moved to an old dynamic IP block  that is now static - sorbs was contacted many weeks ago and I blv our block is listed by them depsite many requests. 
That's a bad way to operate - thus won't use them..


-----Original Message-----
From:  Richard Frovarp 
Date:  7/24/08 8:34 pm
To:  MailScanner discussion 
Subj:  Re: OT: quick question about sorbs

Chris Yuzik wrote:
> Hi everyone,
>
> For some reason, Sorbs keeps blacklisting IPs that belong to Google.com.
> I regularly see lines in the maillog that look like so:
>
> Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
> ruleset=check_rcpt, arg1=, relay=ag-out-0708.google.com
> [72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
> safe.dnsbl.sorbs.net
>
> Is there an easy (yet also safe) way of still using sorbs but explicitly
> allowing email from Google in to the server? Something tells me this
> will be done as an entry to /etc/mail/access, but I'm not sure if that
> overrides the RBLs that are specified in sendmail.mc.
>
> Thanks.
>
> Cheers
>
>   
Yeah, safe.dnsbl.sorbs.net isn't very safe in my opinion. Safe includes 
new.spam.dnsbl.sorbs.net which will hit Google (and probably others) 
from time to time. You could instead just use the parts of sorbs that 
you do consider to be okay. Results in more lookups, but I've found 
new.spam makes safe.dnsbl unacceptable to use.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From gregg at mochabomb.com  Fri Jul 25 19:42:19 2008
From: gregg at mochabomb.com (=?ISO-8859-1?Q?Gregg=20LainJr=2E?=)
Date: Fri Jul 25 19:42:32 2008
Subject: OT: quick question about sorbs
Message-ID: <200807251842.m6PIgMXM016381@safir.blacknight.ie>

I won't use sorbs at all anymore - my hosting was recently moved to an old dynamic IP block  that is now static - sorbs was contacted many weeks ago and I blv our block is listed by them depsite many requests. 
That's a bad way to operate - thus won't use them..


-----Original Message-----
From:  Richard Frovarp 
Date:  7/24/08 8:34 pm
To:  MailScanner discussion 
Subj:  Re: OT: quick question about sorbs

Chris Yuzik wrote:
> Hi everyone,
>
> For some reason, Sorbs keeps blacklisting IPs that belong to Google.com.
> I regularly see lines in the maillog that look like so:
>
> Jul 21 15:15:04 devel sendmail[7342]: m6LNEwH4007323:
> ruleset=check_rcpt, arg1=, relay=ag-out-0708.google.com
> [72.14.246.247], reject=554 5.7.1 Rejected 72.14.246.247 found in
> safe.dnsbl.sorbs.net
>
> Is there an easy (yet also safe) way of still using sorbs but explicitly
> allowing email from Google in to the server? Something tells me this
> will be done as an entry to /etc/mail/access, but I'm not sure if that
> overrides the RBLs that are specified in sendmail.mc.
>
> Thanks.
>
> Cheers
>
>   
Yeah, safe.dnsbl.sorbs.net isn't very safe in my opinion. Safe includes 
new.spam.dnsbl.sorbs.net which will hit Google (and probably others) 
from time to time. You could instead just use the parts of sorbs that 
you do consider to be okay. Results in more lookups, but I've found 
new.spam makes safe.dnsbl unacceptable to use.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From smlists at shaw.ca  Fri Jul 25 21:28:36 2008
From: smlists at shaw.ca (Steve Mason)
Date: Fri Jul 25 21:28:47 2008
Subject: Yum updates for Perl, just say no?
In-Reply-To: 
References: <008e01c8ede2$c8740e60$1424010a@mcscore>
	
	<00ab01c8ede9$0e8a59d0$1424010a@mcscore>
	
Message-ID: <011101c8ee95$04758e90$1424010a@mcscore>

 
>If you are using both atrpms and rpmforge, are you using priorities plugin?

>Since the two repos have different goals, sometimes there is conflict.

I am using the priorities plugin, and atrpms is just set to get alsa stuff
(had some issues with sound capture for an app I'm running in a VM)


From ssilva at sgvwater.com  Fri Jul 25 22:07:38 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 22:08:19 2008
Subject: OT: quick question about sorbs
In-Reply-To: <200807251842.m6PIgMUR016380@safir.blacknight.ie>
References: <200807251842.m6PIgMUR016380@safir.blacknight.ie>
Message-ID: 

on 7-25-2008 11:42 AM Gregg LainJr. spake the following:
> I won't use sorbs at all anymore - my hosting was recently moved to an old dynamic IP block  that is now static - sorbs was contacted many weeks ago and I blv our block is listed by them depsite many requests. 
> That's a bad way to operate - thus won't use them..
> 
>
The problem with that is it doesn't matter if you are using it, it matters if 
anybody that you need to interact with is using it.
I would contact them, hound them, and remember that if you tru to send them 
mail from an already blocked IP I think it goes in the bit bucket.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/795ec85f/signature.bin
From ssilva at sgvwater.com  Fri Jul 25 22:10:06 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jul 25 22:15:15 2008
Subject: OT: quick question about sorbs
In-Reply-To: <200807251842.m6PIgMXM016381@safir.blacknight.ie>
References: <200807251842.m6PIgMXM016381@safir.blacknight.ie>
Message-ID: 

on 7-25-2008 11:42 AM Gregg LainJr. spake the following:
> I won't use sorbs at all anymore - my hosting was recently moved to an old dynamic IP block  that is now static - sorbs was contacted many weeks ago and I blv our block is listed by them depsite many requests. 
> That's a bad way to operate - thus won't use them..
> 

Does your block follow their recommendations?
http://www.au.sorbs.net/faq/dul.shtml

I figured since you have to post the same message twice, I will respond to both.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080725/876cd34e/signature.bin
From lists at openenterprise.ca  Sat Jul 26 00:55:34 2008
From: lists at openenterprise.ca (Johnny Stork)
Date: Sat Jul 26 00:55:47 2008
Subject: Strange New MS Problem/Errors?
Message-ID: <488A67F6.9050209@openenterprise.ca>

Running latest MS and MW on a Centos 5.2 server. After a recent set of 
problems with inconsistent perl installation, now fixed, I now get these 
strange errors when MS starts? Mail seems to be coming through fine though?

And I get hundreds of these lines at startup, but then I dont see them 
again?



Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PFN86m006790: to=root, 
delay=08:24:50, xdelay=00:00:00, mailer=relay, pri=3091712, 
relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
[127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PF886m005540: to=root, 
delay=08:39:50, xdelay=00:00:00, mailer=relay, pri=3203746, 
relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
[127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PCN76m024946: 
to=webmin@gateway.johnnystork.ca, delay=11:24:51, xdelay=00:00:00, 
mailer=relay, pri=4178475, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: 
Connection refused by [127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876m023859: to=root, 
delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261466, 
relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
[127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876n023859: to=root, 
delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261674, 
relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
[127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876o023859: to=root, 
delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4263016, 
relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
[127.0.0.1]
Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PBA12d019104: to=root, 
ctladdr=root (0/0), delay=12:37:57, xdelay=00:00:00, mailer=relay, 
pri=4620423, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection 
refused by [127.0.0.1]


From ecasarero at gmail.com  Sat Jul 26 04:02:28 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Sat Jul 26 04:02:39 2008
Subject: Strange New MS Problem/Errors?
In-Reply-To: <488A67F6.9050209@openenterprise.ca>
References: <488A67F6.9050209@openenterprise.ca>
Message-ID: <7d9b3cf20807252002q40aecac3k91d6677d79ca36cb@mail.gmail.com>

check if the sendmail that processes the local queue starts first than the
listener on port 25. those ar emails to root try sending an email from root
to root and see what happens.

2008/7/25 Johnny Stork 

> Running latest MS and MW on a Centos 5.2 server. After a recent set of
> problems with inconsistent perl installation, now fixed, I now get these
> strange errors when MS starts? Mail seems to be coming through fine though?
>
> And I get hundreds of these lines at startup, but then I dont see them
> again?
>
>
>
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PFN86m006790: to=root,
> delay=08:24:50, xdelay=00:00:00, mailer=relay, pri=3091712, relay=[
> 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PF886m005540: to=root,
> delay=08:39:50, xdelay=00:00:00, mailer=relay, pri=3203746, relay=[
> 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PCN76m024946: to=
> webmin@gateway.johnnystork.ca, delay=11:24:51, xdelay=00:00:00,
> mailer=relay, pri=4178475, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred:
> Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876m023859: to=root,
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261466, relay=[
> 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876n023859: to=root,
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261674, relay=[
> 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876o023859: to=root,
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4263016, relay=[
> 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PBA12d019104: to=root,
> ctladdr=root (0/0), delay=12:37:57, xdelay=00:00:00, mailer=relay,
> pri=4620423, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection
> refused by [127.0.0.1]
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080726/1f7bc8c0/attachment.html
From hvdkooij at vanderkooij.org  Sat Jul 26 07:58:16 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sat Jul 26 07:58:26 2008
Subject: OT: quick question about sorbs
In-Reply-To: 
References: <200807251842.m6PIgMXM016381@safir.blacknight.ie>
	
Message-ID: <488ACB08.4070001@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote:
| on 7-25-2008 11:42 AM Gregg LainJr. spake the following:
|> I won't use sorbs at all anymore - my hosting was recently moved to an
|> old dynamic IP block  that is now static - sorbs was contacted many
|> weeks ago and I blv our block is listed by them depsite many requests.
|> That's a bad way to operate - thus won't use them..
|>
|
| Does your block follow their recommendations?
| http://www.au.sorbs.net/faq/dul.shtml
|
| I figured since you have to post the same message twice, I will respond
| to both.

It seems Greg is either unaware that his "Handspring Mail (1.0)" program
is broken or he is deliberatly duplicating messages.

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIissGBvzDRVjxmYERAlSPAJ4tD7b+rCFeU2imHU2g5TlKQ6KYcQCdHymp
0B4pPqzdx6Ke+z5IwcZkL/Y=
=xK81
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Sat Jul 26 10:28:18 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sat Jul 26 10:28:30 2008
Subject: Wrapper package for MailScanner
Message-ID: <488AEE32.50107@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

One of the things I have not yet looked into in full detail is the
upgrade of MailScanner by yum.

Installing the package is something yum does but there are some extra
activities required from the admin to get a full profit from his/her
updated version.

At present the best I can think of is playing copycat with the
instructions Jules provided and send it of in a message to the local admin.

The rpm packaging guidelines are quite explicit where it comes to
interactive scripts (DON'T!) and Jules did the right thing in not
executing the upgrade script in the mailscanner package as part of the
post install scripts.

Technically the user should see them if the "yum upgrade" command is
executed but there is quite a bit of information and the user may not
remember all steps that well.

There might even be users that might run yum unattended and those would
never see the instructions. I strongly believe that one should never run
yum unattended but some people insist on doing the wrong thing.

Any alternative suggestions?

Jules: Feel free to include the script in the main rpm itself if you
feel like it. Just let me know if you plan to do so we don't duplicate
efforts.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIiu4wBvzDRVjxmYERApXdAKCN99k55YPevIT5/BpScDed+JPFKgCfUbjr
kIh6/Y7Q2XqhVqjljz0UZPo=
=UIZX
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk  Sat Jul 26 13:11:30 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jul 26 13:12:03 2008
Subject: Strange New MS Problem/Errors?
In-Reply-To: 
References: 
Message-ID: <488B1472.4010101@ecs.soton.ac.uk>

Neither MailScanner nor MailWatch have anything to do with your SMTP 
service. These are caused by your sendmail setup.

Johnny Stork wrote:
> Running latest MS and MW on a Centos 5.2 server. After a recent set of 
> problems with inconsistent perl installation, now fixed, I now get 
> these strange errors when MS starts? Mail seems to be coming through 
> fine though?
>
> And I get hundreds of these lines at startup, but then I dont see them 
> again?
>
>
>
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PFN86m006790: to=root, 
> delay=08:24:50, xdelay=00:00:00, mailer=relay, pri=3091712, 
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
> [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PF886m005540: to=root, 
> delay=08:39:50, xdelay=00:00:00, mailer=relay, pri=3203746, 
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
> [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PCN76m024946: 
> to=webmin@gateway.johnnystork.ca, delay=11:24:51, xdelay=00:00:00, 
> mailer=relay, pri=4178475, relay=[127.0.0.1], dsn=4.0.0, 
> stat=Deferred: Connection refused by [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876m023859: to=root, 
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261466, 
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
> [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876n023859: to=root, 
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4261674, 
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
> [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PC876o023859: to=root, 
> delay=11:39:51, xdelay=00:00:00, mailer=relay, pri=4263016, 
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by 
> [127.0.0.1]
> Jul 25 16:47:58 gateway sm-msp-queue[16812]: m6PBA12d019104: to=root, 
> ctladdr=root (0/0), delay=12:37:57, xdelay=00:00:00, mailer=relay, 
> pri=4620423, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection 
> refused by [127.0.0.1]
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From steve.freegard at fsl.com  Sat Jul 26 15:09:59 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Sat Jul 26 15:10:14 2008
Subject: Wrapper package for MailScanner
In-Reply-To: <488AEE32.50107@vanderkooij.org>
References: <488AEE32.50107@vanderkooij.org>
Message-ID: <488B3037.2030500@fsl.com>

Hi Hugo,

Hugo van der Kooij wrote:
> At present the best I can think of is playing copycat with the
> instructions Jules provided and send it of in a message to the local admin.
> 
> The rpm packaging guidelines are quite explicit where it comes to
> interactive scripts (DON'T!) and Jules did the right thing in not
> executing the upgrade script in the mailscanner package as part of the
> post install scripts.

Interactive != automated.

Anything that requires input from the user is not allowed as 
rpm/yum/anaconda does not make provision for this.

Output from scriptlets is fine - providing you don't presume the output 
will be read and understood by a human.

Enabling and starting services is also a no-no.  Conditional restarts 
are acceptable on upgrades.

> Technically the user should see them if the "yum upgrade" command is
> executed but there is quite a bit of information and the user may not
> remember all steps that well.
> 
> There might even be users that might run yum unattended and those would
> never see the instructions. I strongly believe that one should never run
> yum unattended but some people insist on doing the wrong thing.
> 
> Any alternative suggestions?

Why bother telling the user to run a load of commands that they might 
forget or never see when it's fairly straightforward to do all of it for 
them using a %postun scriptlet that runs for upgrades only; check for 
the existance on MailScanner.conf.rpmnew and languages.conf.rpmnew and 
run upgrade_MailScanner_conf and upgrade_languages_conf accordingly.

If yum is run unattended (bad idea as you note) - root get's an email 
with the yum output anyway which will contain a log of the output 
otherwise they'll see output from the scriptlet to the screen when yum 
runs the update.

Here's the relevant scriptlet - it will probably need some tweaking as I 
haven't tested upgrades yet.

%postun
if [ "$1" -ge "1" ]; then
  # We are being upgraded or replaced, not deleted
  # Check for a new MailScanner.conf file
  if [ -f "/etc/MailScanner/MailScanner.conf.rpmnew" ]; then
   echo "Upgrading MailScanner.conf..."
   /usr/sbin/upgrade_MailScanner_conf /etc/MailScanner/MailScanner.conf 
/etc/MailScanner/MailScanner.conf.rpmnew > 
/etc/MailScanner/MailScanner.conf.new
   # TODO: make sure MailScanner.conf.new is not empty
   mv /etc/MailScanner/MailScanner.conf 
/etc/MailScanner/MailScanner.conf.old
   mv /etc/Mailscanner/MailScanner.conf.new 
/etc/MailScanner/MailScanner.conf
   rm -f /etc/MailScanner/MailScanner.conf.rpmnew
  fi
  # Check for a new languages.conf file
  # TODO:  Check all of the reports sub-directories for .rpmnew
  if [ -f "/etc/MailScanner/reports/en/languages.conf.rpmnew" ]; then
   echo "Upgrading languages.conf..."
   /usr/sbin/upgrade_langages_conf 
/etc/MailScanner/reports/en/languages.conf 
/etc/MailScanner/reports/en/languages.conf.rpmnew > 
/etc/MailScanner/reports/en/languages.conf.new
   # TODO:  make sure languages.conf.new is not empty
   mv /etc/MailScanner/reports/en/languages.conf 
/etc/MailScanner/reports/en/languages.conf.old
   mv /etc/MailScanner/reports/en/languages.conf.new 
/etc/MailScanner/reports/en/languages.conf
   rm -f /etc/MailScanner/reports/en/languages.conf.rpmnew
  fi
  # Done - restart MailScanner
  # TODO:  this should be a condrestart as per RPM package guidelines.
  service MailScanner restart
fi
exit 0

As you can probably guess from this - we're doing similar things; just 
in different ways.  They'll be an announcement from FSL about this once 
everything is ready and tested.

Cheers,
Steve.
From cbarber at techquility.net  Sat Jul 26 16:29:49 2008
From: cbarber at techquility.net (Chris Barber)
Date: Sat Jul 26 16:30:25 2008
Subject: If virus, don't scan with SA
In-Reply-To: 
References: <48883D89.4020406@ecs.soton.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk><43F62CA225017044BC84CFAF92B4333B035B5C@sbsserver.Techquility.net>
	
Message-ID: <43F62CA225017044BC84CFAF92B4333B035B6F@sbsserver.Techquility.net>



on 7-25-2008 8:56 AM Chris Barber spake the following:
> There is another very good reason for not bothering to 
> micro-optimi[sz]e this.
> 
> If you're scanning your viruses with spamassassin there's a good 
> chance they'll be auto-learned as spam.  So when the phishing attack 
> is mutated to avoid existing signatures Bayes can still get them.
> 
> Cheers,
> 
> Phil
> 
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
> Julian Field
> Sent: 24 July 2008 09:30
> To: MailScanner discussion
> Subject: Re: If virus, don't scan with SA
> 
> The reason I haven't tried to implement it is that viruses (incl what 
> sanesecurity finds) are a very small percentage of your total mail 
> volume. Probably 2 or 3% at a guess. So it wouldn't actually make any 
> noticeable difference to your MailScanner server load.
> 
> Jules
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 
> Thanks for all the responses guys. I see about 25-30% viruses now that 
> I use sane security. I guess it is different for everyone. But the 
> added bayes entries are prob worth leaving it alone.
> 
> Thanks again,
> Chris
>A lot of those are probably coming from places that others of us don't see because of blacklists. But I have to agree >on the bayes training only helping.

What blacklists do you recommend? The only ones I use are zen.spamhaus.org and list.dsbl.org

Thanks
Chris

From MailScanner at ecs.soton.ac.uk  Sat Jul 26 19:53:58 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jul 26 19:54:26 2008
Subject: Wrapper package for MailScanner
In-Reply-To: 
References: <488AEE32.50107@vanderkooij.org>
	
Message-ID: <488B72C6.2050608@ecs.soton.ac.uk>

My only comment on this would be this: just because 
MailScanner.conf.rpmnew exists, how can you guarantee it was created by 
*this* upgrade? I would check the version number inside it as well, or 
you could rip out some of the user's configuration settings if the 
*.rpmnew files exist from previous upgrades. I agree it's unlikely, but 
it is possible.

Steve Freegard wrote:
> Hi Hugo,
>
> Hugo van der Kooij wrote:
>> At present the best I can think of is playing copycat with the
>> instructions Jules provided and send it of in a message to the local 
>> admin.
>>
>> The rpm packaging guidelines are quite explicit where it comes to
>> interactive scripts (DON'T!) and Jules did the right thing in not
>> executing the upgrade script in the mailscanner package as part of the
>> post install scripts.
>
> Interactive != automated.
>
> Anything that requires input from the user is not allowed as 
> rpm/yum/anaconda does not make provision for this.
>
> Output from scriptlets is fine - providing you don't presume the 
> output will be read and understood by a human.
>
> Enabling and starting services is also a no-no.  Conditional restarts 
> are acceptable on upgrades.
>
>> Technically the user should see them if the "yum upgrade" command is
>> executed but there is quite a bit of information and the user may not
>> remember all steps that well.
>>
>> There might even be users that might run yum unattended and those would
>> never see the instructions. I strongly believe that one should never run
>> yum unattended but some people insist on doing the wrong thing.
>>
>> Any alternative suggestions?
>
> Why bother telling the user to run a load of commands that they might 
> forget or never see when it's fairly straightforward to do all of it 
> for them using a %postun scriptlet that runs for upgrades only; check 
> for the existance on MailScanner.conf.rpmnew and languages.conf.rpmnew 
> and run upgrade_MailScanner_conf and upgrade_languages_conf accordingly.
>
> If yum is run unattended (bad idea as you note) - root get's an email 
> with the yum output anyway which will contain a log of the output 
> otherwise they'll see output from the scriptlet to the screen when yum 
> runs the update.
>
> Here's the relevant scriptlet - it will probably need some tweaking as 
> I haven't tested upgrades yet.
>
> %postun
> if [ "$1" -ge "1" ]; then
>  # We are being upgraded or replaced, not deleted
>  # Check for a new MailScanner.conf file
>  if [ -f "/etc/MailScanner/MailScanner.conf.rpmnew" ]; then
>   echo "Upgrading MailScanner.conf..."
>   /usr/sbin/upgrade_MailScanner_conf /etc/MailScanner/MailScanner.conf 
> /etc/MailScanner/MailScanner.conf.rpmnew > 
> /etc/MailScanner/MailScanner.conf.new
>   # TODO: make sure MailScanner.conf.new is not empty
>   mv /etc/MailScanner/MailScanner.conf 
> /etc/MailScanner/MailScanner.conf.old
>   mv /etc/Mailscanner/MailScanner.conf.new 
> /etc/MailScanner/MailScanner.conf
>   rm -f /etc/MailScanner/MailScanner.conf.rpmnew
>  fi
>  # Check for a new languages.conf file
>  # TODO:  Check all of the reports sub-directories for .rpmnew
>  if [ -f "/etc/MailScanner/reports/en/languages.conf.rpmnew" ]; then
>   echo "Upgrading languages.conf..."
>   /usr/sbin/upgrade_langages_conf 
> /etc/MailScanner/reports/en/languages.conf 
> /etc/MailScanner/reports/en/languages.conf.rpmnew > 
> /etc/MailScanner/reports/en/languages.conf.new
>   # TODO:  make sure languages.conf.new is not empty
>   mv /etc/MailScanner/reports/en/languages.conf 
> /etc/MailScanner/reports/en/languages.conf.old
>   mv /etc/MailScanner/reports/en/languages.conf.new 
> /etc/MailScanner/reports/en/languages.conf
>   rm -f /etc/MailScanner/reports/en/languages.conf.rpmnew
>  fi
>  # Done - restart MailScanner
>  # TODO:  this should be a condrestart as per RPM package guidelines.
>  service MailScanner restart
> fi
> exit 0
>
> As you can probably guess from this - we're doing similar things; just 
> in different ways.  They'll be an announcement from FSL about this 
> once everything is ready and tested.
>
> Cheers,
> Steve.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Sun Jul 27 09:07:13 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun Jul 27 09:07:25 2008
Subject: {Spam?} New Trojan
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
Message-ID: <488C2CB1.1060803@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Randal, Phil wrote:
| New Trojan
| Folks, there's a new trojan being bulk spammed.
| Block the attachment Tax_Invoice.zip if you can.

It seems it is a variation of something going on for years. In fact this
~  new set seems to be in use 3 weeks ago in Germany. Just with different
slogans.

Last year in April I have gathered some info from raw data from which we
estimated that 110 new variants popup daily. There is no way you can
tackle this with patterns.

I think it is vital to use anti-spam tactics on each message. It will be
less and less likely that your pattern based scanner will detect the
first wave of of a new variant. But they will still have lots of the
other characteristics that spam and malware have show over the years.

So in doing a bit of poking around on this one will also result in the
answer to the issue of wether or not it is smart to stop spam scanning
if you find a virus: It is NOT smart.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIjCyvBvzDRVjxmYERAi4AAJ0TQbWP94XowW2vJzFTCyn7ymfJ6wCbBDNl
Oft2f6/floEGyDG00G8oSN0=
=Ovz9
-----END PGP SIGNATURE-----
From gordon at itnt.co.za  Sun Jul 27 16:25:04 2008
From: gordon at itnt.co.za (Gordon Colyn)
Date: Sun Jul 27 16:25:40 2008
Subject: Mailscanner site sendmail.logs.pl download error
Message-ID: 

I am trying to download the
http://www.mailscanner.info/files/contrib/sendmail.logs.pl file and get
the following error;

 


Forbidden


You don't have permission to access /files/contrib/sendmail.logs.pl on
this server. 

Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request. 

 

Can anyone mail this to me?

 

Thanks

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080727/c2b19497/attachment.html
From MailScanner at ecs.soton.ac.uk  Sun Jul 27 17:17:10 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sun Jul 27 17:17:31 2008
Subject: Mailscanner site sendmail.logs.pl download error
In-Reply-To: 
References: 
Message-ID: <488C9F86.9030705@ecs.soton.ac.uk>

Bizarre.

If I rename it to sendmail.logs.perl then you can get it.
So something daft is happening to files with a .pl extension.
Fetch
http://www.mailscanner.info/files/contrib/sendmail.logs.perl
and you'll be fine.

Gordon Colyn wrote:
>
> I am trying to download the 
> http://www.mailscanner.info/files/contrib/sendmail.logs.pl file and 
> get the following error;
>
>  
>
>
>   *Forbidden*
>
> You don't have permission to access /files/contrib/sendmail.logs.pl on 
> this server.
>
> Additionally, a 404 Not Found error was encountered while trying to 
> use an ErrorDocument to handle the request.
>
>  
>
> Can anyone mail this to me?
>
>  
>
> Thanks
>
>  
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Sun Jul 27 18:33:47 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun Jul 27 18:33:56 2008
Subject: Mailscanner site sendmail.logs.pl download error
In-Reply-To: <488C9F86.9030705@ecs.soton.ac.uk>
References: 
	<488C9F86.9030705@ecs.soton.ac.uk>
Message-ID: <488CB17B.1060503@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
| Bizarre.
|
| If I rename it to sendmail.logs.perl then you can get it.
| So something daft is happening to files with a .pl extension.

I think it is called executed. But without the matching stuff.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIjLF5BvzDRVjxmYERAs2uAJ0RC6Pkg5gMSrw4/jEdZQGLdOqZ8wCeMHyH
NQItjVZ5CijFfNwXKRGyOjE=
=UrSu
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Sun Jul 27 18:45:03 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun Jul 27 18:45:12 2008
Subject: URL construct in spam
Message-ID: <488CB41F.2010103@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

It seems there is no SA detection yet of this construct I see on spam
which usually has litte else added in terms of specific hits:

- - Visit our site:  [DOT]com
(copy this link then replace "[DOT]" to ".")

I removed the actual bit of the website before the [DOT] so we shall
give them no extra customers.

But these seem to float around quite a bit.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIjLQdBvzDRVjxmYERAsXiAJ98fBadQjFO5h4R91BhDtLYjyaBCACgnilw
pv/PJ641D9efPdqqSsUugoo=
=33Yo
-----END PGP SIGNATURE-----
From gerard at seibercom.net  Sun Jul 27 23:33:48 2008
From: gerard at seibercom.net (Gerard)
Date: Sun Jul 27 23:34:04 2008
Subject: URL construct in spam
In-Reply-To: <488CB41F.2010103@vanderkooij.org>
References: <488CB41F.2010103@vanderkooij.org>
Message-ID: <20080727183348.7497a964@scorpio>

On Sun, 27 Jul 2008 19:45:03 +0200
Hugo van der Kooij  wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> It seems there is no SA detection yet of this construct I see on spam
> which usually has litte else added in terms of specific hits:
> 
> - - Visit our site:  [DxT]com
> (copy this link then replace "[DxT]" to "x")
> 
> I removed the actual bit of the website before the [DOT] so we shall
> give them no extra customers.
> 
> But these seem to float around quite a bit.
> 
> Hugo.

That little piece of code was being picked up with Sanesecurity
signature: Email.Spam.Gen3427.Sanesecurity.08061007

I have changed the "." and the "O" to an "x" above so it will not get
caught by clamav again.

-- 
Gerard
gerard@seibercom.net

Serfs up!

	Spartacus
From steve.freegard at fsl.com  Mon Jul 28 09:40:33 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jul 28 09:40:46 2008
Subject: Wrapper package for MailScanner
In-Reply-To: <488B72C6.2050608@ecs.soton.ac.uk>
References: <488AEE32.50107@vanderkooij.org>	
	<488B72C6.2050608@ecs.soton.ac.uk>
Message-ID: <488D8601.9070004@fsl.com>

Julian Field wrote:
> My only comment on this would be this: just because 
> MailScanner.conf.rpmnew exists, how can you guarantee it was created by 
> *this* upgrade? I would check the version number inside it as well, or 
> you could rip out some of the user's configuration settings if the 
> *.rpmnew files exist from previous upgrades. I agree it's unlikely, but 
> it is possible.

How about checking for .rpmnew files in %pre and nuking them if found?

That way you can guarantee that the files were created by this upgrade.

Cheers,
Steve.
From ms-list at alexb.ch  Mon Jul 28 10:31:48 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Mon Jul 28 10:32:02 2008
Subject: MailScanner 4.69.8 / Esets 3.0.6
Message-ID: <488D9204.1070005@alexb.ch>

Hugo, All

Trying hard to get Esets for File Server 3.0.6 (esets_scan (esets) 
3.0.6) to run with MailScanner.

The entry in SweepViruses.pm has a bunch of obsolete options.

 From MS:

   "esets"		=> {
     Name		=> 'esets',
     Lock		=> 'esetsBusy.lock',
     CommonOptions	=> '--arch --all -b --subdir --action-on-uncleanable 
accept',
     DisinfectOptions	=> '--action-on-infected clean',
     ScanOptions		=> '--action-on-infected accept',
     InitParser		=> \&InitesetsParser,
     ProcessOutput	=> \&ProcessesetsOutput,
     SupportScanning	=> $S_SUPPORTED,
     SupportDisinfect	=> $S_SUPPORTED,
   },

These are obsolete:
--all
--action-on-uncleanable
--action-on-infected
--action-on-infected accept

I've replaced the above "CommonOptions" with
CommonOptions	=> '--arch --files --subdir',

now I get

Found these virus scanners installed: clamd, esets
===========================================================================
Created attachment dirs for 1 messages
Virus and Content Scanning: Starting
Commencing scanning by esets...
Scanner initialization failed.
Completed scanning by esets


haven't found a working alternative to

DisinfectOptions	=> '--action-on-infected clean',
ScanOptions		=> '--action-on-infected accept',

If someone has this version (not the Esets SMTP version) could you pls 
share your SweepViruses.pm with me?

or does anybody have any other idea what I could be doing wrong?

thanks

Alex

From MailScanner at ecs.soton.ac.uk  Mon Jul 28 14:31:24 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul 28 14:31:43 2008
Subject: MailScanner 4.69.8 / Esets 3.0.6
In-Reply-To: 
References: 
Message-ID: <488DCA2C.7030609@ecs.soton.ac.uk>

If you send me the licence details so I can run a full version on a 
development server for you, I'll put out an updated MailScanner 
including support for this.
But I need a valid licence for it. Please send details to me off-list at 
mailscanner@ecs.soton.ac.uk.

Jules.

Alex Broens wrote:
> Hugo, All
>
> Trying hard to get Esets for File Server 3.0.6 (esets_scan (esets) 
> 3.0.6) to run with MailScanner.
>
> The entry in SweepViruses.pm has a bunch of obsolete options.
>
> From MS:
>
>   "esets"        => {
>     Name        => 'esets',
>     Lock        => 'esetsBusy.lock',
>     CommonOptions    => '--arch --all -b --subdir 
> --action-on-uncleanable accept',
>     DisinfectOptions    => '--action-on-infected clean',
>     ScanOptions        => '--action-on-infected accept',
>     InitParser        => \&InitesetsParser,
>     ProcessOutput    => \&ProcessesetsOutput,
>     SupportScanning    => $S_SUPPORTED,
>     SupportDisinfect    => $S_SUPPORTED,
>   },
>
> These are obsolete:
> --all
> --action-on-uncleanable
> --action-on-infected
> --action-on-infected accept
>
> I've replaced the above "CommonOptions" with
> CommonOptions    => '--arch --files --subdir',
>
> now I get
>
> Found these virus scanners installed: clamd, esets
> =========================================================================== 
>
> Created attachment dirs for 1 messages
> Virus and Content Scanning: Starting
> Commencing scanning by esets...
> Scanner initialization failed.
> Completed scanning by esets
>
>
> haven't found a working alternative to
>
> DisinfectOptions    => '--action-on-infected clean',
> ScanOptions        => '--action-on-infected accept',
>
> If someone has this version (not the Esets SMTP version) could you pls 
> share your SweepViruses.pm with me?
>
> or does anybody have any other idea what I could be doing wrong?
>
> thanks
>
> Alex
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From goetz.reinicke at filmakademie.de  Mon Jul 28 14:57:31 2008
From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=)
Date: Mon Jul 28 14:57:49 2008
Subject: Help needed to locate an E-Mail
Message-ID: <488DD04B.5010505@filmakademie.de>

Hi,

recently an user called me, that she was waiting for some e-mails from 
one person. The mail was send a couple off times and no one arrived at 
the users mailbox.

What I found out so far ist, that the mails arrived at our mailserver 
and are send to the mailbox by sendmail.

Thats how I interpreted the logfiles so far:


[root@mail ~]# grep m6SD9Ted006352 /var/log/maillog

Jul 28 15:09:33 mail sendmail[6352]: m6SD9Ted006352: 
from=, size=60521, class=0, nrcpts=1, 
msgid=<0ADBD67BD6811A4BB2144D805124714D910C85D0@KAEX1.Dom.Rastatt.de>, 
proto=ESMTP, daemon=MTA, relay=tm14.itroot.de [85.115.30.14]

Jul 28 15:09:39 mail MailScanner[13408]: Logging message m6SD9Ted006352 
to SQL

Jul 28 15:09:39 mail MailScanner[13412]: m6SD9Ted006352: Logged to 
MailWatch SQL

Jul 28 15:09:40 mail sendmail[6411]: m6SD9Ted006352: to=fschnize, 
delay=00:00:10, xdelay=00:00:01, mailer=local, pri=180521, dsn=2.0.0, 
stat=Sent


The message is not marced as spam (outupt from the mailwatch database 
entry):

not spam, SpamAssassin (nicht zwischen gespeichert, Wertung=-0.869, 
benoetigt 3.6, autolearn=disabled, BAYES_05 -5.00, FRT_VALIUM1 1.59, 
FRT_VALIUM2 1.30, FUZZY_CREDIT 1.24, FUZZY_VLIUM 0.00, HTML_MESSAGE 0.00)


System:

RHEL5.2
mailscanner-4.70.7-1
spamassassin-3.2.5-1.el5.rf
dovecot-1.0.7-2.el5
AntiVir / Linux Version 2.1.12-52


Any ideas where the mails can be? :) Or whitch steps may I take to do 
more debugging?


Thanks to any sherlock holmes and Dr. watson suggestions!


Best regards

G?tz Reinicke
-- 
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia H?bner
Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium

Gesch?ftsf?hrer:
Prof. Thomas Schadt
From ssilva at sgvwater.com  Mon Jul 28 15:52:15 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 15:53:11 2008
Subject: Convicted spammer dies in murder suicide
Message-ID: 

This just shows what kind of morally deranged people we are defending 
ourselves against.


http://www.eweek.com/c/a/Security/Spam-King-in-MurderSuicide/?kc=EWKNLEDP07282008A


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/89310fc7/signature.bin
From alex at rtpty.com  Mon Jul 28 15:54:57 2008
From: alex at rtpty.com (Alex Neuman)
Date: Mon Jul 28 15:55:11 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: <488DD04B.5010505@filmakademie.de>
References: <488DD04B.5010505@filmakademie.de>
Message-ID: <72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>

Indubitably, you need to check the dovecot logs (could be either /var/ 
log/maillog or /var/log/dovecot.log depending on your config) for that  
user. If you see that user logging into the mail system by POP or  
IMAP, it means that user's machine got the e-mail and the user deleted  
it.

On Jul 28, 2008, at 8:57 AM, G?tz Reinicke wrote:

> dovecot-1.0.7-2.el5

From ssilva at sgvwater.com  Mon Jul 28 16:03:29 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 16:04:32 2008
Subject: If virus, don't scan with SA
In-Reply-To: <43F62CA225017044BC84CFAF92B4333B035B6F@sbsserver.Techquility.net>
References: <48883D89.4020406@ecs.soton.ac.uk>	<7EF0EE5CB3B263488C8C18823239BEBA0447055D@HC-MBX02.herefordshire.gov.uk><43F62CA225017044BC84CFAF92B4333B035B5C@sbsserver.Techquility.net>	
	<43F62CA225017044BC84CFAF92B4333B035B6F@sbsserver.Techquility.net>
Message-ID: 

on 7-26-2008 8:29 AM Chris Barber spake the following:
> 
> on 7-25-2008 8:56 AM Chris Barber spake the following:
>> There is another very good reason for not bothering to 
>> micro-optimi[sz]e this.
>>
>> If you're scanning your viruses with spamassassin there's a good 
>> chance they'll be auto-learned as spam.  So when the phishing attack 
>> is mutated to avoid existing signatures Bayes can still get them.
>>
>> Cheers,
>>
>> Phil
>>
>> --
>> Phil Randal
>> Networks Engineer
>> Herefordshire Council
>> Hereford, UK
>>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of 
>> Julian Field
>> Sent: 24 July 2008 09:30
>> To: MailScanner discussion
>> Subject: Re: If virus, don't scan with SA
>>
>> The reason I haven't tried to implement it is that viruses (incl what 
>> sanesecurity finds) are a very small percentage of your total mail 
>> volume. Probably 2 or 3% at a guess. So it wouldn't actually make any 
>> noticeable difference to your MailScanner server load.
>>
>> Jules
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> Thanks for all the responses guys. I see about 25-30% viruses now that 
>> I use sane security. I guess it is different for everyone. But the 
>> added bayes entries are prob worth leaving it alone.
>>
>> Thanks again,
>> Chris
>> A lot of those are probably coming from places that others of us don't see because of blacklists. But I have to agree >on the bayes training only helping.
> 
> What blacklists do you recommend? The only ones I use are zen.spamhaus.org and list.dsbl.org
> 
> Thanks
> Chris
> 
> 
Ihave had good luck with the spamcop list. I can't use the zen list because 
although my usage is way below their thresholds (way less than 50%, usually 
closer to 25%) I still get blocked by them. But I can't justify the cost of a 
feed for the volume of our mail. Trying to contact them about it falls on deaf 
(I guess it would be blind) mailreaders.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/0ca72e72/signature.bin
From ssilva at sgvwater.com  Mon Jul 28 16:06:43 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 16:10:14 2008
Subject: {Spam?} New Trojan
In-Reply-To: <488C2CB1.1060803@vanderkooij.org>
References: <7EF0EE5CB3B263488C8C18823239BEBA044705FE@HC-MBX02.herefordshire.gov.uk>
	<488C2CB1.1060803@vanderkooij.org>
Message-ID: 

on 7-27-2008 1:07 AM Hugo van der Kooij spake the following:
> Randal, Phil wrote:
> | New Trojan
> | Folks, there's a new trojan being bulk spammed.
> | Block the attachment Tax_Invoice.zip if you can.
> 
> It seems it is a variation of something going on for years. In fact this
> ~  new set seems to be in use 3 weeks ago in Germany. Just with different
> slogans.
> 
> Last year in April I have gathered some info from raw data from which we
> estimated that 110 new variants popup daily. There is no way you can
> tackle this with patterns.
> 
> I think it is vital to use anti-spam tactics on each message. It will be
> less and less likely that your pattern based scanner will detect the
> first wave of of a new variant. But they will still have lots of the
> other characteristics that spam and malware have show over the years.
> 
> So in doing a bit of poking around on this one will also result in the
> answer to the issue of wether or not it is smart to stop spam scanning
> if you find a virus: It is NOT smart.
> 
> Hugo.
> 
I block executables and password protected zips. If someone desperately needs 
to pass an executable, they need to make arrangements for it to be released 
from quarantine. I just do not trust any of my users to "make the right choice".

I swear if a dialog box popped up saying " Clicking this button will make your 
firstborn child cease to exist", they would still blindly click "yes"!


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/6327be76/signature.bin
From ms-list at alexb.ch  Mon Jul 28 16:10:31 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Mon Jul 28 16:11:05 2008
Subject: MailScanner 4.69.8 / Esets 3.0.6
In-Reply-To: <488DCA2C.7030609@ecs.soton.ac.uk>
References: 
	<488DCA2C.7030609@ecs.soton.ac.uk>
Message-ID: <488DE167.4070601@alexb.ch>

On 7/28/2008 3:31 PM, Julian Field wrote:
> If you send me the licence details so I can run a full version on a 
> development server for you, I'll put out an updated MailScanner 
> including support for this.
> But I need a valid licence for it. Please send details to me off-list at 
> mailscanner@ecs.soton.ac.uk.

Sending..

Thanks

Alex


From mikea at mikea.ath.cx  Mon Jul 28 16:19:15 2008
From: mikea at mikea.ath.cx (Mike Andrews W5EGO)
Date: Mon Jul 28 16:19:27 2008
Subject: Convicted spammer dies in murder suicide
In-Reply-To: 
References: 
Message-ID: <20080728151915.GA5169@mikea.ath.cx>

On Mon, Jul 28, 2008 at 07:52:15AM -0700, Scott Silva wrote:
> This just shows what kind of morally deranged people we are defending 
> ourselves against.
> 
> http://www.eweek.com/c/a/Security/Spam-King-in-MurderSuicide/?kc=EWKNLEDP07282008A

My wife was executive director of a non-profit working in the mental 
health field, which meant that I got more exposure to the field and to
her org's clients than I was really comfortable with. Far more, I 
hasten to assure you. 

I think it is much more probable that he was not fully sane when he 
did this, than that he was simply morally deranged. The psychiatrists
and psychologists I'm acquainted with -- more than a few -- tell me 
that folks who attempt suicide generally aren't thinking either well or 
clearly at the time. Judging by those folks I've met who attempted it,
but didn't complete the act, I'm minded to agree. 

That does not mean that I excuse his act. I find it reprehensible and 
horrifying. It shocks me to the core. But the person who did it was 
not, I sincerely believe, thinking well or clearly, and might not have 
been able to pass the M'Naghten (or Mcnaughton) test. 

In happier (for us, not for him) news, Robert Soloway was sentenced 
last week to 27 months in Federal prison. The defense had asked for 2 
years, the prosecution for 6, and the maximum if the judge had chosen 
to throw the book at him was 26 years. He has about 55 days to report 
to prison.

Back to your regularly scheduled discussion of how rules work, where
SpamAssassin's stuff lives, why Bayes isn't working, and how to get 
the new version of MailScanner working. In short, "Break's over; back
on your heads."

-- 
Mike Andrews, W5EGO
mikea@mikea.ath.cx
Tired old sysadmin 
From ssilva at sgvwater.com  Mon Jul 28 16:35:30 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 16:35:55 2008
Subject: Wrapper package for MailScanner
In-Reply-To: <488B72C6.2050608@ecs.soton.ac.uk>
References: <488AEE32.50107@vanderkooij.org>	
	<488B72C6.2050608@ecs.soton.ac.uk>
Message-ID: 

on 7-26-2008 11:53 AM Julian Field spake the following:
> My only comment on this would be this: just because 
> MailScanner.conf.rpmnew exists, how can you guarantee it was created by 
> *this* upgrade? I would check the version number inside it as well, or 
> you could rip out some of the user's configuration settings if the 
> *.rpmnew files exist from previous upgrades. I agree it's unlikely, but 
> it is possible.
> 
> Steve Freegard wrote:
>> Hi Hugo,
>>
>> Hugo van der Kooij wrote:
>>> At present the best I can think of is playing copycat with the
>>> instructions Jules provided and send it of in a message to the local 
>>> admin.
>>>
>>> The rpm packaging guidelines are quite explicit where it comes to
>>> interactive scripts (DON'T!) and Jules did the right thing in not
>>> executing the upgrade script in the mailscanner package as part of the
>>> post install scripts.
>>
>> Interactive != automated.
>>
>> Anything that requires input from the user is not allowed as 
>> rpm/yum/anaconda does not make provision for this.
>>
>> Output from scriptlets is fine - providing you don't presume the 
>> output will be read and understood by a human.
>>
>> Enabling and starting services is also a no-no.  Conditional restarts 
>> are acceptable on upgrades.
>>
>>> Technically the user should see them if the "yum upgrade" command is
>>> executed but there is quite a bit of information and the user may not
>>> remember all steps that well.
>>>
>>> There might even be users that might run yum unattended and those would
>>> never see the instructions. I strongly believe that one should never run
>>> yum unattended but some people insist on doing the wrong thing.
>>>
>>> Any alternative suggestions?
>>
>> Why bother telling the user to run a load of commands that they might 
>> forget or never see when it's fairly straightforward to do all of it 
>> for them using a %postun scriptlet that runs for upgrades only; check 
>> for the existance on MailScanner.conf.rpmnew and languages.conf.rpmnew 
>> and run upgrade_MailScanner_conf and upgrade_languages_conf accordingly.
>>
>> If yum is run unattended (bad idea as you note) - root get's an email 
>> with the yum output anyway which will contain a log of the output 
>> otherwise they'll see output from the scriptlet to the screen when yum 
>> runs the update.
>>
>> Here's the relevant scriptlet - it will probably need some tweaking as 
>> I haven't tested upgrades yet.
>>
>> %postun
>> if [ "$1" -ge "1" ]; then
>>  # We are being upgraded or replaced, not deleted
>>  # Check for a new MailScanner.conf file
>>  if [ -f "/etc/MailScanner/MailScanner.conf.rpmnew" ]; then
>>   echo "Upgrading MailScanner.conf..."
>>   /usr/sbin/upgrade_MailScanner_conf /etc/MailScanner/MailScanner.conf 
>> /etc/MailScanner/MailScanner.conf.rpmnew > 
>> /etc/MailScanner/MailScanner.conf.new
>>   # TODO: make sure MailScanner.conf.new is not empty
>>   mv /etc/MailScanner/MailScanner.conf 
>> /etc/MailScanner/MailScanner.conf.old
>>   mv /etc/Mailscanner/MailScanner.conf.new 
>> /etc/MailScanner/MailScanner.conf
>>   rm -f /etc/MailScanner/MailScanner.conf.rpmnew
>>  fi
>>  # Check for a new languages.conf file
>>  # TODO:  Check all of the reports sub-directories for .rpmnew
>>  if [ -f "/etc/MailScanner/reports/en/languages.conf.rpmnew" ]; then
>>   echo "Upgrading languages.conf..."
>>   /usr/sbin/upgrade_langages_conf 
>> /etc/MailScanner/reports/en/languages.conf 
>> /etc/MailScanner/reports/en/languages.conf.rpmnew > 
>> /etc/MailScanner/reports/en/languages.conf.new
>>   # TODO:  make sure languages.conf.new is not empty
>>   mv /etc/MailScanner/reports/en/languages.conf 
>> /etc/MailScanner/reports/en/languages.conf.old
>>   mv /etc/MailScanner/reports/en/languages.conf.new 
>> /etc/MailScanner/reports/en/languages.conf
>>   rm -f /etc/MailScanner/reports/en/languages.conf.rpmnew
>>  fi
>>  # Done - restart MailScanner
>>  # TODO:  this should be a condrestart as per RPM package guidelines.
>>  service MailScanner restart
>> fi
>> exit 0
>>
>> As you can probably guess from this - we're doing similar things; just 
>> in different ways.  They'll be an announcement from FSL about this 
>> once everything is ready and tested.
>>
>> Cheers,
>> Steve.
> 
> Jules
> 
You would probably want some sort of flag file that a user could touch to stop 
the automatic upgrade of those files. It doesn't bother me, but I remember 
from list traffic that there are many people that have custom comments or 
other content that they wish to preserve.

Maybe a check like;

if [ -f "/etc/MailScanner/no-upgrade" ]; then
   skip upgrade

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/c476fa98/signature.bin
From shaun.metcalfe at iovate.com  Mon Jul 28 16:43:41 2008
From: shaun.metcalfe at iovate.com (Shaun Metcalfe)
Date: Mon Jul 28 16:43:57 2008
Subject: F-prot issues
Message-ID: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>

Hello,

Hoping someone can point me in the right direction here.

We use MailScanner (and Mailwatch) with f-prot to scan for virus/malware
at our mail gateway. The rash of E-ticket and Bill_Tax attachments has
been causing us some grief. 

In MailScanner.conf, I have f-prot defined as our only scanner.
	Virus Scanners = f-prot

In virus.scanners.conf f-prot points to the correct directories
	f-prot          /usr/lib/MailScanner/f-prot-wrapper
/usr/local/f-prot

f-prot is up to date (f-prot -verno )

F-PROT ANTIVIRUS

Program version: 4.6.8
Engine version: 3.16.16

VIRUS SIGNATURE FILES
SIGN.DEF created 27 July 2008
SIGN2.DEF created 27 July 2008
MACRO.DEF created 27 July 2008

And a test of the wrapper returns results, which I assume mean it is
working

/usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot/
/var/spool/MailScanner/quarantine/20080725


/var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/Bill_Tax______
.exe  is a security risk named W32/Downldr2.DBPY
/var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/message->Bill_
Tax.zip->Bill_Tax___________________________N89798742344.exe  is a
security risk named W32/Downldr2.DBPY
/var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N7399
294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  is a
destructive program named W32/Trojan2.AUFO
/var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N7399
294_and_Invoice_for_N73992943442.exe  is a destructive program named
W32/Trojan2.AUFO
/var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/message->E-tic
ket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  is
a destructive program named W32/Trojan2.AUFO
/var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N7399
294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  is a
destructive program named W32/Trojan2.AUFO
/var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N7399
294_and_Invoice_for_N73992943442.exe  is a destructive program named
W32/Trojan2.AUFO
/var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/message->E-tic
ket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  is
a destructive program named W32/Trojan2.AUFO

Results of virus scanning:

Files: 728
MBRs: 0
Boot sectors: 0
Objects scanned: 870
Infected: 0
Suspicious: 138
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 0:01

A tail /var/log/maillog -n 1000 | grep -i virus shows that MailScanner
is invoking something to deal with virus scanning :

Jul 28 11:35:34 mgw MailScanner[30149]: Virus and Content Scanning:
Starting
Jul 28 11:35:35 mgw MailScanner[30149]: New Batch: Scanning 1 messages,
1687 bytes
Jul 28 11:35:37 mgw MailScanner[30149]: Virus and Content Scanning:
Starting
Jul 28 11:35:37 mgw MailScanner[30149]: New Batch: Scanning 2 messages,
2363 bytes

However, it does not seem to be reporting the suspicious activity, and I
don't see a section in MailScanner.conf which allows me to specify what
results as an "infection". 

I was hoping there is a way to include ALL suspicious files as well,
either through identifying the results of the scan such as "is a
destructive program named", "is a security risk named",  or by examining
the f-prot program exit codes.

PROGRAM EXIT CODES
       0      Normal exit.  Nothing found, nothing done.

       1      Unrecoverable error (e.g., missing virus signature files).

       2      Selftest failed (program has been modified).

       3      At least one virus-infected object was found.

       4      Reserved, not currently in use.

       5      Abnormal termination (scanning did not finish).

       6      At least one virus was removed.

       7      Error, out of memory.

       8      At least one suspicious object was found.

       9      At  least  one object was not scanned (encrypted file,
unsupported/unknown compression method, unsupported/unknown file
              format, corrupted or invalid file).

       10     At lest one archive object was not scanned (contains more
then N levels of nested archives, as specified with  -archive
              switch).

Any help or direction would be appreciated. 

Regards,

Shaun.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/4425784c/attachment.html
From hvdkooij at vanderkooij.org  Mon Jul 28 16:49:32 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon Jul 28 16:49:42 2008
Subject: Wrapper package for MailScanner
In-Reply-To: 
References: <488AEE32.50107@vanderkooij.org>		<488B72C6.2050608@ecs.soton.ac.uk>
	
Message-ID: <488DEA8C.1080806@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote:

| You would probably want some sort of flag file that a user could touch
| to stop the automatic upgrade of those files. It doesn't bother me, but
| I remember from list traffic that there are many people that have custom
| comments or other content that they wish to preserve.
|
| Maybe a check like;
|
| if [ -f "/etc/MailScanner/no-upgrade" ]; then
|   skip upgrade

How about the other way around? Then a new package will never hurt
existing users. And once people believe they want the config  upgrade to
be automated they can add a placeholder file to do so from that moment on.

This would be the failsafe way to it. Only if
/etc/MailScanner/automate-config-updates is present this should be done
automagically. (Or by whatever other name Jules likes to call the file.)

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIjeqJBvzDRVjxmYERAqfPAKC1oepghYL/9QtVPAljnooEox5MpgCfY479
Onq4J9SS6pQiEFGiZTG+kLw=
=UnpY
-----END PGP SIGNATURE-----
From ssilva at sgvwater.com  Mon Jul 28 17:01:14 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 17:01:39 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: <488DD04B.5010505@filmakademie.de>
References: <488DD04B.5010505@filmakademie.de>
Message-ID: 

on 7-28-2008 6:57 AM ? spake the following:
> Hi,
> 
> recently an user called me, that she was waiting for some e-mails from 
> one person. The mail was send a couple off times and no one arrived at 
> the users mailbox.
> 
> What I found out so far ist, that the mails arrived at our mailserver 
> and are send to the mailbox by sendmail.
> 
> Thats how I interpreted the logfiles so far:
> 
> 
> [root@mail ~]# grep m6SD9Ted006352 /var/log/maillog
> 
> Jul 28 15:09:33 mail sendmail[6352]: m6SD9Ted006352: 
> from=, size=60521, class=0, nrcpts=1, 
> msgid=<0ADBD67BD6811A4BB2144D805124714D910C85D0@KAEX1.Dom.Rastatt.de>, 
> proto=ESMTP, daemon=MTA, relay=tm14.itroot.de [85.115.30.14]
> 
> Jul 28 15:09:39 mail MailScanner[13408]: Logging message m6SD9Ted006352 
> to SQL
> 
> Jul 28 15:09:39 mail MailScanner[13412]: m6SD9Ted006352: Logged to 
> MailWatch SQL
> 
> Jul 28 15:09:40 mail sendmail[6411]: m6SD9Ted006352: to=fschnize, 
> delay=00:00:10, xdelay=00:00:01, mailer=local, pri=180521, dsn=2.0.0, 
> stat=Sent
> 
> 
> The message is not marced as spam (outupt from the mailwatch database 
> entry):
> 
> not spam, SpamAssassin (nicht zwischen gespeichert, Wertung=-0.869, 
> benoetigt 3.6, autolearn=disabled, BAYES_05 -5.00, FRT_VALIUM1 1.59, 
> FRT_VALIUM2 1.30, FUZZY_CREDIT 1.24, FUZZY_VLIUM 0.00, HTML_MESSAGE 0.00)
> 
> 
> System:
> 
> RHEL5.2
> mailscanner-4.70.7-1
> spamassassin-3.2.5-1.el5.rf
> dovecot-1.0.7-2.el5
> AntiVir / Linux Version 2.1.12-52
> 
> 
> Any ideas where the mails can be? :) Or whitch steps may I take to do 
> more debugging?
> 
> 
> Thanks to any Sherlock Holmes and Dr. Watson suggestions!
> 
I think your Moriarty is acting up again!  ;-P

Sorry, I couldn't resist!



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/e74f02de/signature.bin
From ssilva at sgvwater.com  Mon Jul 28 17:17:33 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 17:17:52 2008
Subject: Wrapper package for MailScanner
In-Reply-To: <488DEA8C.1080806@vanderkooij.org>
References: <488AEE32.50107@vanderkooij.org>		<488B72C6.2050608@ecs.soton.ac.uk>	
	<488DEA8C.1080806@vanderkooij.org>
Message-ID: 

on 7-28-2008 8:49 AM Hugo van der Kooij spake the following:
> Scott Silva wrote:
> 
> | You would probably want some sort of flag file that a user could touch
> | to stop the automatic upgrade of those files. It doesn't bother me, but
> | I remember from list traffic that there are many people that have custom
> | comments or other content that they wish to preserve.
> |
> | Maybe a check like;
> |
> | if [ -f "/etc/MailScanner/no-upgrade" ]; then
> |   skip upgrade
> 
> How about the other way around? Then a new package will never hurt
> existing users. And once people believe they want the config  upgrade to
> be automated they can add a placeholder file to do so from that moment on.
> 
> This would be the failsafe way to it. Only if
> /etc/MailScanner/automate-config-updates is present this should be done
> automagically. (Or by whatever other name Jules likes to call the file.)
> 
> Hugo.
> 
> 
That does sound much safer. Must consciously choose to have updates done.
No accidents, no blame!
Jules might even agree to this.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/39cd4eb5/signature.bin
From ssilva at sgvwater.com  Mon Jul 28 17:21:26 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 17:25:11 2008
Subject: F-prot issues
In-Reply-To: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>
References: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>
Message-ID: 

on 7-28-2008 8:43 AM Shaun Metcalfe spake the following:
> Hello,
> 
> Hoping someone can point me in the right direction here.
> 
> We use MailScanner (and Mailwatch) with f-prot to scan for virus/malware 
> at our mail gateway. The rash of E-ticket and Bill_Tax attachments has 
> been causing us some grief.
> 
> In MailScanner.conf, I have f-prot defined as our only scanner.
>         Virus Scanners = f-prot
> 
> In virus.scanners.conf f-prot points to the correct directories
>         f-prot          /usr/lib/MailScanner/f-prot-wrapper     
> /usr/local/f-prot
> 
> f-prot is up to date (f-prot -verno )
> 
> F-PROT ANTIVIRUS
> 
> Program version: 4.6.8
> Engine version: 3.16.16
> 
> VIRUS SIGNATURE FILES
> SIGN.DEF created 27 July 2008
> SIGN2.DEF created 27 July 2008
> MACRO.DEF created 27 July 2008
> 
> And a test of the wrapper returns results, which I assume mean it is 
> working
> 
> /usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot/ 
> /var/spool/MailScanner/quarantine/20080725
> 
> 
> /var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/Bill_Tax______.exe  
> is a security risk named W32/Downldr2.DBPY
> 
> /var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/message->Bill_Tax.zip->Bill_Tax___________________________N89798742344.exe  
> is a security risk named W32/Downldr2.DBPY
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/message->E-ticket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/message->E-ticket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe  
> is a destructive program named W32/Trojan2.AUFO
> 
> Results of virus scanning:
> 
> Files: 728
> MBRs: 0
> Boot sectors: 0
> Objects scanned: 870
> Infected: 0
> Suspicious: 138
> Disinfected: 0
> Deleted: 0
> Renamed: 0
> 
> Time: 0:01
> 
> A tail /var/log/maillog -n 1000 | grep -i virus shows that MailScanner 
> is invoking something to deal with virus scanning :
> 
> Jul 28 11:35:34 mgw MailScanner[30149]: Virus and Content Scanning: 
> Starting
> Jul 28 11:35:35 mgw MailScanner[30149]: New Batch: Scanning 1 messages, 
> 1687 bytes
> Jul 28 11:35:37 mgw MailScanner[30149]: Virus and Content Scanning: 
> Starting
> Jul 28 11:35:37 mgw MailScanner[30149]: New Batch: Scanning 2 messages, 
> 2363 bytes
> 
> However, it does not seem to be reporting the suspicious activity, and I 
> don't see a section in MailScanner.conf which allows me to specify what 
> results as an "infection".
> 
> I was hoping there is a way to include ALL suspicious files as well, 
> either through identifying the results of the scan such as "is a 
> destructive program named", "is a security risk named",  or by examining 
> the f-prot program exit codes.
> 
> PROGRAM EXIT CODES
>        0      Normal exit.  Nothing found, nothing done.
> 
>        1      Unrecoverable error (e.g., missing virus signature files).
> 
>        2      Selftest failed (program has been modified).
> 
>        3      At least one virus-infected object was found.
> 
>        4      Reserved, not currently in use.
> 
>        5      Abnormal termination (scanning did not finish).
> 
>        6      At least one virus was removed.
> 
>        7      Error, out of memory.
> 
>        8      At least one suspicious object was found.
> 
>        9      At  least  one object was not scanned (encrypted file, 
> unsupported/unknown compression method, unsupported/unknown file
> 
>               format, corrupted or invalid file).
> 
>        10     At lest one archive object was not scanned (contains more 
> then N levels of nested archives, as specified with  -archive
> 
>               switch).
> 
> Any help or direction would be appreciated.
> 
> Regards,
> 
> Shaun.
> 
This won't help your F-prot problem, but I would recommend installing Clamav 
since it is free, and will give you a buffer just in case F-prot stops 
working. Clam has very good detection rates for a free product.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/36428eca/signature.bin
From spamtrap71892316634 at anime.net  Mon Jul 28 18:16:05 2008
From: spamtrap71892316634 at anime.net (Dan Hollis)
Date: Mon Jul 28 18:16:18 2008
Subject: Convicted spammer dies in murder suicide
In-Reply-To: <20080728151915.GA5169@mikea.ath.cx>
References:  <20080728151915.GA5169@mikea.ath.cx>
Message-ID: 

On Mon, 28 Jul 2008, Mike Andrews W5EGO wrote:
> In happier (for us, not for him) news, Robert Soloway was sentenced
> last week to 27 months in Federal prison. The defense had asked for 2
> years, the prosecution for 6, and the maximum if the judge had chosen
> to throw the book at him was 26 years. He has about 55 days to report
> to prison.

47 months not 27.

http://seattletimes.nwsource.com/html/localnews/2008066608_websoloway23m.html

In addition to roughly $700k in criminal fines, he owes around $18 million 
in civil judgements against him.

One could argue that anyone who spams is not sane to begin with.

-Dan
From ssilva at sgvwater.com  Mon Jul 28 18:42:44 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 18:43:15 2008
Subject: Convicted spammer dies in murder suicide
In-Reply-To: 
References:  <20080728151915.GA5169@mikea.ath.cx>
	
Message-ID: 

on 7-28-2008 10:16 AM Dan Hollis spake the following:
> On Mon, 28 Jul 2008, Mike Andrews W5EGO wrote:
>> In happier (for us, not for him) news, Robert Soloway was sentenced
>> last week to 27 months in Federal prison. The defense had asked for 2
>> years, the prosecution for 6, and the maximum if the judge had chosen
>> to throw the book at him was 26 years. He has about 55 days to report
>> to prison.
> 
> 47 months not 27.
> 
> http://seattletimes.nwsource.com/html/localnews/2008066608_websoloway23m.html 
> 
> 
> In addition to roughly $700k in criminal fines, he owes around $18 
> million in civil judgements against him.
> 
> One could argue that anyone who spams is not sane to begin with.
> 
> -Dan
Like a drug dealer, they must see the lure of wealth to be more important than 
sane judgment or morality.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/42eb2919/signature.bin
From shaun.metcalfe at iovate.com  Mon Jul 28 18:44:07 2008
From: shaun.metcalfe at iovate.com (Shaun Metcalfe)
Date: Mon Jul 28 18:44:25 2008
Subject: F-prot issues
In-Reply-To: 
References: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>
	
Message-ID: <86B9B86BCEB41A4BB91B7BF948C98A65F992A2@ioexchange03.iovate.com>

Hello,

Thank you for the reply. I have installed ClamAV as well (it is not
currently invoked in MailScanner until I can QA it).

However, it does not detect the recent trojan/virus.

# clamscan --version
ClamAV 0.93.3/7866/Mon Jul 28 11:40:05 2008

# freshclam
ClamAV update process started at Mon Jul 28 13:41:03 2008
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/support/faq for an explanation.
main.cvd is up to date (version: 47, sigs: 312304, f-level: 31, builder:
sven)
daily.cvd is up to date (version: 7866, sigs: 64592, f-level: 33,
builder: ccordes) 

# clamscan /var/spool/MailScanner/quarantine/20080725

----------- SCAN SUMMARY -----------
Known viruses: 376130
Engine version: 0.93.3
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 2.552 sec (0 m 2 s)

Which is why I am hoping I can hook into f-prot and get quarantine with
virus identification.

Regards,

Shaun.


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott
Silva
Sent: Monday, July 28, 2008 12:21 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: F-prot issues

on 7-28-2008 8:43 AM Shaun Metcalfe spake the following:
> Hello,
> 
> Hoping someone can point me in the right direction here.
> 
> We use MailScanner (and Mailwatch) with f-prot to scan for 
> virus/malware at our mail gateway. The rash of E-ticket and Bill_Tax 
> attachments has been causing us some grief.
> 
> In MailScanner.conf, I have f-prot defined as our only scanner.
>         Virus Scanners = f-prot
> 
> In virus.scanners.conf f-prot points to the correct directories
>         f-prot          /usr/lib/MailScanner/f-prot-wrapper     
> /usr/local/f-prot
> 
> f-prot is up to date (f-prot -verno )
> 
> F-PROT ANTIVIRUS
> 
> Program version: 4.6.8
> Engine version: 3.16.16
> 
> VIRUS SIGNATURE FILES
> SIGN.DEF created 27 July 2008
> SIGN2.DEF created 27 July 2008
> MACRO.DEF created 27 July 2008
> 
> And a test of the wrapper returns results, which I assume mean it is 
> working
> 
> /usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot/
> /var/spool/MailScanner/quarantine/20080725
> 
> 
> /var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/Bill_Tax____
> __.exe is a security risk named W32/Downldr2.DBPY
> 
> /var/spool/MailScanner/quarantine/20080725/m6P9eb7N020874/message->Bil
> l_Tax.zip->Bill_Tax___________________________N89798742344.exe
> is a security risk named W32/Downldr2.DBPY
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N73
> 99294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/E-ticket_N73
> 99294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PIJVA4014593/message->E-t
> icket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N73
> 99294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/E-ticket_N73
> 99294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> /var/spool/MailScanner/quarantine/20080725/m6PMxL55025452/message->E-t
> icket_N7399294.zip->E-ticket_N7399294_and_Invoice_for_N73992943442.exe
> is a destructive program named W32/Trojan2.AUFO
> 
> Results of virus scanning:
> 
> Files: 728
> MBRs: 0
> Boot sectors: 0
> Objects scanned: 870
> Infected: 0
> Suspicious: 138
> Disinfected: 0
> Deleted: 0
> Renamed: 0
> 
> Time: 0:01
> 
> A tail /var/log/maillog -n 1000 | grep -i virus shows that MailScanner

> is invoking something to deal with virus scanning :
> 
> Jul 28 11:35:34 mgw MailScanner[30149]: Virus and Content Scanning: 
> Starting
> Jul 28 11:35:35 mgw MailScanner[30149]: New Batch: Scanning 1 
> messages,
> 1687 bytes
> Jul 28 11:35:37 mgw MailScanner[30149]: Virus and Content Scanning: 
> Starting
> Jul 28 11:35:37 mgw MailScanner[30149]: New Batch: Scanning 2 
> messages,
> 2363 bytes
> 
> However, it does not seem to be reporting the suspicious activity, and

> I don't see a section in MailScanner.conf which allows me to specify 
> what results as an "infection".
> 
> I was hoping there is a way to include ALL suspicious files as well, 
> either through identifying the results of the scan such as "is a 
> destructive program named", "is a security risk named",  or by 
> examining the f-prot program exit codes.
> 
> PROGRAM EXIT CODES
>        0      Normal exit.  Nothing found, nothing done.
> 
>        1      Unrecoverable error (e.g., missing virus signature
files).
> 
>        2      Selftest failed (program has been modified).
> 
>        3      At least one virus-infected object was found.
> 
>        4      Reserved, not currently in use.
> 
>        5      Abnormal termination (scanning did not finish).
> 
>        6      At least one virus was removed.
> 
>        7      Error, out of memory.
> 
>        8      At least one suspicious object was found.
> 
>        9      At  least  one object was not scanned (encrypted file, 
> unsupported/unknown compression method, unsupported/unknown file
> 
>               format, corrupted or invalid file).
> 
>        10     At lest one archive object was not scanned (contains
more 
> then N levels of nested archives, as specified with  -archive
> 
>               switch).
> 
> Any help or direction would be appreciated.
> 
> Regards,
> 
> Shaun.
> 
This won't help your F-prot problem, but I would recommend installing
Clamav since it is free, and will give you a buffer just in case F-prot
stops working. Clam has very good detection rates for a free product.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Mon Jul 28 19:51:02 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul 28 19:51:20 2008
Subject: F-prot issues
In-Reply-To: <86B9B86BCEB41A4BB91B7BF948C98A65F992A2@ioexchange03.iovate.com>
References: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>	
	<86B9B86BCEB41A4BB91B7BF948C98A65F992A2@ioexchange03.iovate.com>
Message-ID: 

on 7-28-2008 10:44 AM Shaun Metcalfe spake the following:
> Hello,
> 
> Thank you for the reply. I have installed ClamAV as well (it is not
> currently invoked in MailScanner until I can QA it).
> 
> However, it does not detect the recent trojan/virus.
> 
> # clamscan --version
> ClamAV 0.93.3/7866/Mon Jul 28 11:40:05 2008
> 
> # freshclam
> ClamAV update process started at Mon Jul 28 13:41:03 2008
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> See the FAQ at http://www.clamav.net/support/faq for an explanation.
> main.cvd is up to date (version: 47, sigs: 312304, f-level: 31, builder:
> sven)
> daily.cvd is up to date (version: 7866, sigs: 64592, f-level: 33,
> builder: ccordes) 
> 
> # clamscan /var/spool/MailScanner/quarantine/20080725
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 376130
> Engine version: 0.93.3
> Scanned directories: 1
> Scanned files: 0
> Infected files: 0
> Data scanned: 0.00 MB
> Time: 2.552 sec (0 m 2 s)
> 
> Which is why I am hoping I can hook into f-prot and get quarantine with
> virus identification.
> 
> Regards,
> 
> Shaun.
If you have a file that is known to be a virus, but Clam is not detecting you 
could submit it to http://www.clamav.net/sendvirus/

You could also try that with
clamscan -r /var/spool/MailScanner/quarantine/20080725
since viruses usually get stuck in separate directories.




-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/98fea5ef/signature.bin
From TGFurnish at herffjones.com  Mon Jul 28 19:55:09 2008
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Mon Jul 28 19:55:24 2008
Subject: encryption?
Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03F1DE@inex3.herffjones.hj-int>

This is slightly off-topic, but is anyone already doing the following or
do you know *how* to do the following with MailScanner and/or Sendmail?
Basically I'd like to tie in a Voltage for encryption, and it works
entirely based SMTP.

If an email with a particular message header comes into the mailscanner
system that handles outbound email, I'd like to route it via SMTP over
to a Voltage server, which will accept the message, encrypt it, then
send it back.

The bit I'm not sure how to do is re-routing a message based on the
presence of a particular header.  Imagine the head is simply
"X-Needs-Encryption: YES".  Is there a way to have MS or Sendmail send
that message elsewhere?  Would it have to change the SMTP recipient to
do so, or can we just hand off to the other system without changing the
SMTP recipient (as is done by sendmail when using the mailertable
feature)?

Bonus points if you work for or use the FSL products and are able to
jump in and tell me Barricade or Defender can do the same. ;-)

--
Trever Furnish, tgfurnish@herffjones.com
Herff Jones, Inc. Unix / Network Administrator
Phone: 317.612.3519
Any sufficiently advanced technology is indistinguishable from Unix.

From hvdkooij at vanderkooij.org  Tue Jul 29 06:49:58 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Jul 29 06:50:09 2008
Subject: encryption?
In-Reply-To: <57573D714A832C43B9D80EAFBDA48D030A03F1DE@inex3.herffjones.hj-int>
References: <57573D714A832C43B9D80EAFBDA48D030A03F1DE@inex3.herffjones.hj-int>
Message-ID: <488EAF86.6090308@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Furnish, Trever G wrote:

| Bonus points if you work for or use the FSL products and are able to
| jump in and tell me Barricade or Defender can do the same. ;-)

How about me telling you that you can work something out if you use
postfix instead?

Have you looked into the wonderfull world of milters?

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIjq+EBvzDRVjxmYERAmPIAJ48ZyOz+hKXT5DnHAJ2BXsNXc99SQCbB+0H
hy34NP/b01OhGTpm0NXSUG4=
=7x2T
-----END PGP SIGNATURE-----
From goetz.reinicke at filmakademie.de  Tue Jul 29 07:16:47 2008
From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=)
Date: Tue Jul 29 07:17:01 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: <72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>
References: <488DD04B.5010505@filmakademie.de>
	<72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>
Message-ID: <488EB5CF.7080506@filmakademie.de>

Hi,

Alex Neuman schrieb:
> Indubitably, you need to check the dovecot logs (could be either 
> /var/log/maillog or /var/log/dovecot.log depending on your config) for 
> that user. If you see that user logging into the mail system by POP or 
> IMAP, it means that user's machine got the e-mail and the user deleted it.

we use IMAP only and the user definitively didn't deleted or downloaded 
the mail by hand.

I'v scaned all of the usere mailboxfiles, and the mails where not there.

> On Jul 28, 2008, at 8:57 AM, G?tz Reinicke wrote:
> 
>> dovecot-1.0.7-2.el5
> 

Any more suggestions or hints?


Thanks and best regards

G?tz Reinicke
-- 
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia H?bner
Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium

Gesch?ftsf?hrer:
Prof. Thomas Schadt
From P.G.M.Peters at utwente.nl  Tue Jul 29 08:37:03 2008
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Tue Jul 29 08:37:12 2008
Subject: F-prot issues
In-Reply-To: 
References: <86B9B86BCEB41A4BB91B7BF948C98A65F992A1@ioexchange03.iovate.com>
	
Message-ID: <488EC89F.90700@utwente.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote on 28-7-2008 18:21:

> This won't help your F-prot problem, but I would recommend installing
> Clamav since it is free, and will give you a buffer just in case F-prot
> stops working. Clam has very good detection rates for a free product.

I use both and make reports each month. And each month ClamAV seems to
find a few more infected messages than F-prot does.

May 2008
F-Prot:
    727 W32/Netsky.P@mm
    362 HTML/IFrame
ClamAV:
    749 Worm.SomeFool.P::
    366 Exploit.HTML.IFrame::

April 2008
F-Prot:
    566 W32/Netsky.P@mm
    304 HTML/IFrame
ClamAV:
    579 Worm.SomeFool.P::
    308 Exploit.HTML.IFrame::

Only last month I saw the other way around for SomeFool.P/Netsky.P:
F-Prot:
    440 W32/Netsky.P@mm
    222 HTML/IFrame
ClamAV:
    439 Worm.SomeFool.P::
    227 Exploit.HTML.IFrame::

And besides detecting these ClamAV has a good trackrecord in detecting
phishings.

- --
Peter Peters, Teamleider Unix/Linux-Beheer
ICT-Servicecentrum
Universiteit Twente, Postbus 217, 7500 AE Enschede
Telefoon 053 489 2301, Fax 053 489 2383,
P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIjsifelLo80lrIdIRAuKEAKCJ0q/Lfce2SaXY2uqqhh3hELkrOwCfSyM4
MxM0dcspz2y97IWvwUbVLUs=
=cvIL
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk  Tue Jul 29 10:16:17 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul 29 10:16:38 2008
Subject: encryption?
In-Reply-To: 
References: 
Message-ID: <488EDFE1.9060902@ecs.soton.ac.uk>



Furnish, Trever G wrote:
> This is slightly off-topic, but is anyone already doing the following or
> do you know *how* to do the following with MailScanner and/or Sendmail?
> Basically I'd like to tie in a Voltage for encryption, and it works
> entirely based SMTP.
>
> If an email with a particular message header comes into the mailscanner
> system that handles outbound email, I'd like to route it via SMTP over
> to a Voltage server, which will accept the message, encrypt it, then
> send it back.
>
> The bit I'm not sure how to do is re-routing a message based on the
> presence of a particular header.  Imagine the head is simply
> "X-Needs-Encryption: YES".  Is there a way to have MS or Sendmail send
> that message elsewhere?  Would it have to change the SMTP recipient to
> do so, or can we just hand off to the other system without changing the
> SMTP recipient (as is done by sendmail when using the mailertable
> feature)?
>   
You would probably have to change the SMTP recipient slightly to do it, 
but you can probably do it in such a way that you could reconstruct the 
original SMTP recipient again.

What I'm thinking of is a "SpamAssassin Rule Actions" setting. If you 
added the original recipient list with "Add Envelope To Header = yes" 
these would get logged in the header of the message. If you then wrote a 
tiny SpamAssassin rule such as
header  VOLTAGE_SPOTTER X-Needs-Encryption: =~ /YES/i
describe VOLTAGE_SPOTTER Spot mail that needs encrypting
score VOLTAGE_SPOTTER -0.01
you could then use a SpamAssassin Rule Actions setting like this:
SpamAssassin Rule Actions = VOLTAGE_SPOTTER=>forward 
encryptme@voltage.mydomain.com

That would take all mail with the "X-Needs-Encryption: YES" header and 
send it to encryptme@voltage.mydomain.com.

You then route that mail to your Voltage server with a 
/etc/mail/mailertable line saying this:
voltage.mydomain.com   esmtp:[my-voltage-server.mydomain.com]

Then your Voltage server needs to encrypt the mail coming to it via SMTP 
from your MailScanner server. After it's encrypted it, it needs to 
replace the original list of recipients with the contents of the 
X-MailScanner-Envelope-To: header, and send it onwards to its final 
destination. If you removed the X-Needs-Encryption: header in the 
Voltage server as well, then you could even just pass it back to your 
MailScanner server again for delivery.

I don't know if you have the source code, as I've never heard of 
Voltage, but if you can mess with envelope recipients at all then the 
above should be quite possible.

Is my explanation clear enough? Does it help at all?
I do a similar (though simpler) trick to get all my email scanned for 
images that might contain illegal (e.g. child porn, etc) content.

If anyone else is interested in scanning their mail for illegal image 
content, please contact me off-list. I have a system running here which 
works very well, but you need to sign an NDA before I can tell you much 
about it.


Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jul 29 10:18:06 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul 29 10:18:25 2008
Subject: Wrapper package for MailScanner
In-Reply-To: 
References: <488AEE32.50107@vanderkooij.org>		<488B72C6.2050608@ecs.soton.ac.uk>		<488DEA8C.1080806@vanderkooij.org>
	
Message-ID: <488EE04E.9090101@ecs.soton.ac.uk>



Scott Silva wrote:
> on 7-28-2008 8:49 AM Hugo van der Kooij spake the following:
>> Scott Silva wrote:
>>
>> | You would probably want some sort of flag file that a user could touch
>> | to stop the automatic upgrade of those files. It doesn't bother me, 
>> but
>> | I remember from list traffic that there are many people that have 
>> custom
>> | comments or other content that they wish to preserve.
>> |
>> | Maybe a check like;
>> |
>> | if [ -f "/etc/MailScanner/no-upgrade" ]; then
>> |   skip upgrade
>>
>> How about the other way around? Then a new package will never hurt
>> existing users. And once people believe they want the config  upgrade to
>> be automated they can add a placeholder file to do so from that 
>> moment on.
>>
>> This would be the failsafe way to it. Only if
>> /etc/MailScanner/automate-config-updates is present this should be done
>> automagically. (Or by whatever other name Jules likes to call the file.)
>>
>> Hugo.
>>
>>
> That does sound much safer. Must consciously choose to have updates done.
> No accidents, no blame!
> Jules might even agree to this.
>
Why not just make it a setting in MailScanner.conf that by default is 
set to 'no'?
I can do a simple 'grep' to find what it's set to.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Tue Jul 29 12:39:56 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul 29 12:40:10 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: <488EB5CF.7080506@filmakademie.de>
References: <488DD04B.5010505@filmakademie.de>
	<72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>
	<488EB5CF.7080506@filmakademie.de>
Message-ID: 

So in the dovecot logs there is absolutely *no* indication of the user  
reading the mailbox?
On Jul 29, 2008, at 1:16 AM, G?tz Reinicke wrote:

> we use IMAP only and the user definitively didn't deleted or  
> downloaded the mail by hand.

> I'v scaned all of the usere mailboxfiles, and the mails where not  
> there.
Scanning all the mailboxes only assumes the mails were there to begin  
with.

If you eliminate the impossible, whatever remains, however improbable,  
must be the truth.

Do you know the "from:" and "to:" of the e-mails in question? If you  
know this, or if you can get the message ID from mailwatch, grep the / 
var/log/maillog file to see exactly what happened to the message. Can  
you cut and paste this here?

From goetz.reinicke at filmakademie.de  Tue Jul 29 12:56:06 2008
From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=)
Date: Tue Jul 29 12:56:23 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: 
References: <488DD04B.5010505@filmakademie.de>	<72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>	<488EB5CF.7080506@filmakademie.de>
	
Message-ID: <488F0556.4070009@filmakademie.de>

Hi Alex,

Alex Neuman schrieb:
> So in the dovecot logs there is absolutely *no* indication of the user 
> reading the mailbox?
> On Jul 29, 2008, at 1:16 AM, G?tz Reinicke wrote:
> 
>> we use IMAP only and the user definitively didn't deleted or 
>> downloaded the mail by hand.
> 
>> I'v scaned all of the usere mailboxfiles, and the mails where not there.
> Scanning all the mailboxes only assumes the mails were there to begin with.
> 
> If you eliminate the impossible, whatever remains, however improbable, 
> must be the truth.

I know :)

> Do you know the "from:" and "to:" of the e-mails in question? If you 
> know this, or if you can get the message ID from mailwatch, grep the 
> /var/log/maillog file to see exactly what happened to the message. Can 
> you cut and paste this here?
> 

It's in the original posting, The last sendmail message is "stat=Sent"



[root@mail ~]# grep m6SD9Ted006352 /var/log/maillog

Jul 28 15:09:33 mail sendmail[6352]: m6SD9Ted006352: 
from=, size=60521, class=0, nrcpts=1, 
msgid=<0ADBD67BD6811A4BB2144D805124714D910C85D0@KAEX1.Dom.Rastatt.de>, 
proto=ESMTP, daemon=MTA, relay=tm14.itroot.de [85.115.30.14]

Jul 28 15:09:39 mail MailScanner[13408]: Logging message m6SD9Ted006352 
to SQL

Jul 28 15:09:39 mail MailScanner[13412]: m6SD9Ted006352: Logged to 
MailWatch SQL

Jul 28 15:09:40 mail sendmail[6411]: m6SD9Ted006352: to=fschnize, 
delay=00:00:10, xdelay=00:00:01, mailer=local, pri=180521, dsn=2.0.0, 
stat=Sent

Regards

G?tz

-- 
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia H?bner
Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium

Gesch?ftsf?hrer:
Prof. Thomas Schadt
From steve.freegard at fsl.com  Tue Jul 29 14:10:50 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul 29 14:11:03 2008
Subject: Help needed to locate an E-Mail
In-Reply-To: <488F0556.4070009@filmakademie.de>
References: <488DD04B.5010505@filmakademie.de>	<72114BF2-D914-4B51-A433-B2396D79820A@rtpty.com>	<488EB5CF.7080506@filmakademie.de>	
	<488F0556.4070009@filmakademie.de>
Message-ID: <488F16DA.6010403@fsl.com>

G?tz Reinicke wrote:
> Jul 28 15:09:40 mail sendmail[6411]: m6SD9Ted006352: to=fschnize, 
> delay=00:00:10, xdelay=00:00:01, mailer=local, pri=180521, dsn=2.0.0, 
> stat=Sent

That tells you that sendmail successfully delivered the message to the 
'fschnize' mailbox using the 'local' mailer.

If it went missing after that then it happened further upstream in the 
e-mail chain e.g. procmail, dovecot or the users MUA.

I'd check the users .procmailrc and as Alex suggests check the Dovecot 
logs (make sure you look for the message ID 
'0ADBD67BD6811A4BB2144D805124714D910C85D0@KAEX1.Dom.Rastatt.de' and not 
the sendmail msgid) and then finally check the users MUA (as it might 
have put the message in their 'Spam' folder or have client-side rules etc.).

HTH,
Steve.
From jdustin at usm.maine.edu  Tue Jul 29 15:36:10 2008
From: jdustin at usm.maine.edu (Jon Dustin)
Date: Tue Jul 29 15:36:49 2008
Subject: dying children?
Message-ID: <488EF29A.6C9D.008D.0@usm.maine.edu>

Greetings -

For the past few weeks my Mailscanner duo has been slowing down. I have a pair of SLES10 boxes running Postfix and MailScanner v4.62.9. I realize this is a slightly old version, but it had been running very well for a long time.

Last night I began digging around and discovered the MailScanner children are dying very quickly (just a few minutes), and replaced with new siblings. If I understand MailScanner's architecture, the children should live for 12 hours before being replaced by the master?

This morning I have upgraded one MailScanner node to the latest STABLE version (v4.70.7), but the problem still remains. 

I thought the issue may have to do with MailWatch, so I disabled the "Always Looked Up Last" function. This change had no effect.

At this point it appears some messages are being scanned multiple times by different children, which slows the process down dramatically. Thinking this was a locking issue, I changed Lock Type to posix, also with no effect.

The speed reported in syslog seems decent for most batches:

Jul 29 10:31:31 mail2 MailScanner[12348]: Batch (30 messages) processed in 229.92 seconds
Jul 29 10:31:39 mail2 MailScanner[12601]: Batch (13 messages) processed in 107.58 seconds
Jul 29 10:32:02 mail2 MailScanner[12375]: Batch (22 messages) processed in 185.64 seconds
Jul 29 10:32:07 mail2 MailScanner[12685]: Batch (12 messages) processed in 99.20 seconds
Jul 29 10:32:25 mail2 MailScanner[12685]: Batch (2 messages) processed in 17.73 seconds
Jul 29 10:32:26 mail2 MailScanner[12804]: Batch (4 messages) processed in 44.68 seconds

This box is running as a VM session, but on very decent hardware with 1GB ram.

Any thoughts on where I should investigate next?

Thank you for your assistance and ideas.

From martyn at invictawiz.com  Tue Jul 29 15:49:41 2008
From: martyn at invictawiz.com (Martyn Routley)
Date: Tue Jul 29 15:49:49 2008
Subject: dying children?
In-Reply-To: <488EF29A.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
Message-ID: <488F2E05.3050806@invictawiz.com>

Julian (or whoever organises the list)

I nearly deleted this without reading it as I thought it had managed to 
slip through my Defender+Barricade.
All I read was the subject line "dying children"

Any chance of adding the list name to the subject, just like on many 
other lists.

Jon Dustin wrote:
> Greetings -
>
> For the past few weeks my Mailscanner duo has been slowing down. I have a pair of SLES10 boxes running Postfix and MailScanner v4.62.9. I realize this is a slightly old version, but it had been running very well for a long time.
>   
Sorry Jon
I haven't any suggestions for your problem.

Martyn
From ecasarero at gmail.com  Tue Jul 29 15:52:01 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Tue Jul 29 15:52:12 2008
Subject: dying children?
In-Reply-To: <488EF29A.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
Message-ID: <7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>

2008/7/29 Jon Dustin 

> Greetings -
>
> For the past few weeks my Mailscanner duo has been slowing down. I have a
> pair of SLES10 boxes running Postfix and MailScanner v4.62.9. I realize this
> is a slightly old version, but it had been running very well for a long
> time.
>
> Last night I began digging around and discovered the MailScanner children
> are dying very quickly (just a few minutes), and replaced with new siblings.
> If I understand MailScanner's architecture, the children should live for 12
> hours before being replaced by the master?
>
> This morning I have upgraded one MailScanner node to the latest STABLE
> version (v4.70.7), but the problem still remains.
>
> I thought the issue may have to do with MailWatch, so I disabled the
> "Always Looked Up Last" function. This change had no effect.
>
> At this point it appears some messages are being scanned multiple times by
> different children, which slows the process down dramatically. Thinking this
> was a locking issue, I changed Lock Type to posix, also with no effect.
>
> The speed reported in syslog seems decent for most batches:
>
> Jul 29 10:31:31 mail2 MailScanner[12348]: Batch (30 messages) processed in
> 229.92 seconds
> Jul 29 10:31:39 mail2 MailScanner[12601]: Batch (13 messages) processed in
> 107.58 seconds
> Jul 29 10:32:02 mail2 MailScanner[12375]: Batch (22 messages) processed in
> 185.64 seconds
> Jul 29 10:32:07 mail2 MailScanner[12685]: Batch (12 messages) processed in
> 99.20 seconds
> Jul 29 10:32:25 mail2 MailScanner[12685]: Batch (2 messages) processed in
> 17.73 seconds
> Jul 29 10:32:26 mail2 MailScanner[12804]: Batch (4 messages) processed in
> 44.68 seconds
>
> This box is running as a VM session, but on very decent hardware with 1GB
> ram.
>
> Any thoughts on where I should investigate next?
>

In MailScanner.conf what do you have in "Restart Every" ??

# To avoid resource leaks, re-start periodically. Forces a re-read of all
# the configuration files too, so new updates to the bad phishing sites list
# are read frequently.
Restart Every = 14400



>
> Thank you for your assistance and ideas.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080729/bb567ce2/attachment.html
From jdustin at usm.maine.edu  Tue Jul 29 15:58:29 2008
From: jdustin at usm.maine.edu (Jon Dustin)
Date: Tue Jul 29 15:59:00 2008
Subject: dying children?
In-Reply-To: <7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>
Message-ID: <488EF7D5.6C9D.008D.0@usm.maine.edu>

>>> On 7/29/2008 at 10:52 AM, in message
<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>, "Eduardo
Casarero"  wrote:
> 2008/7/29 Jon Dustin 
> 
>> Greetings -
>>
>>
>> Last night I began digging around and discovered the MailScanner children
>> are dying very quickly (just a few minutes), and replaced with new siblings.
>> If I understand MailScanner's architecture, the children should live for 12
>> hours before being replaced by the master?
>>
>> This morning I have upgraded one MailScanner node to the latest STABLE
>> version (v4.70.7), but the problem still remains.
>>
>>
>> At this point it appears some messages are being scanned multiple times by
>> different children, which slows the process down dramatically. Thinking this
>> was a locking issue, I changed Lock Type to posix, also with no effect.
>>
>>
> 
> In MailScanner.conf what do you have in "Restart Every" ??
> 
> # To avoid resource leaks, re-start periodically. Forces a re-read of all
> # the configuration files too, so new updates to the bad phishing sites list
> # are read frequently.
> Restart Every = 14400

I have the default, Restart Every = 14400

Another update: It appears only certain messages cause the children to die, as there are some in the queue that seem to be scanned MANY times:

Jul 29 10:53:02 mail2 MailScanner[14863]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.1BC27 from dailydish@yournewsletters.net 
Jul 29 10:53:49 mail2 MailScanner[15327]: SpamAssassin cache hit for message 9DDB8BA3DF.E8E41
Jul 29 10:54:33 mail2 MailScanner[15327]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.E8E41 from dailydish@yournewsletters.net 
Jul 29 10:54:36 mail2 MailScanner[15600]: SpamAssassin cache hit for message 9DDB8BA3DF.8BF99
Jul 29 10:55:35 mail2 MailScanner[15600]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.8BF99 from dailydish@yournewsletters.net 
Jul 29 10:55:56 mail2 MailScanner[15735]: SpamAssassin cache hit for message 9DDB8BA3DF.F3A78

(above message arrived at 1020, and is still being processed by various children at 1058)



From MailScanner at ecs.soton.ac.uk  Tue Jul 29 16:05:48 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul 29 16:06:19 2008
Subject: dying children?
In-Reply-To: 
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
	
Message-ID: <488F31CC.5060909@ecs.soton.ac.uk>



Martyn Routley wrote:
> Julian (or whoever organises the list)
>
> I nearly deleted this without reading it as I thought it had managed 
> to slip through my Defender+Barricade.
> All I read was the subject line "dying children"
>
> Any chance of adding the list name to the subject, just like on many 
> other lists.
>
Go to lists.mailscanner.info and you should find you can set this 
per-user for yourself.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ricky.boone at gmail.com  Tue Jul 29 16:12:12 2008
From: ricky.boone at gmail.com (Ricky Boone)
Date: Tue Jul 29 16:12:30 2008
Subject: dying children?
In-Reply-To: <488EF7D5.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>
	<488EF7D5.6C9D.008D.0@usm.maine.edu>
Message-ID: <488F334C.3080504@gmail.com>

Jon Dustin wrote:
> Another update: It appears only certain messages cause the children to die, as there are some in the queue that seem to be scanned MANY times:

I had the same issue with a few messages.  The issue actually caused 
MailScanner/Postfix to fill up the quarantine partition a few times with 
duplicate copies of the message.  We've upgraded to MailScanner 4.70.7 
on the affected box, and haven't gotten the issue since.
From steve.freegard at fsl.com  Tue Jul 29 16:17:06 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul 29 16:17:20 2008
Subject: dying children?
In-Reply-To: <488EF7D5.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>
	<488EF7D5.6C9D.008D.0@usm.maine.edu>
Message-ID: <488F3472.1090904@fsl.com>

Jon Dustin wrote:
>>>> On 7/29/2008 at 10:52 AM, in message
>
> Another update: It appears only certain messages cause the children to die, as there are some in the queue that seem to be scanned MANY times:
> 
> Jul 29 10:53:02 mail2 MailScanner[14863]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.1BC27 from dailydish@yournewsletters.net 
> Jul 29 10:53:49 mail2 MailScanner[15327]: SpamAssassin cache hit for message 9DDB8BA3DF.E8E41
> Jul 29 10:54:33 mail2 MailScanner[15327]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.E8E41 from dailydish@yournewsletters.net 
> Jul 29 10:54:36 mail2 MailScanner[15600]: SpamAssassin cache hit for message 9DDB8BA3DF.8BF99
> Jul 29 10:55:35 mail2 MailScanner[15600]: Content Checks: Detected and have disarmed web bug tags in HTML message in 9DDB8BA3DF.8BF99 from dailydish@yournewsletters.net 
> Jul 29 10:55:56 mail2 MailScanner[15735]: SpamAssassin cache hit for message 9DDB8BA3DF.F3A78
> 
> (above message arrived at 1020, and is still being processed by various children at 1058)
> 

I suspect MailScanner is dying at during the batch which causes the 
messages to be processed again and again.

Run MailScanner in debug mode 'MailScanner --debug --debug-sa' and see 
what turns up.

Cheers,
Steve.

From ssilva at sgvwater.com  Tue Jul 29 16:31:52 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul 29 16:32:33 2008
Subject: encryption?
In-Reply-To: <488EDFE1.9060902@ecs.soton.ac.uk>
References: 
	<488EDFE1.9060902@ecs.soton.ac.uk>
Message-ID: 

on 7-29-2008 2:16 AM Julian Field spake the following:
> 
> 
> Furnish, Trever G wrote:
>> This is slightly off-topic, but is anyone already doing the following or
>> do you know *how* to do the following with MailScanner and/or Sendmail?
>> Basically I'd like to tie in a Voltage for encryption, and it works
>> entirely based SMTP.
>>
>> If an email with a particular message header comes into the mailscanner
>> system that handles outbound email, I'd like to route it via SMTP over
>> to a Voltage server, which will accept the message, encrypt it, then
>> send it back.
>>
>> The bit I'm not sure how to do is re-routing a message based on the
>> presence of a particular header.  Imagine the head is simply
>> "X-Needs-Encryption: YES".  Is there a way to have MS or Sendmail send
>> that message elsewhere?  Would it have to change the SMTP recipient to
>> do so, or can we just hand off to the other system without changing the
>> SMTP recipient (as is done by sendmail when using the mailertable
>> feature)?
>>   
> You would probably have to change the SMTP recipient slightly to do it, 
> but you can probably do it in such a way that you could reconstruct the 
> original SMTP recipient again.
> 
> What I'm thinking of is a "SpamAssassin Rule Actions" setting. If you 
> added the original recipient list with "Add Envelope To Header = yes" 
> these would get logged in the header of the message. If you then wrote a 
> tiny SpamAssassin rule such as
> header  VOLTAGE_SPOTTER X-Needs-Encryption: =~ /YES/i
> describe VOLTAGE_SPOTTER Spot mail that needs encrypting
> score VOLTAGE_SPOTTER -0.01
> you could then use a SpamAssassin Rule Actions setting like this:
> SpamAssassin Rule Actions = VOLTAGE_SPOTTER=>forward 
> encryptme@voltage.mydomain.com
> 
> That would take all mail with the "X-Needs-Encryption: YES" header and 
> send it to encryptme@voltage.mydomain.com.
> 
> You then route that mail to your Voltage server with a 
> /etc/mail/mailertable line saying this:
> voltage.mydomain.com   esmtp:[my-voltage-server.mydomain.com]
> 
> Then your Voltage server needs to encrypt the mail coming to it via SMTP 
> from your MailScanner server. After it's encrypted it, it needs to 
> replace the original list of recipients with the contents of the 
> X-MailScanner-Envelope-To: header, and send it onwards to its final 
> destination. If you removed the X-Needs-Encryption: header in the 
> Voltage server as well, then you could even just pass it back to your 
> MailScanner server again for delivery.
> 
> I don't know if you have the source code, as I've never heard of 
> Voltage, but if you can mess with envelope recipients at all then the 
> above should be quite possible.
> 
> Is my explanation clear enough? Does it help at all?
> I do a similar (though simpler) trick to get all my email scanned for 
> images that might contain illegal (e.g. child porn, etc) content.
> 
> If anyone else is interested in scanning their mail for illegal image 
> content, please contact me off-list. I have a system running here which 
> works very well, but you need to sign an NDA before I can tell you much 
> about it.
> 
> 
> Jules
> 
Where does he get all those wonderful toys?  ;-D



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080729/5804409e/signature.bin
From simonmjones at gmail.com  Tue Jul 29 16:45:12 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Tue Jul 29 16:45:21 2008
Subject: per domain sigs
Message-ID: <70572c510807290845p3326847fq90ac4c92e8000707@mail.gmail.com>

Hello all, is it possible to setup a signature per domain within
mailscanner? i.e. change the default "scanned and believed to be
clean" message to something else on a per domain basis?

thanks

Simon
From jdustin at usm.maine.edu  Tue Jul 29 16:52:48 2008
From: jdustin at usm.maine.edu (Jon Dustin)
Date: Tue Jul 29 16:53:35 2008
Subject: dying children?
In-Reply-To: <488F3472.1090904@fsl.com>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>
	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>
	<488F3472.1090904@fsl.com>
Message-ID: <488F0490.6C9D.008D.0@usm.maine.edu>

>>> On 7/29/2008 at 11:17 AM, in message <488F3472.1090904@fsl.com>, Steve Freegard
 wrote:
> Jon Dustin wrote:
>>>>> On 7/29/2008 at 10:52 AM, in message
>>
>> Another update: It appears only certain messages cause the children to die, 
> as there are some in the queue that seem to be scanned MANY times:
>> 
> 
> I suspect MailScanner is dying at during the batch which causes the 
> messages to be processed again and again.
> 
> Run MailScanner in debug mode 'MailScanner --debug --debug-sa' and see 
> what turns up.
> 

Sure enough, I found a message that was causing the MailScanner children to die. Each of my MailScanner hosts had a copy (guess I'm just lucky) delivered on July 7, and that is exactly when performance began degrading.

Julian - Would you like a copy of these messages? They look like spam to me, but I am not sure exactly where the problem with MailScanner lies.

From steve.freegard at fsl.com  Tue Jul 29 17:03:03 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul 29 17:03:14 2008
Subject: dying children?
In-Reply-To: <488F0490.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>	<488F3472.1090904@fsl.com>
	<488F0490.6C9D.008D.0@usm.maine.edu>
Message-ID: <488F3F37.8020607@fsl.com>

Jon Dustin wrote:
>>>> On 7/29/2008 at 11:17 AM, in message <488F3472.1090904@fsl.com>, Steve Freegard
>> Run MailScanner in debug mode 'MailScanner --debug --debug-sa' and see 
>> what turns up.
>>
> 
> Sure enough, I found a message that was causing the MailScanner children to die. Each of my MailScanner hosts had a copy (guess I'm just lucky) delivered on July 7, and that is exactly when performance began degrading.
> 
> Julian - Would you like a copy of these messages? They look like spam to me, but I am not sure exactly where the problem with MailScanner lies.
> 

What output do you get from --debug?  As it might not be a problem with 
MailScanner but one of the associated utilities.

Cheers,
Steve.
From martyn at invictawiz.com  Tue Jul 29 17:58:14 2008
From: martyn at invictawiz.com (Martyn Routley)
Date: Tue Jul 29 17:58:22 2008
Subject: subject line
In-Reply-To: <488F31CC.5060909@ecs.soton.ac.uk>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	
	<488F31CC.5060909@ecs.soton.ac.uk>
Message-ID: <488F4C26.90809@invictawiz.com>

Julian Field wrote:
>
>
> Martyn Routley wrote:
>> Any chance of adding the list name to the subject, just like on many 
>> other lists.
>>
> Go to lists.mailscanner.info and you should find you can set this 
> per-user for yourself.
>
> Jules
>
I don't have this option. (But would like to have it)

-- 

Martyn 

From ssilva at sgvwater.com  Tue Jul 29 17:59:26 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul 29 17:59:42 2008
Subject: per domain sigs
In-Reply-To: <70572c510807290845p3326847fq90ac4c92e8000707@mail.gmail.com>
References: <70572c510807290845p3326847fq90ac4c92e8000707@mail.gmail.com>
Message-ID: 

on 7-29-2008 8:45 AM Simon Jones spake the following:
> Hello all, is it possible to setup a signature per domain within
> mailscanner? i.e. change the default "scanned and believed to be
> clean" message to something else on a per domain basis?
> 
> thanks
> 
> Simon
Yes.
Rulesets ... Learn rulesets.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rulesets



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080729/f77abaa7/signature.bin
From hvdkooij at vanderkooij.org  Tue Jul 29 18:29:14 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Jul 29 18:29:27 2008
Subject: Wrapper package for MailScanner
In-Reply-To: <488EE04E.9090101@ecs.soton.ac.uk>
References: <488AEE32.50107@vanderkooij.org>		<488B72C6.2050608@ecs.soton.ac.uk>		<488DEA8C.1080806@vanderkooij.org>	
	<488EE04E.9090101@ecs.soton.ac.uk>
Message-ID: <488F536A.4020607@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
|
|
| Scott Silva wrote:
|> on 7-28-2008 8:49 AM Hugo van der Kooij spake the following:
|>> Scott Silva wrote:
|>>
|>> | You would probably want some sort of flag file that a user could touch
|>> | to stop the automatic upgrade of those files. It doesn't bother me,
|>> but
|>> | I remember from list traffic that there are many people that have
|>> custom
|>> | comments or other content that they wish to preserve.
|>> |
|>> | Maybe a check like;
|>> |
|>> | if [ -f "/etc/MailScanner/no-upgrade" ]; then
|>> |   skip upgrade
|>>
|>> How about the other way around? Then a new package will never hurt
|>> existing users. And once people believe they want the config  upgrade to
|>> be automated they can add a placeholder file to do so from that
|>> moment on.
|>>
|>> This would be the failsafe way to it. Only if
|>> /etc/MailScanner/automate-config-updates is present this should be done
|>> automagically. (Or by whatever other name Jules likes to call the file.)
|>>
|>> Hugo.
|>>
|>>
|> That does sound much safer. Must consciously choose to have updates done.
|> No accidents, no blame!
|> Jules might even agree to this.
|>
| Why not just make it a setting in MailScanner.conf that by default is
| set to 'no'?
| I can do a simple 'grep' to find what it's set to.

The only reason why I think this may be more trouble is that you have to
make your %pre and %post scripts more complex. And they would require
additional tools for which you have to check as a dependency to make
sure the scripts themselves will not fail.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIj1NpBvzDRVjxmYERAtKXAJwL4VPp71onjuxlL5HNOvMz49p3QQCgjMLm
AvOfXrPFingYx/g3pz0VWOA=
=IAxL
-----END PGP SIGNATURE-----
From jdustin at usm.maine.edu  Tue Jul 29 18:31:12 2008
From: jdustin at usm.maine.edu (Jon Dustin)
Date: Tue Jul 29 18:31:56 2008
Subject: dying children?
In-Reply-To: <488F3F37.8020607@fsl.com>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>	<488F3472.1090904@fsl.com>
	<488F0490.6C9D.008D.0@usm.maine.edu><488F0490.6C9D.008D.0@usm.maine.edu>
	<488F3F37.8020607@fsl.com>
Message-ID: <488F1BA0.6C9D.008D.0@usm.maine.edu>

>>> On 7/29/2008 at 12:03 PM, in message <488F3F37.8020607@fsl.com>, Steve Freegard
 wrote:
> Jon Dustin wrote:
>>>>> On 7/29/2008 at 11:17 AM, in message <488F3472.1090904@fsl.com>, Steve 
> Freegard
>>>
>> 
>> Sure enough, I found a message that was causing the MailScanner children to 
> die. Each of my MailScanner hosts had a copy (guess I'm just lucky) delivered 
> on July 7, and that is exactly when performance began degrading.
>> 
>> Julian - Would you like a copy of these messages? They look like spam to me, 
> but I am not sure exactly where the problem with MailScanner lies.
>> 
> 
> What output do you get from --debug?  As it might not be a problem with 
> MailScanner but one of the associated utilities.

Here is the output from --debug --debug-sa

13:27:38 [31635] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.288, head-points=0.288, learned-points=-2.599
13:27:38 [31635] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam
Segmentation fault

Anything else to try?

PS - My MailScanner(s) are working much better since I have removed this nasty message.

From hvdkooij at vanderkooij.org  Tue Jul 29 18:34:48 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Jul 29 18:34:57 2008
Subject: dying children?
In-Reply-To: <488F2E05.3050806@invictawiz.com>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
	<488F2E05.3050806@invictawiz.com>
Message-ID: <488F54B8.9020005@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martyn Routley wrote:
| Julian (or whoever organises the list)
|
| I nearly deleted this without reading it as I thought it had managed to
| slip through my Defender+Barricade.
| All I read was the subject line "dying children"
|
| Any chance of adding the list name to the subject, just like on many
| other lists.

I like the mailinglist just as it is without the extra clutter in the
Subject line. So I am afraid my vote would be against ading it.

Any decent email environment has plenty of other ways to distinguish the
message as a mailinglist message. Thunderbird has a good plugin for that.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIj1S2BvzDRVjxmYERAibNAJ944gJBlIQHN3XBEn/m++F1685aqACfRvcT
WZWREN5US7CZ/LvpWEbYPYc=
=gQ/L
-----END PGP SIGNATURE-----
From TGFurnish at herffjones.com  Tue Jul 29 18:42:25 2008
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Tue Jul 29 18:42:39 2008
Subject: encryption?
In-Reply-To: <488EAF86.6090308@vanderkooij.org>
References: <57573D714A832C43B9D80EAFBDA48D030A03F1DE@inex3.herffjones.hj-int>
	<488EAF86.6090308@vanderkooij.org>
Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03F1F6@inex3.herffjones.hj-int>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij
> Sent: Tuesday, July 29, 2008 1:50 AM
> To: MailScanner discussion
> Subject: Re: encryption?
 
> Furnish, Trever G wrote:
> 
> | Bonus points if you work for or use the FSL products and are able to
> | jump in and tell me Barricade or Defender can do the same. ;-)
> 
> How about me telling you that you can work something out if you use
> postfix instead?
> 
> Have you looked into the wonderfull world of milters?
> 
> Hugo.

Hi, Hugo.  I'm actually looking into switching from MailScanner to FSL's
BarricadeMX/DefenderMX combo, and Steve already noted that they're
hoping to add hooks for encryption soon but don't have them yet.  I was
assuming that combo uses sendmail, but I suppose that may not be a valid
assumption.  I thought if I could figure out how to do it on my existing
systems, then I could be reasonably certain of how I could do it on my
own on a DefenderMX system until there's an integrated encryption
offering.

I could just route all inbound and outbound mail through the voltage
system -- I just would prefer not to do that for any mail except that
which needs to be encrypted.

I have little experience with Postfix, not enough to be interested in
switching at this point.  I use a couple of milters in sendmail.  Do you
know of a milter (or a Postfix way you feel like bragging about ;-) )
that would help here?

It occurred to me that if I could just get MailScanner to move the
messages into a different directory, then I could have a simple script
pull out the header and move them into a new sendmail queue, with
sendmail configured to handle that queue simply by sending everything
over to the Voltage systems.  I don't know that Voltage can/will remove
the X- header on its own.


> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From ajcartmell at fonant.com  Tue Jul 29 19:36:10 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Tue Jul 29 19:36:23 2008
Subject: dying children?
In-Reply-To: <488F54B8.9020005@vanderkooij.org>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>
	<488F2E05.3050806@invictawiz.com> <488F54B8.9020005@vanderkooij.org>
Message-ID: 

> I like the mailinglist just as it is without the extra clutter in the
> Subject line. So I am afraid my vote would be against ading it.

+1

> Any decent email environment has plenty of other ways to distinguish the
> message as a mailinglist message. Thunderbird has a good plugin for that.

Opera creates mail views for mailing lists by default, but I've added a  
custom filter (view) as well. Most mail clients should be able to filter  
(or move if you've got a message-can-only-be-in-one-place system) on the  
 From address.

HTH,

Anthony
-- 
www.fonant.com - Quality web sites
From ka at pacific.net  Tue Jul 29 20:49:48 2008
From: ka at pacific.net (Ken A)
Date: Tue Jul 29 20:50:04 2008
Subject: encryption?
In-Reply-To: 
References: 	<488EDFE1.9060902@ecs.soton.ac.uk>
	
Message-ID: <488F745C.3000200@pacific.net>

Scott Silva wrote:
> on 7-29-2008 2:16 AM Julian Field spake the following:

...snip...

>>
>> Is my explanation clear enough? Does it help at all?
>> I do a similar (though simpler) trick to get all my email scanned for 
>> images that might contain illegal (e.g. child porn, etc) content.
>>
>> If anyone else is interested in scanning their mail for illegal image 
>> content, please contact me off-list. I have a system running here 
>> which works very well, but you need to sign an NDA before I can tell 
>> you much about it.
>>
>>
>> Jules
>>
> Where does he get all those wonderful toys?  ;-D
> 
> 
> 

Has he crossed over to the dark side with some FuzzyBigBrother plugin 
for S.A.?

-- 
Ken Anderson
Pacific.Net

From steve.freegard at fsl.com  Tue Jul 29 22:07:08 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul 29 22:07:27 2008
Subject: dying children?
In-Reply-To: <488F1BA0.6C9D.008D.0@usm.maine.edu>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>	<488F3472.1090904@fsl.com>	<488F0490.6C9D.008D.0@usm.maine.edu><488F0490.6C9D.008D.0@usm.maine.edu>	<488F3F37.8020607@fsl.com>
	<488F1BA0.6C9D.008D.0@usm.maine.edu>
Message-ID: <488F867C.1000102@fsl.com>

Jon Dustin wrote:

>> What output do you get from --debug?  As it might not be a problem with 
>> MailScanner but one of the associated utilities.
> 
> Here is the output from --debug --debug-sa
> 
> 13:27:38 [31635] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.288, head-points=0.288, learned-points=-2.599
> 13:27:38 [31635] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam
> Segmentation fault
> 
> Anything else to try?
> 
> PS - My MailScanner(s) are working much better since I have removed this nasty message.
>

That would seem to indicate a problem with a Perl module that uses XS 
(e.g. C functions into Perl) and not with MailScanner itself.

You would have to install 'strace' and run the message through again 
like so:

strace MailScanner --debug --debug-sa

And then look at around the last 25-50 lines or so for clues.

I've seen this happen before; mainly with Mail::ClamAV (which is why I 
prefer clamd now); but I've seen it happen with other modules too.

Regards,
Steve.
From marcel-ml at irc-addicts.de  Wed Jul 30 02:06:50 2008
From: marcel-ml at irc-addicts.de (Marcel Blenkers)
Date: Wed Jul 30 02:07:41 2008
Subject: MailScanner + MailWatch-Problem
Message-ID: 

Hello,

i am using MailScanner and Mailwatch.

Suddenly the following line seems to popup in an unregular basis on the 
shell:



commit ineffective with AutoCommit enabled at 
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, 
 line 1.


Does anyone got any idea what this could be causing this?

Thanks in advance

Marcel
From lists at openenterprise.ca  Wed Jul 30 02:44:13 2008
From: lists at openenterprise.ca (Johnny Stork)
Date: Wed Jul 30 02:44:26 2008
Subject: Twin MailScanner/MW Setups?
Message-ID: <488FC76D.70405@openenterprise.ca>

I would like to setup dual MS/MW machines for a basic round-robin dual 
MX setup. Are there any docs/guidelines for doing this and sharing a 
single database? Can I assume its a simple as setting them both up and 
just using the same DB?


-- 
Johnny Stork
Open Enterprise Solutions
"Empowering Business With Open Solutions"

http://www.openenterprise.ca

From ecasarero at gmail.com  Wed Jul 30 03:10:35 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Wed Jul 30 03:10:46 2008
Subject: Twin MailScanner/MW Setups?
In-Reply-To: <488FC76D.70405@openenterprise.ca>
References: <488FC76D.70405@openenterprise.ca>
Message-ID: <7d9b3cf20807291910h40c0acacxda258aaca8921d75@mail.gmail.com>

2008/7/29 Johnny Stork 

> I would like to setup dual MS/MW machines for a basic round-robin dual MX
> setup. Are there any docs/guidelines for doing this and sharing a single
> database? Can I assume its a simple as setting them both up and just using
> the same DB?
>
> Just choose one of the servers as mysql server and in the DB conf use the
other host. Its very simple.


>
> --
> Johnny Stork
> Open Enterprise Solutions
> "Empowering Business With Open Solutions"
>
> http://www.openenterprise.ca
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080729/7886fce8/attachment.html
From jdustin at usm.maine.edu  Wed Jul 30 03:48:01 2008
From: jdustin at usm.maine.edu (Jon Dustin)
Date: Wed Jul 30 03:48:24 2008
Subject: dying children?
In-Reply-To: <488F867C.1000102@fsl.com>
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>	<488F3472.1090904@fsl.com>	<488F0490.6C9D.008D.0@usm.maine.edu><488F0490.6C9D.008D.0@usm.maine.edu>	<488F3F37.8020607@fsl.com>
	<488F1BA0.6C9D.008D.0@usm.maine.edu><488F1BA0.6C9D.008D.0@usm.maine.edu>
	<488F867C.1000102@fsl.com>
Message-ID: <488F9E41.6C9D.008D.0@usm.maine.edu>

>>> On 7/29/2008 at 5:07 PM, in message <488F867C.1000102@fsl.com>, Steve Freegard
 wrote:
> That would seem to indicate a problem with a Perl module that uses XS 
> (e.g. C functions into Perl) and not with MailScanner itself.
> 
> You would have to install 'strace' and run the message through again 
> like so:
> 
> strace MailScanner --debug --debug-sa
> 
> And then look at around the last 25-50 lines or so for clues.
> 
> I've seen this happen before; mainly with Mail::ClamAV (which is why I 
> prefer clamd now); but I've seen it happen with other modules too.

As I imagined, there is a BUNCH of output from strace. I will try to find the relevant sections at the bottom of the output:

(from MailScanner output)
22:43:39 [16217] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
22:43:39 [16217] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__TVD_BODY,__UNUSABLE_MSGID
22:43:39 [16217] dbg: bayes: untie-ing
22:43:39 Building a message batch to scan...
22:43:39 Have a batch of 1 message.
max message size is '100k'

(from strace)
16217 open("/usr/lib/perl5/5.8.8/Text/ParseWords.pm", O_RDONLY|O_LARGEFILE) = 11

16217 open("/usr/lib/perl5/5.8.8/i586-linux-thread-multi/auto/PerlIO/scalar/scalar.so", O_RDONLY) = 11

read(12, "
>HTML and top-posting are both strongly deprecated on mailing lists for
>good and practical reasons. 
 

Rather I think you did. 

S'later...


...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
  

 

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter
Farrow
Sent: Wednesday, July 30, 2008 3:09 PM
To: MailScanner discussion
Subject: Re: Google gmail


You missed the point...

;-)


Jay R. Ashworth wrote: 

	On Wed, Jul 23, 2008 at 06:58:51PM +0100, Peter Farrow wrote:
	  

		   Get with program this is the 21st Century, I don't
have any issues with
		   html, and can work from a top posted reply  too.
		    

	
	HTML and top-posting are both strongly deprecated on mailing
lists for
	good and practical reasons.
	
	http://www.mythtv.org/wiki/index.php/Mailing_List_etiquette
	
	Cheers,
	-- jra
	  


-- 
This message has been scanned for viruses and 
dangerous content by the Inexcom   system
scanner, 
and is believed to be clean. 
Advanced heuristic mail scanning server [-]. 
From csweeney at osubucks.org  Thu Jul 31 00:39:22 2008
From: csweeney at osubucks.org (Chris Sweeney)
Date: Thu Jul 31 00:39:47 2008
Subject: Google gmail
In-Reply-To: <4890F47E.5080904@farrows.org>
References: 	<48870A64.2080403@farrows.org>		<20080723121430.10301b77@scorpio>	<4887715B.6010506@farrows.org>	<20080730172449.GR24021@cgi.jachomes.com>
	<4890F47E.5080904@farrows.org>
Message-ID: <000f01c8f29d$80548870$80fd9950$@org>

Ok let's not let this thread go again J  Let's face it, it is 2008 and most
of us now use email programs that use HTML or read from webmail which can
handle it just fine.  Many times most if not all of us read and reply and
post from portable devices that do horrible things like top posting.  It's
just the way it is, so rather than bitch and moan about it, just live with
it, just like I do the old people who can't drive and hold me up in the
morning LOL J

 

 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080730/77767b9d/attachment.html
From edward at tdcs.com.au  Thu Jul 31 00:42:29 2008
From: edward at tdcs.com.au (Edward Dekkers)
Date: Thu Jul 31 00:43:35 2008
Subject: Attach blocking
In-Reply-To: <21be6cae0807301253v3bac063ep92bb9bd9abed4f20@mail.gmail.com>
References: <21be6cae0807301253v3bac063ep92bb9bd9abed4f20@mail.gmail.com>
Message-ID: 

I have a problem that maybe is from config...
I need some help with this,

I have 5 users, 2 of then with the extension block of .doc files... they
can't recieve .doc files..

But when I sent an e-mail  to that 5 people... it blocks for all.. not just
for the 2 that have the attachment block..

How should I procede, I need that those 3 recieve the file. And block only
for those two..

Thanks !!


Sending us the relevant sections of your configuration files where you
implemented those conditions may actually help here.

 

Last psychic ability test I took put me in the ignoramus category.

 

Maybe other people on this list are better at reading your mind?

 

Regards,

Ed.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080731/65212ce1/attachment.html
From ajcartmell at fonant.com  Thu Jul 31 09:04:10 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Thu Jul 31 09:04:25 2008
Subject: OT: message reply formatting (was Google gmail)
In-Reply-To: <000f01c8f29d$80548870$80fd9950$@org>
References: 
	<48870A64.2080403@farrows.org>
	
	<20080723121430.10301b77@scorpio> <4887715B.6010506@farrows.org>
	<20080730172449.GR24021@cgi.jachomes.com>
	<4890F47E.5080904@farrows.org>
	<000f01c8f29d$80548870$80fd9950$@org>
Message-ID: 

[top posting discussion]
> just live with it

+1

I'm more annoyed by people who repeatedly quote huge messages without any  
trimming, than top posters. Having to scroll for miles to see a short  
message at the end is bad enough on a desktop, must be awful on a mobile  
device!

Anyway, I'm pretty sure that people who take care on the formatting of  
their messages, and replies to messages, gain more respect from their  
readers over time. Rather than complaining to top-posters and  
non-trimmers, I tend to moan privately and then feel sorry for them  
because they're giving out a less-than-ideal impression to the  
world/list/whatever.

The same applies to caerless tiping and speling ;)

Cheers!

Anthony
-- 
www.fonant.com - Quality web sites
From MailScanner at ecs.soton.ac.uk  Thu Jul 31 09:56:21 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul 31 09:56:56 2008
Subject: list personal settings (was dying children..)
In-Reply-To: 
References: 
Message-ID: <48917E35.1000402@ecs.soton.ac.uk>



mailsysteam@googlemail.com wrote:
> > Martyn Routley wrote:
>
>     >Julian (or whoever organises the list)
>     >
>     > nearly deleted this without reading it as I thought it had
>     managed to slip through my Defender+Barricade.
>     > All I read was the subject line "dying children"
>     >
>     > Any chance of adding the list name to the subject, just like on
>     many other lists.
>     >
>
> > Go to lists.mailscanner.info  and 
> you should find you can set this per-user for yourself.
> >
> > Jules
>
> I had a look and cannot figure out how to do that.
Bother, it does indeed appear to be a global option. Can you not just 
set up a rule that files messages from the list into a folder of its 
own? I *detest* subject line prefixes with a passion, it just blocks me 
from seeing all the subject line in my MUA. There are many other ways of 
achieving the same effect without me having to resort to subject-line 
prefixes.
>
> I would like to know how to do it for my subscription. And no comment 
> about the type of email client I use. Pine is perfect for me. :-)
I still happily support Pine and Mutt, no problem there :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul 31 10:11:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul 31 10:12:17 2008
Subject: dying children?
In-Reply-To: 
References: <488EF29A.6C9D.008D.0@usm.maine.edu>	<7d9b3cf20807290752l1a422d5fm841727198b337990@mail.gmail.com>	<488EF7D5.6C9D.008D.0@usm.maine.edu><488EF7D5.6C9D.008D.0@usm.maine.edu>	<488F3472.1090904@fsl.com>	<488F0490.6C9D.008D.0@usm.maine.edu><488F0490.6C9D.008D.0@usm.maine.edu>	<488F3F37.8020607@fsl.com>	<488F1BA0.6C9D.008D.0@usm.maine.edu><488F1BA0.6C9D.008D.0@usm.maine.edu>	<488F867C.1000102@fsl.com>
	
Message-ID: <489181DA.8060808@ecs.soton.ac.uk>



Jon Dustin wrote:
>>>> On 7/29/2008 at 5:07 PM, in message <488F867C.1000102@fsl.com>, Steve Freegard
>>>>         
>  wrote:
>   
>> That would seem to indicate a problem with a Perl module that uses XS 
>> (e.g. C functions into Perl) and not with MailScanner itself.
>>
>> You would have to install 'strace' and run the message through again 
>> like so:
>>
>> strace MailScanner --debug --debug-sa
>>
>> And then look at around the last 25-50 lines or so for clues.
>>
>> I've seen this happen before; mainly with Mail::ClamAV (which is why I 
>> prefer clamd now); but I've seen it happen with other modules too.
>>     
>
> As I imagined, there is a BUNCH of output from strace. I will try to find the relevant sections at the bottom of the output:
>
> (from MailScanner output)
> 22:43:39 [16217] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
> 22:43:39 [16217] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__TVD_BODY,__UNUSABLE_MSGID
> 22:43:39 [16217] dbg: bayes: untie-ing
> 22:43:39 Building a message batch to scan...
> 22:43:39 Have a batch of 1 message.
> max message size is '100k'
>
> (from strace)
> 16217 open("/usr/lib/perl5/5.8.8/Text/ParseWords.pm", O_RDONLY|O_LARGEFILE) = 11
> 
> 16217 open("/usr/lib/perl5/5.8.8/i586-linux-thread-multi/auto/PerlIO/scalar/scalar.so", O_RDONLY) = 11
> 
> read(12, "