From Rich.West at wesmo.com Sun Jun 1 04:00:29 2008 From: Rich.West at wesmo.com (Rich West) Date: Sun Jun 1 04:00:41 2008 Subject: Blacklist all + allow some? In-Reply-To: <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com> <48407440.2030009@evi-inc.com> <4840BA85.2000208@wesmo.com> <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> Message-ID: <484210CD.5020500@wesmo.com> Glenn Steen wrote: > I suppose you're asking what > syntax you need use for a ruleset "blacklisting" everything, and then > whitelisting some mails passing through MailScanner... In which case > you can do this with a normal ruleset ... The syntax is described in > numerous places (the EXAMPLES file in the rules subdirectory, the > wiki, the book...) ... So all you really need do is decide on what > setting (in MailScanner.conf) you should apply the ruleset, since this > will > a) decide what the rightmost value should be (it need make sense to > the setting applied to), and > b) affect what will actually happen. > > I'd think the "Is Definitely Spam"/"Is Definitely Not Spam" and > perhaps "Definite Spam Is Highscoring" settings could be used for > this, along with a "store" only "High Scoring Spam Actions" setting, > or similar ... (or perhaps use a SA "rule" to tag the messages and > selectively act on them with the new SA-rules actions... Seems a bit > backward, but might be more manageable for you). > > Note that for this to really work on a "per intern basis", you need > split your incoming mails into one/recipient, else MailScanner will > just use the rules applicable for the first recipient. > > Links that apply to all this: > http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Spam > http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Not%20Spam > http://www.mailscanner.info/MailScanner.conf.index.html#Definite%20Spam%20Is%20High%20Scoring > http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:split_mails_per_recipient > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient > (watch out for line wrapping in the above:-) > > HtH > Cheers > Ahh.. thanks. For what it is worth, I did check out a few of those (some within the wiki lead to blank pages, and others are examples that didn't really cover what I was looking for). I really thought that there might have been some special syntax I was missing for the per-user blacklist rule where you'd have one master blacklist rule for that user which says "block everything" and the whitelist rules allowing email from certain individuals (whitelists win). Thankfully, I already split the emails to one per recipient. Perhaps you are right.. an "Is Definitely Spam" ruleset might do the trick. With entries like "To: user@mydomain.com yes"... Hrmm.. I will have to test that. Of course, after the first request at work to block inbound to a single user, I now have a list of 22 interns I need to block.. Ugh. -Rich From MailScanner at ecs.soton.ac.uk Sun Jun 1 15:01:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 1 15:01:26 2008 Subject: Blacklist all + allow some? In-Reply-To: References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com> <48407440.2030009@evi-inc.com> <4840BA85.2000208@wesmo.com> <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> Message-ID: <4842ABA5.4060904@ecs.soton.ac.uk> Rich West wrote: > > Glenn Steen wrote: >> I suppose you're asking what >> syntax you need use for a ruleset "blacklisting" everything, and then >> whitelisting some mails passing through MailScanner... In which case >> you can do this with a normal ruleset ... The syntax is described in >> numerous places (the EXAMPLES file in the rules subdirectory, the >> wiki, the book...) ... So all you really need do is decide on what >> setting (in MailScanner.conf) you should apply the ruleset, since this >> will >> a) decide what the rightmost value should be (it need make sense to >> the setting applied to), and >> b) affect what will actually happen. >> >> I'd think the "Is Definitely Spam"/"Is Definitely Not Spam" and >> perhaps "Definite Spam Is Highscoring" settings could be used for >> this, along with a "store" only "High Scoring Spam Actions" setting, >> or similar ... (or perhaps use a SA "rule" to tag the messages and >> selectively act on them with the new SA-rules actions... Seems a bit >> backward, but might be more manageable for you). >> >> Note that for this to really work on a "per intern basis", you need >> split your incoming mails into one/recipient, else MailScanner will >> just use the rules applicable for the first recipient. >> >> Links that apply to all this: >> http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Spam >> >> http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Not%20Spam >> >> http://www.mailscanner.info/MailScanner.conf.index.html#Definite%20Spam%20Is%20High%20Scoring >> >> http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions >> >> http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:split_mails_per_recipient >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient >> >> (watch out for line wrapping in the above:-) >> >> HtH >> Cheers >> > > Ahh.. thanks. For what it is worth, I did check out a few of those > (some within the wiki lead to blank pages, and others are examples > that didn't really cover what I was looking for). I really thought > that there might have been some special syntax I was missing for the > per-user blacklist rule where you'd have one master blacklist rule for > that user which says "block everything" and the whitelist rules > allowing email from certain individuals (whitelists win). > > Thankfully, I already split the emails to one per recipient. > > Perhaps you are right.. an "Is Definitely Spam" ruleset might do the > trick. With entries like "To: user@mydomain.com yes"... > Hrmm.. I will have to test that. > > Of course, after the first request at work to block inbound to a > single user, I now have a list of 22 interns I need to block.. Ugh. If you don't want to mix this in with your anti-spam settings, you could use "Reject Messsage" setting, which has its own report file attached to it, which would make the rejection message easier for the senders to understand, than getting complete silence from your anti-spam settings. Here's the docs on it from MailScanner.conf: # You may not want to receive mail from certain addresses and/or to certain # addresses. If so, you can do this with your email transport (sendmail, # Postfix, etc) but that will just send a one-line message which is not # helpful to the user sending the message. # If this is set to yes, then the message set by the "Rejection Report" # will be sent instead, and the incoming message will be deleted. # If you want to store a copy of the original incoming message then use the # "Archive Mail" setting to archive a copy of it. # The purpose of this option is to set it to be a ruleset, so that you # can reject messages from a few offending addresses where you need to send # a polite reply instead of just a brief 1-line rejection message. Reject Message = no Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at gmnet.net Sun Jun 1 17:08:41 2008 From: lists at gmnet.net (Rick Bragg) Date: Sun Jun 1 17:09:29 2008 Subject: Spam getting through... Message-ID: <1212336521.15192.7.camel@thor> Hi, I'm basically a newbe with just a few small domains. I set up Mailscanner with sendmail/ spamassassin/ clamAV and it seems great except tons of spam are getting through. They are mostly all marked as {Spam?} and are all delivered. Here is in my MailScanner.conf file Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL Spam Domain List = SORBS-BADCONF SORBS-NOMAIL Do these look OK? How can I test these out? Any advice to a newbe as to what I should do? Thanks Rick -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From lists at openenterprise.ca Sun Jun 1 18:12:34 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Sun Jun 1 18:12:46 2008 Subject: Whitelists Dont Appear to be Working Message-ID: <4842D882.1010504@openenterprise.ca> I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with my whitelists? I seem to recall trying to address this some months back and I beleive someone mentioned that my whitelists added in the mailwatch interface (Lists), should not have the "@" symbol so I went through and removed them all one at a time and so now they look like the examples below. Is this correct? Is there something else I might be doing wrong? ifossf.org default srs.perfora.net default sungardhe.com default Sample header This one just came through as spam in spite of the from addreses (ifossf.org and srs.perfora.net) being in the whitelist? Received: from serendipity.mountainhosting.ca (serendipity.mountainhosting.ca [66.249.13.171]) by gateway.johnnystork.ca (8.13.8/8.13.8) with ESMTP id m4VBvrCP003047 for ; Sat, 31 May 2008 04:57:53 -0700 Received: from [127.0.0.1] (helo=mout.perfora.net) by serendipity.mountainhosting.ca with esmtp (Exim 4.68) (envelope-from ) id 1K2Pia-0001vb-45 for stork@openenterprise.ca; Sat, 31 May 2008 04:57:53 -0700 Received: from mout.perfora.net ([74.208.4.194] helo=mout.perfora.net) by ASSP.nospam; 31 May 2008 04:57:51 -0700 Received: from [192.168.1.2] (ool-44c09678.dyn.optonline.net [68.192.150.120]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0MKpCa-1K2PiM2XbS-0004bz; Sat, 31 May 2008 07:57:46 -0400 Message-ID: <48413D31.2040406@ifossf.org> Date: Sat, 31 May 2008 07:57:37 -0400 From: Jenny Huang User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: neil.mcevoy@neilmcevoy.name CC: Tom Nolle Private , Yvette Dubel , Johnny Stork Subject: Re: iFOSSF opportunities and strategy References: <20080530140434.6fd4bf80a5d1be9fa935425f97c05397.6fda1310c4.wbe@email.secureserver.net> In-Reply-To: <20080530140434.6fd4bf80a5d1be9fa935425f97c05397.6fda1310c4.wbe@email.secureserver.net> Content-Type: multipart/mixed; boundary="------------080200010605030109040204" X-Provags-ID: V01U2FsdGVkX18Wr3qsaKkWNC1/FXTVy0jtDrZT689qr0cSOzG YnEPsQerAdaVUm2vRNqf6eB7p5J2TEDtsux/SsOzFgaVwyjFYe WTyy6HFyrS23o1fjfOmdoxjuA2GYnVfX/hOYHM6n74= X-Assp-Delay: not delayed (noprocessing); 31 May 2008 04:57:51 -0700 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - serendipity.mountainhosting.ca X-AntiAbuse: Original Domain - openenterprise.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - srs.perfora.net X-Source: X-Source-Args: X-Source-Dir: cached not score=17.007 7 required autolearn=spam -7.29 AWL From: address is in the auto white-list 15.00 BAYES_99 Bayesian spam probability is 99 to 100% 7.16 CRM114_CHECK 0.00 HTML_MESSAGE HTML included in message 1.46 MIME_HTML_ONLY Message only has text/html MIME parts 0.69 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) 0.00 WHOIS_NETSOLPR URL registered as a NetSol Private Registration From kc5goi at gmail.com Mon Jun 2 18:20:53 2008 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Sun Jun 1 18:21:18 2008 Subject: Spam getting through... In-Reply-To: <1212336521.15192.7.camel@thor> References: <1212336521.15192.7.camel@thor> Message-ID: <48442BF5.7040502@kc5goi.net> Rick Bragg wrote: > Hi, > > I'm basically a newbe with just a few small domains. I set up > Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > except tons of spam are getting through. They are mostly all marked as > {Spam?} and are all delivered. > > Here is in my MailScanner.conf file > > Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL > DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > > Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > > > Do these look OK? How can I test these out? Any advice to a newbe as to > what I should do? > > Thanks > Rick > > > Rick, I do not have the parameter name off the top of my head but look for Spam delivery. It is in the same general area as your AV. You can set it to delete, deliver, quarantine. Guy From hvdkooij at vanderkooij.org Sun Jun 1 19:02:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 1 19:02:24 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842D882.1010504@openenterprise.ca> References: <4842D882.1010504@openenterprise.ca> Message-ID: <4842E427.4030904@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnny Stork wrote: | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with | my whitelists? I seem to recall trying to address this some months back | and I beleive someone mentioned that my whitelists added in the | mailwatch interface (Lists), should not have the "@" symbol so I went | through and removed them all one at a time and so now they look like the | examples below. Is this correct? Is there something else I might be | doing wrong? | | ifossf.org default | srs.perfora.net default | sungardhe.com default This does not look like the samples I have seen untill now. Where is the first column in your rules file? Most rules look like: # This next line gives an example of how you might enable this option for # a frequent customer of yours. #From: yourcustomer.com yes # Under no circumstances should this be changed to "yes". FromOrTo: default no Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 TBBZ6f/N4eH9yHcfjZ7dbEs= =+6iz -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Jun 1 19:08:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 1 19:08:18 2008 Subject: Spam getting through... In-Reply-To: <1212336521.15192.7.camel@thor> References: <1212336521.15192.7.camel@thor> Message-ID: <4842E588.1000908@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Bragg wrote: | Hi, | | I'm basically a newbe with just a few small domains. I set up | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great | except tons of spam are getting through. They are mostly all marked as | {Spam?} and are all delivered. | | Here is in my MailScanner.conf file | | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL | | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL | | | Do these look OK? How can I test these out? Any advice to a newbe as to | what I should do? Read the book. First off I think you are using way too many lists here. It will cost you performance and speed of processing. How are your messages classified? What scores do they get in general from SpamAssassin? Did you tune your bayesian database? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIQuWHBvzDRVjxmYERAnP4AJ9FxOjUA8/0BzWdz9VfpN2D2+2LowCfRR2t syowFDMgXIu4Lf2/dBYcaGs= =HoOL -----END PGP SIGNATURE----- From lists at gmnet.net Sun Jun 1 20:01:06 2008 From: lists at gmnet.net (Rick Bragg) Date: Sun Jun 1 20:01:45 2008 Subject: Spam getting through... In-Reply-To: <4842E588.1000908@vanderkooij.org> References: <1212336521.15192.7.camel@thor> <4842E588.1000908@vanderkooij.org> Message-ID: <1212346866.15192.11.camel@thor> On Sun, 2008-06-01 at 20:08 +0200, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rick Bragg wrote: > | Hi, > | > | I'm basically a newbe with just a few small domains. I set up > | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > | except tons of spam are getting through. They are mostly all marked as > | {Spam?} and are all delivered. > | > | Here is in my MailScanner.conf file > | > | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL > | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > | > | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > | > | > | Do these look OK? How can I test these out? Any advice to a newbe as to > | what I should do? > > Read the book. > > First off I think you are using way too many lists here. It will cost > you performance and speed of processing. > > How are your messages classified? What scores do they get in general > from SpamAssassin? Did you tune your bayesian database? > > Hugo. > Thanks Hugo, I am new to this and would like to get a grasp on managing all these components. How should I go about choosing which "Spam List" and "Spam Domain List" services to use? Also, I'm not familiar with how to tune bayesian. Thanks Rick -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From gerard at seibercom.net Sun Jun 1 20:18:31 2008 From: gerard at seibercom.net (Gerard) Date: Sun Jun 1 20:19:14 2008 Subject: Spam getting through... In-Reply-To: <4842E588.1000908@vanderkooij.org> References: <1212336521.15192.7.camel@thor> <4842E588.1000908@vanderkooij.org> Message-ID: <20080601151831.6059b56c@scorpio> On Sun, 01 Jun 2008 20:08:08 +0200 Hugo van der Kooij wrote: > Rick Bragg wrote: > | Hi, > | > | I'm basically a newbe with just a few small domains. I set up > | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > | except tons of spam are getting through. They are mostly all > marked as | {Spam?} and are all delivered. > | > | Here is in my MailScanner.conf file > | > | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL > CBL | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > | > | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > | > | > | Do these look OK? How can I test these out? Any advice to a newbe > as to | what I should do? [snip] "dnsbl.sorbs.net" contains all of the SORBS lists with the exception of: "spam.dnsbl.sorbs.net" You might want to check: http://www.au.sorbs.net/using.shtml for further information. Personally, I prefer "zen.spamhaus.org". It contains all of the usual spamhaus lists. Further info available at: http://www.spamhaus.org/zen/index.lasso I might add that I am employing 'spamhaus' with Postfix. Once you accept the mail, you can no longer legitimately reject it. Of course you can delete it; however, I have never seen the logic in accepting to delete. Then again, that is just my 2?. -- Gerard gerard@seibercom.net During the voyage of life, remember to keep an eye out for a fair wind; batten down during a storm; hail all passing ships; and fly your colors proudly. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080601/4426aed5/signature.bin From lists at openenterprise.ca Mon Jun 2 15:12:06 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Jun 2 15:12:18 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842E427.4030904@vanderkooij.org> References: <4842D882.1010504@openenterprise.ca> <4842E427.4030904@vanderkooij.org> Message-ID: <4843FFB6.1060207@openenterprise.ca> This is how they are listed in the Mailwatch interface? Are the whitlelist entries in a file? I assumed they were in the db somewhere since I add/manage them from mailwatch? Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Johnny Stork wrote: > | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with > | my whitelists? I seem to recall trying to address this some months back > | and I beleive someone mentioned that my whitelists added in the > | mailwatch interface (Lists), should not have the "@" symbol so I went > | through and removed them all one at a time and so now they look like > the > | examples below. Is this correct? Is there something else I might be > | doing wrong? > | > | ifossf.org default > | srs.perfora.net default > | sungardhe.com default > > This does not look like the samples I have seen untill now. Where is the > first column in your rules file? > > Most rules look like: > > # This next line gives an example of how you might enable this option for > # a frequent customer of yours. > #From: yourcustomer.com yes > > # Under no circumstances should this be changed to "yes". > FromOrTo: default no > > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 > TBBZ6f/N4eH9yHcfjZ7dbEs= > =+6iz > -----END PGP SIGNATURE----- From lists at openenterprise.ca Mon Jun 2 15:16:36 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Jun 2 15:16:46 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842E427.4030904@vanderkooij.org> References: <4842D882.1010504@openenterprise.ca> <4842E427.4030904@vanderkooij.org> Message-ID: <484400C4.9000101@openenterprise.ca> Also my "Is Definitely Not Spam" does not point to a file, but the db Is Definitely Not Spam = &SQLWhitelist Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Johnny Stork wrote: > | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with > | my whitelists? I seem to recall trying to address this some months back > | and I beleive someone mentioned that my whitelists added in the > | mailwatch interface (Lists), should not have the "@" symbol so I went > | through and removed them all one at a time and so now they look like > the > | examples below. Is this correct? Is there something else I might be > | doing wrong? > | > | ifossf.org default > | srs.perfora.net default > | sungardhe.com default > > This does not look like the samples I have seen untill now. Where is the > first column in your rules file? > > Most rules look like: > > # This next line gives an example of how you might enable this option for > # a frequent customer of yours. > #From: yourcustomer.com yes > > # Under no circumstances should this be changed to "yes". > FromOrTo: default no > > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 > TBBZ6f/N4eH9yHcfjZ7dbEs= > =+6iz > -----END PGP SIGNATURE----- From doepain at gmail.com Mon Jun 2 20:56:38 2008 From: doepain at gmail.com (Rd03) Date: Mon Jun 2 20:56:48 2008 Subject: Newbie mail scanner user needs some insight in where to locate missing attachment. Message-ID: I have inherited a mail scanner server running on BSD. I am not to familiar with this application and its inner workings. We recently received a message (first week of May), and it had a MS Word attachment that was stripped, and quarantined. I was asked today to locate the file, and copy out of the quarantine folder and deliver it to the intended recipient. I did a "find" for the file and a "grep" neither returned any results. I would like to read the log files associated with this application in hopes to determine what happened to the attachment. Could you please guide me in the location of either where the log files for the application would be (not in /var/log), or a configuration file that may indicate where the logs directory/files are kept. I am guessing there aren't any logs being generated for this application. thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/b05d1530/attachment.html From Alan.Charlton at caseware.com Mon Jun 2 21:21:47 2008 From: Alan.Charlton at caseware.com (Alan Charlton) Date: Mon Jun 2 21:22:13 2008 Subject: Variables that can be used in inline.warning.txt and .html reports In-Reply-To: <200805201101.m4KB0OIx016556@safir.blacknight.ie> References: <200805201101.m4KB0OIx016556@safir.blacknight.ie> Message-ID: <5864E8A48D189F4999A1D1BAE37305168290E7@queen.caseware.cwi.local> > ------------------------------ > > Message: 20 > Date: Mon, 19 May 2008 21:24:53 -0400 > From: "Alan Charlton" > Subject: Variables that can be used in inline.warning.txt and .html > reports > To: > Message-ID: > <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local> > Content-Type: text/plain; charset="us-ascii" > > We've been trying to use some variables in the inline.warning.txt/html > files that don't seem to work. Specifically $datenumber and $to. > > We'd like to be able to provide our users with a link to release 'bad > content' or even 'virus' messages that they know are legitimate, similar > to what's in the recipient.spam.report.txt: > > http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t > o=$to > > I know it's a little risky, but we're a software development company and > we often get attachments that get caught, and our users tend to be > reasonably intelligent and cautious... and too impatient to submit a > ticket to IT every time a file is caught. > > Also for proper backup and archiving we'd like all legitimate emails to > reach the end users' mailboxes... > > For more details on what we're trying to do check out: > http://www.global-domination.org/forum/viewtopic.php?t=968 > > My searches for a solution turned up the following thread: > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803 > 0.html > > ...Which seems to imply that these variables need to be specifically > added to work in a given report. > > Is there any way we can add the variables ourselves? Or do we need to > request that they be added in a new release? > > Thanks, > Alan > > > ------------------------------ Bumping this up for another try... Does anyone know how to get $datenumber and $to to work in the inline.warning.txt and .html reports? Any help would be appreciated. Thanks, Alan From theodrake at comcast.net Mon Jun 2 22:04:02 2008 From: theodrake at comcast.net (Ed) Date: Mon Jun 2 22:04:26 2008 Subject: Error in maillog "saactions" Message-ID: <48446042.5020804@comcast.net> Since last Friday I've started getting this notification with every connection: Jun 2 16:57:47 mail5 MailScanner[7787]: Cannot match against destination IP address when resolving configuration option "saactions" MS appears to be working. The only thing I did was upgrade my kernel to: 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 GNU/Linux This is on a Redhat ES 4 server. Any ideas would be appreciated. later, Ed From vernon at comp-wiz.com Mon Jun 2 22:04:43 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon Jun 2 22:05:11 2008 Subject: Windows Exchange Server Message-ID: <0b5101c8c4f4$47fd3520$d7f79f60$@com> I have been using Linux Sendmail as me email MTA forever, but now have a need to use Windows Exchange server and am wondering what people are using as their Spam and virus protection (hopefully an inexpensive solution). I was hoping I could use MailScanner but don't see a Windows version. Any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/da90fcc8/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:04:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:05:17 2008 Subject: Newbie mail scanner user needs some insight in where to locate missing attachment. In-Reply-To: References: Message-ID: <48446074.1000409@ecs.soton.ac.uk> Rd03 wrote: > I have inherited a mail scanner server running on BSD. I am not to > familiar with this application and its inner workings. We recently > received a message (first week of May), and it had a MS Word > attachment that was stripped, and quarantined. I was asked today to > locate the file, and copy out of the quarantine folder and deliver it > to the intended recipient. > > I did a "find" for the file and a "grep" neither returned any results. > > I would like to read the log files associated with this application in > hopes to determine what happened to the attachment. Logging is done via the standard syslog mechanism. Consult your /etc/syslog.conf to see where mail logs are going, they should be in there. If there are any entries for the local* categories in syslog.conf, it's possible they are being logged to there. The main directory to find on your BSD box will be called "MailScanner" and it contains, among other things, the master config file "MailScanner.conf". That's the chief file you are looking for. That's where you will find everything defined such as the location of the Quarantine and so on. Once you have found MailScanner.conf, things should become a lot clearer. > > Could you please guide me in the location of either where the log > files for the application would be (not in /var/log), or a > configuration file that may indicate where the logs directory/files > are kept. > > I am guessing there aren't any logs being generated for this application. There are logs, they are usually sent to the same location as the mail logs. I hope that's enough to get you started. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:13:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:13:34 2008 Subject: Variables that can be used in inline.warning.txt and .html reports In-Reply-To: References: <200805201101.m4KB0OIx016556@safir.blacknight.ie> Message-ID: <4844626A.5030109@ecs.soton.ac.uk> Alan Charlton wrote: >> ------------------------------ >> >> Message: 20 >> Date: Mon, 19 May 2008 21:24:53 -0400 >> From: "Alan Charlton" >> Subject: Variables that can be used in inline.warning.txt and .html >> reports >> To: >> Message-ID: >> >> > <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local> > >> Content-Type: text/plain; charset="us-ascii" >> >> We've been trying to use some variables in the inline.warning.txt/html >> files that don't seem to work. Specifically $datenumber and $to. >> >> We'd like to be able to provide our users with a link to release 'bad >> content' or even 'virus' messages that they know are legitimate, >> > similar > >> to what's in the recipient.spam.report.txt: >> >> >> > http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t > >> o=$to >> >> I know it's a little risky, but we're a software development company >> > and > >> we often get attachments that get caught, and our users tend to be >> reasonably intelligent and cautious... and too impatient to submit a >> ticket to IT every time a file is caught. >> >> Also for proper backup and archiving we'd like all legitimate emails >> > to > >> reach the end users' mailboxes... >> >> For more details on what we're trying to do check out: >> http://www.global-domination.org/forum/viewtopic.php?t=968 >> >> My searches for a solution turned up the following thread: >> >> > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803 > >> 0.html >> >> ...Which seems to imply that these variables need to be specifically >> added to work in a given report. >> >> Is there any way we can add the variables ourselves? Or do we need to >> request that they be added in a new release? >> >> Thanks, >> Alan >> >> >> ------------------------------ >> > > Bumping this up for another try... Does anyone know how to get > $datenumber and $to to work in the inline.warning.txt and .html reports? > > Any help would be appreciated. > > Thanks, > Alan > At the moment, the only variables it appears you can use are these: $filename = join(', ', keys %infected); $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; I can add more if several people need them. If your Perl is up to it, you want to add code to sub ReadVirusWarning in Message.pm. Otherwise you'll have to bribe me to add them for you :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:15:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:16:11 2008 Subject: Error in maillog "saactions" In-Reply-To: References: Message-ID: <48446305.4030600@ecs.soton.ac.uk> You must have set something to do with "SpamAssassin Rule Actions". I strongly suspect you have a ruleset attached to that setting, with a "To:" line that refers to an IP address, or possible a domain name involving only the characters 0-9 and a-f. Please show us the ruleset you have attached to "SpamAssassin Rule Actions". Ed wrote: > Since last Friday I've started getting this notification with every > connection: > > Jun 2 16:57:47 mail5 MailScanner[7787]: Cannot match against > destination IP address when resolving configuration option "saactions" > > > MS appears to be working. The only thing I did was upgrade my kernel to: > > 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 > GNU/Linux > > This is on a Redhat ES 4 server. > > Any ideas would be appreciated. > > later, > Ed Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at vrt.dk Mon Jun 2 22:29:15 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Jun 2 22:29:30 2008 Subject: Windows Exchange Server In-Reply-To: <0b5101c8c4f4$47fd3520$d7f79f60$@com> References: <0b5101c8c4f4$47fd3520$d7f79f60$@com> Message-ID: <006f01c8c4f7$b60ed250$222c76f0$@dk> We use MailSCanner infront of all our exchange servers, it's the cheapest and best antispam protection for exchange, it does require a linux server though. Best regards Jonas A. Larsen From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon Webb Sent: 2. juni 2008 23:05 To: mailscanner@lists.mailscanner.info Subject: Windows Exchange Server I have been using Linux Sendmail as me email MTA forever, but now have a need to use Windows Exchange server and am wondering what people are using as their Spam and virus protection (hopefully an inexpensive solution). I was hoping I could use MailScanner but don't see a Windows version. Any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at www.comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/71104a79/attachment.html From kgoods at cropusainsurance.com Mon Jun 2 22:26:19 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Mon Jun 2 22:32:23 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Vernon Webb wrote: > I have been using Linux Sendmail as me email MTA forever, but now > have a need to use Windows Exchange server and am wondering what > people are using as their Spam and virus protection (hopefully an > inexpensive solution). I was hoping I could use MailScanner but don't > see a Windows version. Any ideas? > > Vernon Webb > (201) 703-1232 > web designs & web hosting by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. Put a MailScanner box in front of your Exchange server and pass everything through. Been running like that for 3 years and haven't looked back. You won't be sorry. Many people here run that way so you'll get plenty of friendly help. HTH Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From dward at nccumc.org Mon Jun 2 23:42:47 2008 From: dward at nccumc.org (Douglas Ward) Date: Mon Jun 2 23:42:59 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: What about inter-Exchange traffic? Exchange delivers locally when both sender and recipient are on the same server. On 6/2/08, Ken Goods wrote: > Vernon Webb wrote: >> I have been using Linux Sendmail as me email MTA forever, but now >> have a need to use Windows Exchange server and am wondering what >> people are using as their Spam and virus protection (hopefully an >> inexpensive solution). I was hoping I could use MailScanner but don't >> see a Windows version. Any ideas? >> >> Vernon Webb >> (201) 703-1232 >> web designs & web hosting by comp-wiz.com, inc. >> Information in this transmission is privileged & confidential. It is >> intended for the use of the individual or entity named above. Any >> review, dissemination, disclosure, alteration, printing, circulation >> or transmission of this email or it's attachments is prohibited and >> unlawful. > > Put a MailScanner box in front of your Exchange server and pass everything > through. Been running like that for 3 years and haven't looked back. You > won't be sorry. Many people here run that way so you'll get plenty of > friendly help. > > HTH > Kind regards, > Ken > > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Sent from Gmail for mobile | mobile.google.com My PGP key: http://www.douglasward.net/pubkey.asc From vernon at comp-wiz.com Mon Jun 2 23:50:36 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon Jun 2 23:51:03 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: <000c01c8c503$12517080$36f45180$@com> So you relay all the email through the Linux server to the Exchange server? How do you get around having people send email directly to the Exchange server box? Just block all email to port 25 except from the Linux server? Vernon Webb 201.703.1232 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken Goods Sent: Monday, June 02, 2008 5:26 PM To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Vernon Webb wrote: > I have been using Linux Sendmail as me email MTA forever, but now > have a need to use Windows Exchange server and am wondering what > people are using as their Spam and virus protection (hopefully an > inexpensive solution). I was hoping I could use MailScanner but don't > see a Windows version. Any ideas? > > Vernon Webb > (201) 703-1232 > web designs & web hosting by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. Put a MailScanner box in front of your Exchange server and pass everything through. Been running like that for 3 years and haven't looked back. You won't be sorry. Many people here run that way so you'll get plenty of friendly help. HTH Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From kgoods at cropusainsurance.com Mon Jun 2 23:45:36 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Mon Jun 2 23:51:39 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346852@aiainsurance.com> Douglas Ward wrote: > What about inter-Exchange traffic? Exchange delivers locally when > both sender and recipient are on the same server. > > > You're exactly correct. I guess it depends on your network. We don't have anyone spamming internally, we burned them all at the stake a while back. ;) Email anti-virus is handled internally with workstation AV products. Security in depth and all that rot... :) Ken Goods Network Administrator CropUSA Insurance, Inc. From kgoods at cropusainsurance.com Tue Jun 3 00:00:41 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Tue Jun 3 00:06:47 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Vernon Webb wrote: > So you relay all the email through the Linux server to the Exchange > server? How do you get around having people send email directly to > the Exchange server box? Just block all email to port 25 except from > the Linux server? > > Vernon Webb > 201.703.1232 > There are several ways, I use sendmail's relay-table, virtusertable, and mailertable. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sen dmail:how_to:setup_a_gateway And you're spot-on with blocking direct contact to the exchange server. Although it really isn't as much of a problem as you may think. Just remove the DNS entry for it and you can still let users POP off and SMTP (with authentication) outgoing. I do get maybe 10-20 direct hits a day because it was public at one time. Of course this does leave you with one point of failure, but that's all we had prior to installing the MailScanner box so it was a wash. The MailScanner box is rock solid so it isn't an issue for us. YMMV I used a guide on the MailScanner site for the initial setup. Take a look around there and see what you come up with. If you need more help or have other questions don't hesitate to ask. Ken Goods Network Administrator CropUSA Insurance, Inc. From vernon at comp-wiz.com Tue Jun 3 01:37:50 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Tue Jun 3 01:38:24 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: <00c501c8c512$0fa58c90$2ef0a5b0$@com> Thanks for the info. Works great. Vernon Webb 201.703.1232 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken Goods Sent: Monday, June 02, 2008 7:01 PM To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Vernon Webb wrote: > So you relay all the email through the Linux server to the Exchange > server? How do you get around having people send email directly to > the Exchange server box? Just block all email to port 25 except from > the Linux server? > > Vernon Webb > 201.703.1232 > There are several ways, I use sendmail's relay-table, virtusertable, and mailertable. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sen dmail:how_to:setup_a_gateway And you're spot-on with blocking direct contact to the exchange server. Although it really isn't as much of a problem as you may think. Just remove the DNS entry for it and you can still let users POP off and SMTP (with authentication) outgoing. I do get maybe 10-20 direct hits a day because it was public at one time. Of course this does leave you with one point of failure, but that's all we had prior to installing the MailScanner box so it was a wash. The MailScanner box is rock solid so it isn't an issue for us. YMMV I used a guide on the MailScanner site for the initial setup. Take a look around there and see what you come up with. If you need more help or have other questions don't hesitate to ask. Ken Goods Network Administrator CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From markee at bandwidthco.com Tue Jun 3 02:45:02 2008 From: markee at bandwidthco.com (markee) Date: Tue Jun 3 02:45:16 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> For inter-exchange traffic, use Exchange IMF (intelligne Message Filter) It's a plugin that is very easy to use and setup. This should get you started: http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-f ilter.html http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF -v2.html Otherwise - do as everyone else has suggested. Put MailScanner on a box before exchange and let it (and the MTA) do all the work. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Douglas Ward Sent: Monday, June 02, 2008 3:43 PM To: MailScanner discussion Subject: Re: Windows Exchange Server What about inter-Exchange traffic? Exchange delivers locally when both sender and recipient are on the same server. On 6/2/08, Ken Goods wrote: > Vernon Webb wrote: >> I have been using Linux Sendmail as me email MTA forever, but now >> have a need to use Windows Exchange server and am wondering what >> people are using as their Spam and virus protection (hopefully an >> inexpensive solution). I was hoping I could use MailScanner but don't >> see a Windows version. Any ideas? >> >> Vernon Webb >> (201) 703-1232 >> web designs & web hosting by comp-wiz.com, inc. >> Information in this transmission is privileged & confidential. It is >> intended for the use of the individual or entity named above. Any >> review, dissemination, disclosure, alteration, printing, circulation >> or transmission of this email or it's attachments is prohibited and >> unlawful. > > Put a MailScanner box in front of your Exchange server and pass everything > through. Been running like that for 3 years and haven't looked back. You > won't be sorry. Many people here run that way so you'll get plenty of > friendly help. > > HTH > Kind regards, > Ken > > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Sent from Gmail for mobile | mobile.google.com My PGP key: http://www.douglasward.net/pubkey.asc -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From peter at farrows.org Tue Jun 3 09:19:32 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jun 3 09:19:53 2008 Subject: Windows Exchange Server In-Reply-To: <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> Message-ID: <4844FE94.4010905@farrows.org> markee wrote: > For inter-exchange traffic, use Exchange IMF (intelligne Message Filter) > It's a plugin that is very easy to use and setup. This should get you > started: > http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-f > ilter.html > > http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF > -v2.html > > Otherwise - do as everyone else has suggested. Put MailScanner on a box > before exchange and let it (and the MTA) do all the work. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Douglas > Ward > Sent: Monday, June 02, 2008 3:43 PM > To: MailScanner discussion > Subject: Re: Windows Exchange Server > > What about inter-Exchange traffic? Exchange delivers locally when > both sender and recipient are on the same server. > > > > On 6/2/08, Ken Goods wrote: > >> Vernon Webb wrote: >> >>> I have been using Linux Sendmail as me email MTA forever, but now >>> have a need to use Windows Exchange server and am wondering what >>> people are using as their Spam and virus protection (hopefully an >>> inexpensive solution). I was hoping I could use MailScanner but don't >>> see a Windows version. Any ideas? >>> >>> Vernon Webb >>> (201) 703-1232 >>> web designs & web hosting by comp-wiz.com, inc. >>> Information in this transmission is privileged & confidential. It is >>> intended for the use of the individual or entity named above. Any >>> review, dissemination, disclosure, alteration, printing, circulation >>> or transmission of this email or it's attachments is prohibited and >>> unlawful. >>> >> Put a MailScanner box in front of your Exchange server and pass everything >> through. Been running like that for 3 years and haven't looked back. You >> won't be sorry. Many people here run that way so you'll get plenty of >> friendly help. >> >> HTH >> Kind regards, >> Ken >> >> >> Ken Goods >> Network Administrator >> CropUSA Insurance, Inc. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > I think that by far the best option is to use your mailscanner machine as a filter prior to going to exchange, you can you is then as a smarthost on the way out as well. This will avoid the very perilous method of having your Windows SMTP MTA facing the internet and is the most robust and effective solution all round. I have numerous clients doing it this way and it just works. If you are using sendmail as your MailScanner MTA I can provide complete help on how to make this work with MailScanner and exchange (all versions). All the Exchange options and Microsoft based solutions tend to be the "inflatable dinghy" approach to filtering whereas MailScanner is the battleship solution, and it costs less. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/3a3e0607/attachment.html From telecaadmin at gmail.com Tue Jun 3 10:17:50 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jun 3 10:19:26 2008 Subject: Windows Exchange Server In-Reply-To: <4844FE94.4010905@farrows.org> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: <48450C3E.2060401@gmail.com> > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny From gary at sgluk.com Tue Jun 3 11:11:57 2008 From: gary at sgluk.com (Gary Pentland) Date: Tue Jun 3 11:12:14 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: I've been doing this for years, it's slightly off topic and there is stuff about this in the MailScanner wiki but as people tend to forget about that:-) I have attached some old perl, based on something I found on the net years ago. It dumps list of Exchange recipients from an AD, use as basis for sendmail virtusers map or valid users map, run every 10 mins or so. Obviously change the passwords, domain controller names and baseDN. Simplest in sendmail is to configure is to define a virtual domain, default recipient is "user does not exist type error", every other recipient becomes user@exchange.domain... Then chuck in a mailertable entry or an MX for exchange.domain pointing at a hub transport (2007) or a front-end (2003) and use a script based on the attached perl to make the virtusers map. Alternatively, if you know you will only ever need to send to Exchange and nowhere else you could use something like the M4 fragment attached. This is old so will probably need some tweaking for your site but it will give you an idea. I'll leave it to Ronny here to help with postfix if you choose that route. Hope that helps, Gary mailscanner-bounces@lists.mailscanner.info wrote: >> I have numerous clients doing it this way and it just works. If you >> are using sendmail as your MailScanner MTA I can provide complete >> help on how to make this work with MailScanner and exchange (all >> versions). > > And I can help with postfix (+ Active Directory / LDAP)! > > > As for the inter-Exchange traffic: this really should be "trusted" > internal traffic, between internal servers, on an strictly internal > network. If it is NOT then it should not be allowed to flow freely > between servers directly. > > In any case you should run a mail scanning virus scanner on > your Exchange servers so internal viruses can not propagate. > > > Cheers, > Ronny -------------- next part -------------- A non-text attachment was scrubbed... Name: ldap_get_recips.pl Type: application/octet-stream Size: 3127 bytes Desc: ldap_get_recips.pl Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/4a6eabce/ldap_get_recips-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: sendmail example.m4 Type: application/octet-stream Size: 1085 bytes Desc: sendmail example.m4 Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/4a6eabce/sendmailexample-0001.obj From gary at sgluk.com Tue Jun 3 11:17:45 2008 From: gary at sgluk.com (Gary Pentland) Date: Tue Jun 3 11:17:57 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: Of course, I forgot to mention, there is an even easier way... Just configure Exchange to block/reject invalid recipients (it doesn't in most default setups) set a mailertable entry for it and run milter-ahead. That works as well, use whichever you are most comfortable with. Gary mailscanner-bounces@lists.mailscanner.info wrote: > I've been doing this for years, it's slightly off topic and > there is stuff about this in the MailScanner wiki but as > people tend to forget about that:-) > > I have attached some old perl, based on something I found on > the net years ago. It dumps list of Exchange recipients from > an AD, use as basis for sendmail virtusers map or valid users > map, run every 10 mins or so. Obviously change the > passwords, domain controller names and baseDN. > > Simplest in sendmail is to configure is to define a virtual > domain, default recipient is "user does not exist type > error", every other recipient becomes user@exchange.domain... > Then chuck in a mailertable entry or an MX for > exchange.domain pointing at a hub transport (2007) or a > front-end (2003) and use a script based on the attached perl to make > the virtusers map. > > Alternatively, if you know you will only ever need to send to > Exchange and nowhere else you could use something like the M4 > fragment attached. This is old so will probably need some > tweaking for your site but it will give you an idea. > > I'll leave it to Ronny here to help with postfix if you choose that > route. > > Hope that helps, > > Gary > > mailscanner-bounces@lists.mailscanner.info wrote: >>> I have numerous clients doing it this way and it just works. If you >>> are using sendmail as your MailScanner MTA I can provide complete >>> help on how to make this work with MailScanner and exchange (all >>> versions). >> >> And I can help with postfix (+ Active Directory / LDAP)! >> >> >> As for the inter-Exchange traffic: this really should be "trusted" >> internal traffic, between internal servers, on an strictly internal >> network. If it is NOT then it should not be allowed to flow freely >> between servers directly. >> >> In any case you should run a mail scanning virus scanner on your >> Exchange servers so internal viruses can not propagate. >> >> >> Cheers, >> Ronny From prandal at herefordshire.gov.uk Tue Jun 3 11:28:13 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 3 11:28:31 2008 Subject: ClamAV 0.93 released In-Reply-To: <483897C8.9050304@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <4836D23B.8070109@alexb.ch> <483897C8.9050304@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03DB9775@HC-MBX02.herefordshire.gov.uk> Julian, One buglet... I'd edited MailScanner.conf to read: Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd And upgrade_MailScanner_conf complained Your setting for 'Monitors for ClamAV Updates' is broken. It should look like this (unless your ClamAV is installed somewhere else) Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd As 0.93 no longer uses the .inc subdirectories this is broken. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 24 May 2008 23:34 To: MailScanner discussion Subject: Re: ClamAV 0.93 released I have just published a new beta of MailScanner including support for Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin package. These two should work successfully as a pair, and I would appreciate testers. Thanks! Jules. P.S. It's nice to be out in the big wide world again, I didn't go outside the building for a week, now I just need to get my sleep cycle back to normal. I am too used to sleeping in a hospital bed, and to being awake at 6am (I normally was in the shower by 6:30am in hospital). The latest news seems to be that they may pass my case back to the liver transplant team, and not do a small bowel transplant after all. But possibilities currently include everything up to, and including, replacing my stomach, duodenum, jejunum, ilium (small intestines, all 26 feet of it), liver, pancreas and all the blood vessels that join them all together. So just about anything is possible right now. Within the next month or two, I should hear what (if any) other tests they want to do, but my case will be discussed at a national level and they all have to agree what is best for me to have done. That could possibly take a few months, so I don't expect any quick news. I managed a very nice chat with a guy from their chronic pain team, and he had several new ideas for painkillers that the people in Southampton had never considered, which was very useful. Southampton's attitude seems to be that if a couple of Paracetomol (Tylenol) don't handle it, then they don't really know much about what to do :-) It's not quite as bad as that, but you get my drift :-) The Cambridge team at Addenbrookes actually appreciate the problem of your body becoming used to opiates and that you build up a tolerance to them, and had some ideas for new drugs which I have only rarely been exposed to before, such as Oramorph and Fentanyl. That's about the latest news, I'll keep you posted. Cheers, Jules. P.S. It's my list, and I'll top-post if I want to ;-) Alex Broens wrote: > On 5/23/2008 1:21 PM, David Lee wrote: >> On Mon, 28 Apr 2008, Denis Beauchemin wrote: >> >>> Leonardo Helman a ?crit : >>>> Hi I'm using clamavmodule >>>> >>>> >>>> I've made a patch for the Mail::ClamAV to compile (later I'll send >>>> it to the Mail::ClamAV mantainer) >>>> >>> Hello, >>> >>> Anything new on the official Mail::ClamAV module? I just looked and >>> version 0.21 still supports maxratio which have been removed from >>> Clam 0.93... >>> >>> Since there are known exploits for 0.92 I am beginning to feel the >>> urge to upgrade to 0.93... >> >> Scott Beck has released version 0.22 of Mail::ClamAV in the last few >> days. >> >> Could I suggest that some of us with test facilities and with a >> little technical experience try the various combinations of the older >> and newer versions of ClamAV and Mail::ClamAV and verify which >> combinations work and fail? >> >> 1. Old+old: We know that the combined earlier versions work. >> >> 2. New ClamAV + old Mail::ClamAV: It has been reported that the new >> ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21). Could >> someone provide details of what this breakage is? Is there a quick >> recipe to reproduce the problem that ClamAV 0.93 had introduced? >> >> 3. New + new: Julian's Clam+SA package would ultimately be new+new. >> Can >> we verify that this fixes any previously verified breakage? Also >> that >> it does not seem to introduce any new problems. >> >> 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use >> other sources (not Julian's package). Can we check what happens >> with >> if someone were to upgrade their Mail::ClamAV module but leave the >> main ClamAV software back on 0.92? (Probably not too important, but >> it would be a nice data point to complete the set...) >> >> Given Julian's sadly enforced absence from work, I'm sure he would >> appreciate it if we can do this tabulation for him. > > Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old > versions of MS > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From theodrake at comcast.net Tue Jun 3 13:44:36 2008 From: theodrake at comcast.net (Ed) Date: Tue Jun 3 13:44:59 2008 Subject: Error in maillog "saactions" In-Reply-To: <48446305.4030600@ecs.soton.ac.uk> References: <48446305.4030600@ecs.soton.ac.uk> Message-ID: <48453CB4.2040203@comcast.net> That stimulated what few synapses I have left to fire. I forgot I had made a change to the "SpamAssassin Rule Actions". I couldn't get it to work so I searched the mail list and found out what I was doing wrong by copying someone else's solution which had this line in the rule file: FromOrTo: 127.0.0.1 I've removed that line and I'm no longer seeing that message in the log. later, Julian Field wrote: > You must have set something to do with "SpamAssassin Rule Actions". > I strongly suspect you have a ruleset attached to that setting, with a > "To:" line that refers to an IP address, or possible a domain name > involving only the characters 0-9 and a-f. > > Please show us the ruleset you have attached to "SpamAssassin Rule > Actions". > From J.Ede at birchenallhowden.co.uk Tue Jun 3 14:00:12 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 3 14:03:04 2008 Subject: Windows Exchange Server In-Reply-To: <48450C3E.2060401@gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>,<48450C3E.2060401@gmail.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailadmin at midland-ics.ie Tue Jun 3 15:19:50 2008 From: mailadmin at midland-ics.ie (Mail Admin) Date: Tue Jun 3 15:20:08 2008 Subject: Windows Exchange Server In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> Message-ID: <004801c8c584$e2d03530$a8709f90$@ie> Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From glenn.steen at gmail.com Tue Jun 3 15:31:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 3 15:32:15 2008 Subject: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> 2008/6/3 Mail Admin : > Jason - Is there such a setting or configuration for Sendmail ? > "recipient_address_verification" > > I relay mail for several domains, some of which are Exchange Servers. It > would be good to drop mail at MTA if Exchange Recips not VALID > > Regards > Kevin One need use a milter for Sendmail. smf-sav can be used (although you shouldn't do the _sender_ part, only recipient)... or milter-ahead (which will cost a bit, I think... I'm strictly PF myself:-). Cheers -- Glenn > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 03 June 2008 14:00 > To: MailScanner discussion > Subject: RE: Windows Exchange Server > > Aye, for postfix we use recipient_address_verification so our MailScanner > server never accepts emails that we cannot deliver onto the exchange servers > and requires no extra tweaking on our part... It has massively cut the load > on our MailScanner servers. > > Jason > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert > [telecaadmin@gmail.com] > Sent: 03 June 2008 10:17 > To: MailScanner discussion > Subject: Re: Windows Exchange Server > >> I have numerous clients doing it this way and it just works. If you are >> using sendmail as your MailScanner MTA I can provide complete help on >> how to make this work with MailScanner and exchange (all versions). > > And I can help with postfix (+ Active Directory / LDAP)! > > > As for the inter-Exchange traffic: this really should be "trusted" > internal traffic, between internal servers, on an strictly internal network. > If it is NOT then it should not be allowed to flow freely between > servers directly. > > In any case you should run a mail scanning virus scanner on your > Exchange servers so internal viruses can not propagate. > > > Cheers, > Ronny > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From J.Ede at birchenallhowden.co.uk Tue Jun 3 15:43:45 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 3 15:45:44 2008 Subject: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local>, <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE60@server02.bhl.local> Hi, I don't know about sendmail I'm afraid. The actual postfix param is reject_unverified_recipient (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) although need to be careful only run that on incoming email. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mail Admin [mailadmin@midland-ics.ie] Sent: 03 June 2008 15:19 To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Jun 3 16:48:07 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jun 3 16:48:19 2008 Subject: Windows Exchange Server In-Reply-To: <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> Message-ID: <484567B7.1030404@alexb.ch> On 6/3/2008 4:31 PM, Glenn Steen wrote: > One need use a milter for Sendmail. smf-sav can be used (although you > shouldn't do the _sender_ part, only recipient)... or milter-ahead > (which will cost a bit, I think... I'm strictly PF myself:-). as to milter-ahead the latest version uses the Pfix transport file for its DB - it ROCKS! (as well as the sendmail mailertable) Using it on a few high traffic Pfix boxes and its holding up superbly. Worth every buck and more. Alex From telecaadmin at gmail.com Tue Jun 3 16:51:25 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jun 3 16:53:03 2008 Subject: Update wiki RE: postfix quarantine release script Message-ID: <4845687D.5070109@gmail.com> Hi, I'd like to update the wiki about the postfix quarantine release script. For recent postfixes (2.3, 2.4) the script not really is working and also has a subtle bug (chmod +x the queue file BEFORE the copying is bad). How'd I do that? Cheers, Ronny From MailScanner at ecs.soton.ac.uk Tue Jun 3 18:56:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 3 18:56:41 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <4836D23B.8070109@alexb.ch> <483897C8.9050304@ecs.soton.ac.uk> Message-ID: <484585BF.8040006@ecs.soton.ac.uk> Fixed for the next release. Thanks for reporting this. Randal, Phil wrote: > Julian, > > One buglet... > > I'd edited MailScanner.conf to read: > > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd > > And upgrade_MailScanner_conf complained > > Your setting for 'Monitors for ClamAV Updates' is broken. > It should look like this (unless your ClamAV is installed > somewhere else) > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd > > > As 0.93 no longer uses the .inc subdirectories this is broken. > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 24 May 2008 23:34 > To: MailScanner discussion > Subject: Re: ClamAV 0.93 released > > I have just published a new beta of MailScanner including support for Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin package. These two should work successfully as a pair, and I would appreciate testers. > > Thanks! > Jules. > > P.S. It's nice to be out in the big wide world again, I didn't go outside the building for a week, now I just need to get my sleep cycle back to normal. I am too used to sleeping in a hospital bed, and to being awake at 6am (I normally was in the shower by 6:30am in hospital). > > The latest news seems to be that they may pass my case back to the liver transplant team, and not do a small bowel transplant after all. But possibilities currently include everything up to, and including, replacing my stomach, duodenum, jejunum, ilium (small intestines, all 26 feet of it), liver, pancreas and all the blood vessels that join them all together. So just about anything is possible right now. Within the next month or two, I should hear what (if any) other tests they want to do, but my case will be discussed at a national level and they all have to agree what is best for me to have done. That could possibly take a few months, so I don't expect any quick news. I managed a very nice chat with a guy from their chronic pain team, and he had several new ideas for painkillers that the people in Southampton had never considered, which was very useful. Southampton's attitude seems to be that if a couple of Paracetomol (Tylenol) don't handle it, then they don't really know much about what to do :-) It's not quite as bad as that, but you get my drift :-) The Cambridge team at Addenbrookes actually appreciate the problem of your body becoming used to opiates and that you build up a tolerance to them, and had some ideas for new drugs which I have only rarely been exposed to before, such as Oramorph and Fentanyl. > > That's about the latest news, I'll keep you posted. > > Cheers, > Jules. > > P.S. It's my list, and I'll top-post if I want to ;-) > > > Alex Broens wrote: > >> On 5/23/2008 1:21 PM, David Lee wrote: >> >>> On Mon, 28 Apr 2008, Denis Beauchemin wrote: >>> >>> >>>> Leonardo Helman a ?crit : >>>> >>>>> Hi I'm using clamavmodule >>>>> >>>>> >>>>> I've made a patch for the Mail::ClamAV to compile (later I'll send >>>>> it to the Mail::ClamAV mantainer) >>>>> >>>>> >>>> Hello, >>>> >>>> Anything new on the official Mail::ClamAV module? I just looked and >>>> version 0.21 still supports maxratio which have been removed from >>>> Clam 0.93... >>>> >>>> Since there are known exploits for 0.92 I am beginning to feel the >>>> urge to upgrade to 0.93... >>>> >>> Scott Beck has released version 0.22 of Mail::ClamAV in the last few >>> days. >>> >>> Could I suggest that some of us with test facilities and with a >>> little technical experience try the various combinations of the older >>> and newer versions of ClamAV and Mail::ClamAV and verify which >>> combinations work and fail? >>> >>> 1. Old+old: We know that the combined earlier versions work. >>> >>> 2. New ClamAV + old Mail::ClamAV: It has been reported that the new >>> ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21). Could >>> someone provide details of what this breakage is? Is there a quick >>> recipe to reproduce the problem that ClamAV 0.93 had introduced? >>> >>> 3. New + new: Julian's Clam+SA package would ultimately be new+new. >>> Can >>> we verify that this fixes any previously verified breakage? Also >>> that >>> it does not seem to introduce any new problems. >>> >>> 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use >>> other sources (not Julian's package). Can we check what happens >>> with >>> if someone were to upgrade their Mail::ClamAV module but leave the >>> main ClamAV software back on 0.92? (Probably not too important, but >>> it would be a nice data point to complete the set...) >>> >>> Given Julian's sadly enforced absence from work, I'm sure he would >>> appreciate it if we can do this tabulation for him. >>> >> Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old >> versions of MS >> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Tue Jun 3 19:11:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 3 19:11:56 2008 Subject: Windows Exchange Server In-Reply-To: <48450C3E.2060401@gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> Message-ID: <48458963.5010905@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronny T. Lampert wrote: |> I have numerous clients doing it this way and it just works. If you |> are using sendmail as your MailScanner MTA I can provide complete help |> on how to make this work with MailScanner and exchange (all versions). | | And I can help with postfix (+ Active Directory / LDAP)! | | | As for the inter-Exchange traffic: this really should be "trusted" | internal traffic, between internal servers, on an strictly internal | network. | If it is NOT then it should not be allowed to flow freely between | servers directly. | | In any case you should run a mail scanning virus scanner on your | Exchange servers so internal viruses can not propagate. Not to mention that your scanner may not detect the specific sample at the time it will pass the perimeter scanner. Last year I spend a day in a AV lab and quite a bit of time with 4 months worth of raw samples. The average figures we came up with was 110 new samples per day of which about 40 were seen almost immediatly. So the majority of samples are analyzed only hours, days or even weeks after they may hit you. At the moment webbased ones seem the ones to change the fastest. But you may still pass malware because your scanner(s) did not detect it. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRYlhBvzDRVjxmYERAi4DAKC4FBj/YBHF1uoBX0gLJeJstIi+ZQCbBLH6 rY4pvDdGR0sberEk+N5vFk8= =1ysb -----END PGP SIGNATURE----- From clacroix at cegep-ste-foy.qc.ca Tue Jun 3 19:49:45 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Tue Jun 3 19:50:08 2008 Subject: About watermarks Message-ID: <48459249.4010304@cegep-ste-foy.qc.ca> Hi, I had this configuration which reduced alot of bounces going into user's mailbox. I was quite happy with this but today some users noticed that gmail's vacation messages were beiing blocked. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-SECRET! Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: I tried a few changes, like setting it to Treat Invalid Watermarks With No Sender as Spam = 5 or Check Watermarks To Skip Spam Checks = no but the vacation messages were still beiing blocked. the only way i got the vacations to come in was with the following configuration: Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = no Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-SECRET! Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: I find this scary to set it to 'no' as from what i understand, it will just disable the watermarks checks # Do you want to check watermarks? # This can also be the filename of a ruleset. Check Watermarks With No Sender = no can anyone help me on this, just to make sure i'm not doing something crazy :) thanks, Charles From lists at tippingmar.com Tue Jun 3 23:12:38 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Jun 3 23:12:53 2008 Subject: About watermarks In-Reply-To: <48459249.4010304@cegep-ste-foy.qc.ca> References: <48459249.4010304@cegep-ste-foy.qc.ca> Message-ID: <4845C1D6.30102@tippingmar.com> Charles Lacroix wrote: > Hi, > > I had this configuration which reduced alot of bounces going into > user's mailbox. > I was quite happy with this but today some users noticed that gmail's > vacation messages > were beiing blocked. > The watermark feature examines all messages that have a null sender. In sendmail logs these are the ones with: "from=<>" If gmail uses that approach to send vacation messages, and does not include the original message in the reply, then it will trigger the bad watermark action. So if you want to be able to receive these and still use the watermark feature, maybe you could just add 2 or 3 points for a bad watermark. Mark From Kevin_Miller at ci.juneau.ak.us Tue Jun 3 23:45:02 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 3 23:45:14 2008 Subject: update_bad_phishing_sites fails via cron Message-ID: If I run it by hand, update_bad_phishing_sites works fine, but the script in /etc/cron.hourly seems to be somewhat confused. The following is sent to root: ========= running hourly cronjob scripts SCRIPT: check_MailScanner, OK. SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 255. SCRIPT: update_virus_scanners, OK. ========= Any clues? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lists at designmedia.com Wed Jun 4 00:00:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 00:00:45 2008 Subject: SPF setting for MailScanner setup. Message-ID: Hi, I'm trying to set a SPF record for our new MainScanner/Exchange setup and wasn't sure what data to include. Currently, the only approved IP is the MainScanner box IP. Of course, since the Exchange box has a local non-routable IP (192.168.1.x), the MainScanner box always returns a SPF FAIL on all emails coming from the Exchange box. So am I suppose to include the non-routable IP in my SPF record? Or what is the normal way to fix this issue? Thanks. From philip at zeiglers.net Wed Jun 4 00:14:53 2008 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Wed Jun 4 00:15:27 2008 Subject: SPF setting for MailScanner setup. In-Reply-To: References: Message-ID: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> I would set up exchange to email out using a smarthost which is the mailscanner box. -----Original Message----- From: Henry Kwan Date: Tue, 3 Jun 2008 23:00:23 To:mailscanner@lists.mailscanner.info Subject: SPF setting for MailScanner setup. Hi, I'm trying to set a SPF record for our new MainScanner/Exchange setup and wasn't sure what data to include. Currently, the only approved IP is the MainScanner box IP. Of course, since the Exchange box has a local non-routable IP (192.168.1.x), the MainScanner box always returns a SPF FAIL on all emails coming from the Exchange box. So am I suppose to include the non-routable IP in my SPF record? Or what is the normal way to fix this issue? Thanks. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at designmedia.com Wed Jun 4 01:50:31 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 01:50:53 2008 Subject: SPF setting for MailScanner setup. References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> Message-ID: Philip Zeigler zeiglers.net> writes: > > I would set up exchange to email out using a smarthost which is the > mailscanner box. > Hi, The Exchange box is already configured to smarthost-relay all outbound messages through the Mailscanner box. The issue is that Mailscanner doesn't recognize the Exchange box as a valid SPF sender. Should I include the Exchange box's non-routable IP in my SPF record or is there another way to resolve this issue? Or does it not even matter since I've whitelisted my Exchange box (via /etc/MailScanner/spam.whitelist.rules)? Thanks. From ms-list at alexb.ch Wed Jun 4 06:12:24 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 06:12:44 2008 Subject: SPF setting for MailScanner setup. In-Reply-To: References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> Message-ID: <48462438.8090606@alexb.ch> On 6/4/2008 2:50 AM, Henry Kwan wrote: > Philip Zeigler zeiglers.net> writes: > >> I would set up exchange to email out using a smarthost which is the >> mailscanner box. >> > > Hi, > > The Exchange box is already configured to smarthost-relay all outbound messages > through the Mailscanner box. The issue is that Mailscanner doesn't recognize > the Exchange box as a valid SPF sender. > > Should I include the Exchange box's non-routable IP in my SPF record or is there > another way to resolve this issue? > > Or does it not even matter since I've whitelisted my Exchange box (via > /etc/MailScanner/spam.whitelist.rules)? what are your settings in: trusted_networks internal_networks for example: trusted_networks 192.168.1.0/24 internal_networks 192.168.1.0/24 h2h Alex From klaus.schuermann at directbox.com Wed Jun 4 07:40:16 2008 From: klaus.schuermann at directbox.com (=?iso-8859-2?Q?Klaus_Sch=FCrmann?=) Date: Wed Jun 4 07:40:25 2008 Subject: AW: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <003e01c8c60d$d953c740$8bfb55c0$@schuermann@directbox.com> You can use the LDAP-routing feature from sendmail to get the used Exchange recipients from Active Directory: The LDAP query you must use instead of the default configuration: (|(proxyAddresses=smtp:%0)(mail=%0)) For that configuration you don't need any databases or scripts. If you make changes on the Active Directory sendmail gets the informations immediatly. Regards Klaus -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Mail Admin Gesendet: Dienstag, 3. Juni 2008 16:20 An: 'MailScanner discussion' Betreff: RE: Windows Exchange Server Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard at seveninternet.co.uk Wed Jun 4 08:40:00 2008 From: richard at seveninternet.co.uk (Richard Walker - Seven Internet Ltd) Date: Wed Jun 4 08:40:03 2008 Subject: Mailwatch Message-ID: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Hi I would appreciate some help with mailwatch. I have followed the install instructions and that seem to go fine. However when i try to log in to mailwatch i get Authentication Required! Your username and/or password are incorrect. Any help would be great Thanks Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/92acf5bd/attachment.html From telecaadmin at gmail.com Wed Jun 4 09:30:10 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Jun 4 09:31:51 2008 Subject: Update wiki RE: postfix quarantine release script In-Reply-To: <4845687D.5070109@gmail.com> References: <4845687D.5070109@gmail.com> Message-ID: <48465292.8000409@gmail.com> gah, forget it. eventually found the "register" link... From lists at designmedia.com Wed Jun 4 09:40:09 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 09:40:29 2008 Subject: SPF setting for MailScanner setup. References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> Message-ID: Alex Broens alexb.ch> writes: > what are your settings in: > > trusted_networks > internal_networks > > for example: > > trusted_networks 192.168.1.0/24 > internal_networks 192.168.1.0/24 Ah, that was it. I had forgotten to modify those two settings from my old SA config. Once I dropped in the proper IPs, no more SPF FAILs, just ALL_TRUSTED. Thanks for the tip! From hvdkooij at vanderkooij.org Wed Jun 4 09:56:52 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 4 09:57:02 2008 Subject: Mailwatch In-Reply-To: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> References: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Message-ID: <484658D4.8090509@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Walker - Seven Internet Ltd wrote: | I would appreciate some help with mailwatch. I have followed the install | instructions and that seem to go fine. However when i try to log in to | mailwatch i get | | Authentication Required! | | Your username and/or password are incorrect. | | Any help would be great I would suggest you address this by reading the documentation very carefull. Perhaps you missed a step: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation Then if you have taken time to check the logs you may want to address the MialWatch mailinglist. As that would the proper place to ask questions. However it is recommended to show some signs of having done the basic troubleshooting if you post to that or any other mailinglist. Explain what you have done to check and verify things. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRljSBvzDRVjxmYERAp1UAJ4hiEMGgz0oKzkZynGRlIAJnfmh8wCdHUAP Gda048tiDvaecDBRNB1RaQU= =px3N -----END PGP SIGNATURE----- From peter at farrows.org Wed Jun 4 10:21:48 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 4 10:22:10 2008 Subject: Mailwatch In-Reply-To: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> References: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Message-ID: <48465EAC.9090900@farrows.org> Richard Walker - Seven Internet Ltd wrote: > Hi > > I would appreciate some help with mailwatch. I have followed the > install instructions and that seem to go fine. However when i try to > log in to mailwatch i get > > > Authentication Required! > > Your username and/or password are incorrect. > > Any help would be great > > > Thanks > > Rich > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Hi Richard, I believe you will have to setup an account for the mailwatch user in the Mysql database, and its this account username and password that you use to access the web interface. At that point , once logged in as user "mailwatch" you should create a top admin account called "admin" as this is a special account name that can then drive the mailwatch whitelist and blacklist configurations. You need to make sure that the mailwatch user has permission to access the mysql database from the correct range of Ips as well otherwise your logon will be denied for that reason as well. If you look at this web page: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install a little way down is says "create the mailwatch web user" its here the username and password are set. If you have any other questions on MailScanner and mailwatch, feel free to ask away here, despite whats been said, no one has the right to tell you where to ask your questions, its still relevant to mailscanner so please don't be put off. Regards Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/eda63998/attachment.html From devonharding at gmail.com Wed Jun 4 12:21:21 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 12:21:29 2008 Subject: Spamassassin rules Message-ID: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> For MailScanner users, which one of the SARE rules (from the link below) are a must have? I have a few spam messages that are still getting through (mainly cause of BAYES_00). http://www.rulesemporium.com/rules.htm -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/bb6aaf64/attachment.html From ms-list at alexb.ch Wed Jun 4 13:01:21 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 13:01:34 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> Message-ID: <48468411.8050704@alexb.ch> On 6/4/2008 1:21 PM, Devon Harding wrote: > For MailScanner users, which one of the SARE rules (from the link below) are > a must have? I have a few spam messages that are still getting through > (mainly cause of BAYES_00). > > http://www.rulesemporium.com/rules.htm Pls consider that these rules aren't being updated and will probably stay as is NOTE: If anyone is using rules_du_jour regularly, you can stop hammering the site as you won't get anything new. There's a couple of SARE Ninjas on this list that would announce any changes. Alex From devonharding at gmail.com Wed Jun 4 13:41:34 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 13:41:45 2008 Subject: Spamassassin rules In-Reply-To: <48468411.8050704@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> Message-ID: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> > > > > NOTE: > If anyone is using rules_du_jour regularly, you can stop hammering the site > as you won't get anything new. > > There's a couple of SARE Ninjas on this list that would announce any > changes. > > Alex > > With that said, whats the best way to combat these URL spam. I'm noticing that everyone that gets through has BAYES_00 tagged which gives it a -2.60. I've already sa-learned these messages with no successes. What next? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/e95ddfb3/attachment.html From donnieq at quindardonet.net Wed Jun 4 13:43:09 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Wed Jun 4 13:42:02 2008 Subject: Watermarks and Reports Message-ID: <48468DDD.9050500@quindardonet.net> Hello, I'm using MailScanner 4.69.9. Currently, I am checking for watermarks in every e-mail. MS is also alerting users if it denies their attachments. The e-mail in which is sent from MS via postfix to the user fails the watermark test, since it is sent with an envelope address of <> and does not have a watermark. Is there a way to fix this rather quickly? Thanks! From a.peacock at chime.ucl.ac.uk Wed Jun 4 13:57:09 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Jun 4 13:57:23 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> Message-ID: <48469125.8020501@chime.ucl.ac.uk> Devon Harding wrote: >> >> >> NOTE: >> If anyone is using rules_du_jour regularly, you can stop hammering the site >> as you won't get anything new. >> >> There's a couple of SARE Ninjas on this list that would announce any >> changes. >> >> Alex >> >> > With that said, whats the best way to combat these URL spam. I'm noticing > that everyone that gets through has BAYES_00 tagged which gives it a -2.60. > I've already sa-learned these messages with no successes. What next? Hi Devon, It depends. The easiest way to get help with false negatives is to make one available to us to look at, with the rules that it does hit. Don't send it to the list, but place the full email (with all headers) on the web somewhere accessible, then people will be more likely to tell you what rules that they use to catch this sort of spam. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From hvdkooij at vanderkooij.org Wed Jun 4 14:15:31 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 4 14:15:40 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> Message-ID: <48469573.7020105@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | | | NOTE: | If anyone is using rules_du_jour regularly, you can stop hammering | the site as you won't get anything new. | | There's a couple of SARE Ninjas on this list that would announce any | changes. | | Alex | | | With that said, whats the best way to combat these URL spam. I'm | noticing that everyone that gets through has BAYES_00 tagged which gives | it a -2.60. I've already sa-learned these messages with no successes. | What next? If you get hit by messages with URL's I suggest you use URIBL. That seems to get most of them. And for those that passed. I suggest you add them to the URIBL by recommending them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRpVxBvzDRVjxmYERAq8rAJ9UnnAsj3aKrgXhRG3GpTaLSAtSzQCgsU2S 61eZX9eQUJGtfXzIiVSZGGU= =6+U0 -----END PGP SIGNATURE----- From clacroix at cegep-ste-foy.qc.ca Wed Jun 4 14:19:34 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jun 4 14:19:46 2008 Subject: About watermarks In-Reply-To: <4845C1D6.30102@tippingmar.com> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> Message-ID: <48469666.40309@cegep-ste-foy.qc.ca> Mark Nienberg a ?crit : > Charles Lacroix wrote: >> Hi, >> >> I had this configuration which reduced alot of bounces going into >> user's mailbox. >> I was quite happy with this but today some users noticed that gmail's >> vacation messages >> were beiing blocked. >> > > The watermark feature examines all messages that have a null sender. > In sendmail logs these are the ones with: > > "from=<>" > > If gmail uses that approach to send vacation messages, and does not > include the original message in the reply, then it will trigger the > bad watermark action. So if you want to be able to receive these and > still use the watermark feature, maybe you could just add 2 or 3 > points for a bad watermark. > > Mark As i said in the original post, i tried setting a few points to it and it would mark it as spam and not check via spamassassin at all. Could i just build a ruleset like this: Check Watermarks With No Sender = rules/check.watermarks.rules From: *.google.com no From: default yes mail comes from hostnames similar to this: 'qb-out-0506.google.com' Sould this work? Thanks From devonharding at gmail.com Wed Jun 4 14:29:29 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:29:40 2008 Subject: Spamassassin rules In-Reply-To: <48469125.8020501@chime.ucl.ac.uk> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469125.8020501@chime.ucl.ac.uk> Message-ID: <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> > > Hi Devon, > > It depends. > > The easiest way to get help with false negatives is to make one available > to us to look at, with the rules that it does hit. Don't send it to the > list, but place the full email (with all headers) on the web somewhere > accessible, then people will be more likely to tell you what rules that they > use to catch this sort of spam. > > -- Here is an example of spam messages that got through: http://www.sirecon.com/spam/ -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/f77b6b57/attachment.html From devonharding at gmail.com Wed Jun 4 14:30:43 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:30:52 2008 Subject: Spamassassin rules In-Reply-To: <48469573.7020105@vanderkooij.org> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> Message-ID: <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> > > > > If you get hit by messages with URL's I suggest you use URIBL. That > seems to get most of them. And for those that passed. I suggest you add > them to the URIBL by recommending them. > > Hugo. > I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/c9b5769b/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jun 4 14:33:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 14:33:26 2008 Subject: About watermarks In-Reply-To: References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> Message-ID: <48469992.60709@ecs.soton.ac.uk> Charles Lacroix wrote: > Mark Nienberg a ?crit : >> Charles Lacroix wrote: >>> Hi, >>> >>> I had this configuration which reduced alot of bounces going into >>> user's mailbox. >>> I was quite happy with this but today some users noticed that >>> gmail's vacation messages >>> were beiing blocked. >>> >> >> The watermark feature examines all messages that have a null sender. >> In sendmail logs these are the ones with: >> >> "from=<>" >> >> If gmail uses that approach to send vacation messages, and does not >> include the original message in the reply, then it will trigger the >> bad watermark action. So if you want to be able to receive these >> and still use the watermark feature, maybe you could just add 2 or 3 >> points for a bad watermark. >> >> Mark > > As i said in the original post, i tried setting a few points to it and > it would mark it as spam and not check via spamassassin at all. > > Could i just build a ruleset like this: > > Check Watermarks With No Sender = rules/check.watermarks.rules > > > From: *.google.com no > From: default yes > > mail comes from hostnames similar to this: 'qb-out-0506.google.com' > > Sould this work? No, as that "From:" will check the sender address and not the SMTP client IP address. The only way of forcing it to check an IP address is to put in the netblock definition of their outgoing IP addresses. > Thanks > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From yashodhan.barve at gmail.com Wed Jun 4 14:38:04 2008 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Wed Jun 4 14:38:18 2008 Subject: What is the best way to collect SPAM from users? Message-ID: <48469ABC.6010208@gmail.com> Hi I have a MailScanner+Postfix box in front of a MS Exchange server. Very little SPAM is getting thru that. I want to collect that and feed it to sa-learn. Forwarding the mails breaks the headers so that is not an option. I was thinking of having a common mailbox in exchange to which users would move SPAM & HAM and then I would POP it and feed it to sa-learn. So what is a good approach that works? and how do I automate it? thanks.. yashodhan From devonharding at gmail.com Wed Jun 4 14:40:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:40:59 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> Message-ID: <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding wrote: > >> >> If you get hit by messages with URL's I suggest you use URIBL. That >> seems to get most of them. And for those that passed. I suggest you add >> them to the URIBL by recommending them. >> >> Hugo. >> > > I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? > > -Devon > Hmm...I noticed these lines commented in /etc/mail/spamassassin/ mailscanner.cf. Is this it? # # Julian Field Fri Apr 28 2006 # # Added the "Black" and "Grey" URIBL lists from www.uribl.com # # #urirhssub URIBL_BLACK multi.uribl.com. A 2 #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') #describe URIBL_BLACK Contains an URL listed in the URIBL blacklist #tflags URIBL_BLACK net #score URIBL_BLACK 3.0 # #urirhssub URIBL_GREY multi.uribl.com. A 4 #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') #describe URIBL_GREY Contains an URL listed in the URIBL greylist #tflags URIBL_GREY net #score URIBL_GREY 0.25 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/58b596b2/attachment.html From a.peacock at chime.ucl.ac.uk Wed Jun 4 14:48:32 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Jun 4 14:48:44 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469125.8020501@chime.ucl.ac.uk> <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> Message-ID: <48469D30.7030006@chime.ucl.ac.uk> Devon Harding wrote: >> Hi Devon, >> >> It depends. >> >> The easiest way to get help with false negatives is to make one available >> to us to look at, with the rules that it does hit. Don't send it to the >> list, but place the full email (with all headers) on the web somewhere >> accessible, then people will be more likely to tell you what rules that they >> use to catch this sort of spam. >> >> -- > > > Here is an example of spam messages that got through: > http://www.sirecon.com/spam/ How about in plain text format? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From ms-list at alexb.ch Wed Jun 4 15:14:06 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 15:14:20 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> Message-ID: <4846A32E.20903@alexb.ch> On 6/4/2008 3:40 PM, Devon Harding wrote: > On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding > wrote: > >>> If you get hit by messages with URL's I suggest you use URIBL. That >>> seems to get most of them. And for those that passed. I suggest you add >>> them to the URIBL by recommending them. >>> >>> Hugo. >>> >> I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? >> >> -Devon >> > > > Hmm...I noticed these lines commented in /etc/mail/spamassassin/ > mailscanner.cf. Is this it? > > # > # Julian Field Fri Apr 28 2006 > # > # Added the "Black" and "Grey" URIBL lists from www.uribl.com > # > # > #urirhssub URIBL_BLACK multi.uribl.com. A 2 > #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') > #describe URIBL_BLACK Contains an URL listed in the URIBL blacklist > #tflags URIBL_BLACK net > #score URIBL_BLACK 3.0 > # > #urirhssub URIBL_GREY multi.uribl.com. A 4 > #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') > #describe URIBL_GREY Contains an URL listed in the URIBL greylist > #tflags URIBL_GREY net > #score URIBL_GREY 0.25 > > the rules are in 25_uribl.cf Julian's entries are obsolete and should be removed. (left over from the days when Uribl.com wasn't yet included in SA) Alex From martinh at solidstatelogic.com Wed Jun 4 15:16:51 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 4 15:17:02 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <48469ABC.6010208@gmail.com> Message-ID: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> hi For sa-learn feed back users need to drag/drop to the ham/spam folders. These folders should be imap folders on exchange and use the many perl scripts that be found to get the messages from the imap folder and push then to sa-learn. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Yashodhan Barve > Sent: 04 June 2008 14:38 > To: MailScanner discussion > Subject: What is the best way to collect SPAM from users? > > Hi > > I have a MailScanner+Postfix box in front of a MS Exchange server. Very > little SPAM is getting thru that. > > I want to collect that and feed it to sa-learn. Forwarding the mails > breaks the headers so that is not an option. > > I was thinking of having a common mailbox in exchange to which users > would move SPAM & HAM and then I would POP it and feed it to sa-learn. > > So what is a good approach that works? and how do I automate it? > > thanks.. > yashodhan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 4 16:01:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 16:01:38 2008 Subject: Spamassassin rules In-Reply-To: References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> Message-ID: <4846AE3D.1060700@ecs.soton.ac.uk> Alex Broens wrote: > On 6/4/2008 3:40 PM, Devon Harding wrote: >> On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding >> wrote: >> >>>> If you get hit by messages with URL's I suggest you use URIBL. That >>>> seems to get most of them. And for those that passed. I suggest you >>>> add >>>> them to the URIBL by recommending them. >>>> >>>> Hugo. >>>> >>> I thought URIBL was enabled by default in SA 3.2.4? How can I >>> verify this? >>> >>> -Devon >>> >> >> >> Hmm...I noticed these lines commented in /etc/mail/spamassassin/ >> mailscanner.cf. Is this it? >> >> # >> # Julian Field Fri Apr 28 2006 >> # >> # Added the "Black" and "Grey" URIBL lists from www.uribl.com >> # >> # >> #urirhssub URIBL_BLACK multi.uribl.com. A 2 >> #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') >> #describe URIBL_BLACK Contains an URL listed in the URIBL >> blacklist >> #tflags URIBL_BLACK net >> #score URIBL_BLACK 3.0 >> # >> #urirhssub URIBL_GREY multi.uribl.com. A 4 >> #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') >> #describe URIBL_GREY Contains an URL listed in the URIBL >> greylist >> #tflags URIBL_GREY net >> #score URIBL_GREY 0.25 >> >> > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) They won't be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Jun 4 16:15:28 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jun 4 16:15:44 2008 Subject: About watermarks In-Reply-To: <48469992.60709@ecs.soton.ac.uk> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> Message-ID: <4846B190.1000304@cegep-ste-foy.qc.ca> Julian Field a ?crit : > > > Charles Lacroix wrote: >> Mark Nienberg a ?crit : >>> Charles Lacroix wrote: >>>> Hi, >>>> >>>> I had this configuration which reduced alot of bounces going into >>>> user's mailbox. >>>> I was quite happy with this but today some users noticed that >>>> gmail's vacation messages >>>> were beiing blocked. >>>> >>> >>> The watermark feature examines all messages that have a null >>> sender. In sendmail logs these are the ones with: >>> >>> "from=<>" >>> >>> If gmail uses that approach to send vacation messages, and does not >>> include the original message in the reply, then it will trigger the >>> bad watermark action. So if you want to be able to receive these >>> and still use the watermark feature, maybe you could just add 2 or 3 >>> points for a bad watermark. >>> >>> Mark >> >> As i said in the original post, i tried setting a few points to it >> and it would mark it as spam and not check via spamassassin at all. >> >> Could i just build a ruleset like this: >> >> Check Watermarks With No Sender = rules/check.watermarks.rules >> >> >> From: *.google.com no >> From: default yes >> >> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >> >> Sould this work? > No, as that "From:" will check the sender address and not the SMTP > client IP address. The only way of forcing it to check an IP address > is to put in the netblock definition of their outgoing IP addresses. >> Thanks >> >> > > Jules > Ok. # /pattern-with-no-letters/ # Any SMTP client IP address matching this # # Perl regular expression How can i know all of gmail's outgoing smtp servers? so if i understand, this would still not work. From: /^.+\.google\.com$/ Charles From MailScanner at ecs.soton.ac.uk Wed Jun 4 16:22:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 16:22:30 2008 Subject: About watermarks In-Reply-To: References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> Message-ID: <4846B321.9050900@ecs.soton.ac.uk> Charles Lacroix wrote: > Julian Field a ?crit : >> >> >> Charles Lacroix wrote: >>> Mark Nienberg a ?crit : >>>> Charles Lacroix wrote: >>>>> Hi, >>>>> >>>>> I had this configuration which reduced alot of bounces going into >>>>> user's mailbox. >>>>> I was quite happy with this but today some users noticed that >>>>> gmail's vacation messages >>>>> were beiing blocked. >>>>> >>>> >>>> The watermark feature examines all messages that have a null >>>> sender. In sendmail logs these are the ones with: >>>> >>>> "from=<>" >>>> >>>> If gmail uses that approach to send vacation messages, and does not >>>> include the original message in the reply, then it will trigger the >>>> bad watermark action. So if you want to be able to receive these >>>> and still use the watermark feature, maybe you could just add 2 or >>>> 3 points for a bad watermark. >>>> >>>> Mark >>> >>> As i said in the original post, i tried setting a few points to it >>> and it would mark it as spam and not check via spamassassin at all. >>> >>> Could i just build a ruleset like this: >>> >>> Check Watermarks With No Sender = rules/check.watermarks.rules >>> >>> >>> From: *.google.com no >>> From: default yes >>> >>> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >>> >>> Sould this work? >> No, as that "From:" will check the sender address and not the SMTP >> client IP address. The only way of forcing it to check an IP address >> is to put in the netblock definition of their outgoing IP addresses. >>> Thanks >>> >>> >> >> Jules >> > Ok. > > # /pattern-with-no-letters/ # Any SMTP client IP address > matching this > # # Perl regular expression > > How can i know all of gmail's outgoing smtp servers? > > > so if i understand, this would still not work. > From: /^.+\.google\.com$/ Correct, it won't work. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jun 4 16:49:52 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 16:50:18 2008 Subject: About watermarks In-Reply-To: <4846B190.1000304@cegep-ste-foy.qc.ca> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> <4846B190.1000304@cegep-ste-foy.qc.ca> Message-ID: on 6-4-2008 8:15 AM Charles Lacroix spake the following: > Julian Field a ?crit : >> >> >> Charles Lacroix wrote: >>> Mark Nienberg a ?crit : >>>> Charles Lacroix wrote: >>>>> Hi, >>>>> >>>>> I had this configuration which reduced alot of bounces going into >>>>> user's mailbox. >>>>> I was quite happy with this but today some users noticed that >>>>> gmail's vacation messages >>>>> were beiing blocked. >>>>> >>>> >>>> The watermark feature examines all messages that have a null >>>> sender. In sendmail logs these are the ones with: >>>> >>>> "from=<>" >>>> >>>> If gmail uses that approach to send vacation messages, and does not >>>> include the original message in the reply, then it will trigger the >>>> bad watermark action. So if you want to be able to receive these >>>> and still use the watermark feature, maybe you could just add 2 or 3 >>>> points for a bad watermark. >>>> >>>> Mark >>> >>> As i said in the original post, i tried setting a few points to it >>> and it would mark it as spam and not check via spamassassin at all. >>> >>> Could i just build a ruleset like this: >>> >>> Check Watermarks With No Sender = rules/check.watermarks.rules >>> >>> >>> From: *.google.com no >>> From: default yes >>> >>> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >>> >>> Sould this work? >> No, as that "From:" will check the sender address and not the SMTP >> client IP address. The only way of forcing it to check an IP address >> is to put in the netblock definition of their outgoing IP addresses. >>> Thanks >>> >>> >> >> Jules >> > Ok. > > # /pattern-with-no-letters/ # Any SMTP client IP address matching > this > # # Perl regular expression > > How can i know all of gmail's outgoing smtp servers? > By their own SPF records. ;; ANSWER SECTION: _netblocks.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all" By their own SPF records. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/4c4af81c/signature.bin From gmatt at nerc.ac.uk Wed Jun 4 17:17:32 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jun 4 17:18:06 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> Message-ID: <4846C01C.5060302@nerc.ac.uk> Martin.Hepworth wrote: > hi > > For sa-learn feed back users need to drag/drop to the ham/spam > folders. > > These folders should be imap folders on exchange and use the many > perl scripts that be found to get the messages from the imap folder > and push then to sa-learn. > >> I was thinking of having a common mailbox in exchange to which >> users would move SPAM & HAM and then I would POP it and feed it to >> sa-learn. >> >> So what is a good approach that works? and how do I automate it? how much to you trust your users? seriously, users will not be as careful as you when they are throwing stuff into the spam folder. I have a mailbox for sending false positives (ham rather than spam but the same principles apply) to and users have very strict instructions on how to use it. Nonetheless, I still get spam forwarded to it on occasion and mail sent to it in the wrong format or without the original message or malformed in a hundred other ways. I once tried to automate the processing of this mailbox but there is so much that can go wrong I came to the conclusion that I didnt have the hacking skills required to anticipate and work around all possible situations. My compromise is that I read the mailbox regularly using mutt which provides a very quick and easy interface for viewing the message structure and saving exactly the right bit, I then feed this (eyeballed) data back into SA. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From rob at kettle.org.uk Wed Jun 4 18:27:52 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Jun 4 18:28:05 2008 Subject: Bad Filenames In-Reply-To: References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> Message-ID: <4846D098.5060800@kettle.org.uk> Hi, hoping someone can help because I may have missed the obvious.... Is there a way to whitelist a sender so that bad filename or filetype rules are not applied ? many thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Wed Jun 4 18:36:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 18:37:04 2008 Subject: Spamassassin rules In-Reply-To: <4846A32E.20903@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> Message-ID: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> > > >> > > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) > > Alex > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin directory. Where is it located? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/224f4edb/attachment.html From devonharding at gmail.com Wed Jun 4 18:39:09 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 18:39:18 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding wrote: > >>> >> >> >> the rules are in 25_uribl.cf >> >> Julian's entries are obsolete and should be removed. >> (left over from the days when Uribl.com wasn't yet included in SA) >> >> Alex >> > > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin > directory. Where is it located? > > -Devon > Disregard....found it here: http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/336fe109/attachment.html From shuttlebox at gmail.com Wed Jun 4 18:40:18 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 4 18:40:26 2008 Subject: Bad Filenames In-Reply-To: <4846D098.5060800@kettle.org.uk> References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> <4846D098.5060800@kettle.org.uk> Message-ID: <625385e30806041040m54c4031el727ebe04f808fa1b@mail.gmail.com> On Wed, Jun 4, 2008 at 7:27 PM, Rob Kettle wrote: > Hi, > > hoping someone can help because I may have missed the obvious.... > > Is there a way to whitelist a sender so that bad filename or filetype rules > are not applied ? Look into rulesets. Create multiple filename and filetype files and let the ruleset select between them. It's in the wiki too. -- /peter From ssilva at sgvwater.com Wed Jun 4 18:44:42 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 18:44:59 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <4846C01C.5060302@nerc.ac.uk> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> <4846C01C.5060302@nerc.ac.uk> Message-ID: on 6-4-2008 9:17 AM Greg Matthews spake the following: > Martin.Hepworth wrote: >> hi >> >> For sa-learn feed back users need to drag/drop to the ham/spam >> folders. >> >> These folders should be imap folders on exchange and use the many >> perl scripts that be found to get the messages from the imap folder >> and push then to sa-learn. >> >>> I was thinking of having a common mailbox in exchange to which >>> users would move SPAM & HAM and then I would POP it and feed it to >>> sa-learn. >>> >>> So what is a good approach that works? and how do I automate it? > > how much to you trust your users? seriously, users will not be as > careful as you when they are throwing stuff into the spam folder. I have > a mailbox for sending false positives (ham rather than spam but the same > principles apply) to and users have very strict instructions on how to > use it. Nonetheless, I still get spam forwarded to it on occasion and > mail sent to it in the wrong format or without the original message or > malformed in a hundred other ways. > > I once tried to automate the processing of this mailbox but there is so > much that can go wrong I came to the conclusion that I didnt have the > hacking skills required to anticipate and work around all possible > situations. > > My compromise is that I read the mailbox regularly using mutt which > provides a very quick and easy interface for viewing the message > structure and saving exactly the right bit, I then feed this (eyeballed) > data back into SA. > > GREG And users are notorious for reporting as spam stuff they subscribed to ( opt-in) but don't want anymore and are too lazy to unsubscribe from. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/f737e96b/signature-0001.bin From devonharding at gmail.com Wed Jun 4 19:10:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 19:10:59 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> Message-ID: <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> On Wed, Jun 4, 2008 at 1:39 PM, Devon Harding wrote: > > > On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding > wrote: > >> >>>> >>> >>> >>> the rules are in 25_uribl.cf >>> >>> Julian's entries are obsolete and should be removed. >>> (left over from the days when Uribl.com wasn't yet included in SA) >>> >>> Alex >>> >> >> Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin >> directory. Where is it located? >> >> -Devon >> > > Disregard....found it here: > http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf > I''m wondering if I should load the rest of the rules from http://spamassassin.apache.org/full/3.0.x/dist/rules/? any thoughts? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/22dc8746/attachment.html From yashodhan.barve at gmail.com Wed Jun 4 19:16:44 2008 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Wed Jun 4 19:16:53 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> Message-ID: <4846DC0C.2070701@gmail.com> Thanks Martin, Greg & Scott for your feedback. I guess I will be implementing the check and sa-learn since it is too easy to move wrong messages in the public folders. Thanks again. yashodhan From ssilva at sgvwater.com Wed Jun 4 19:25:45 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 19:26:01 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: on 6-4-2008 10:36 AM Devon Harding spake the following: > > > > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) > > Alex > > > Hmm....I don't even have 25_uribl.cf in my > /etc/mail/spamassassin directory. Where is it located? > > -Devon > That is where you put custom rules. Look in /usr/share/spamassassin -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/fb5b6a56/signature.bin From ssilva at sgvwater.com Wed Jun 4 19:29:56 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 19:35:11 2008 Subject: Spamassassin rules In-Reply-To: <48468411.8050704@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> Message-ID: on 6-4-2008 5:01 AM Alex Broens spake the following: > On 6/4/2008 1:21 PM, Devon Harding wrote: >> For MailScanner users, which one of the SARE rules (from the link >> below) are >> a must have? I have a few spam messages that are still getting through >> (mainly cause of BAYES_00). >> >> http://www.rulesemporium.com/rules.htm > > Pls consider that these rules aren't being updated and will probably > stay as is > > NOTE: > If anyone is using rules_du_jour regularly, you can stop hammering the > site as you won't get anything new. > > There's a couple of SARE Ninjas on this list that would announce any > changes. > > Alex > Is there some posting that they won't be updated? Just curious as I haven't heard anything about it, but I have been off the spamassassin list for a while (way too much traffic for the time I have available). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/c39ca7ef/signature.bin From ms-list at alexb.ch Wed Jun 4 20:43:11 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 20:43:30 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: <4846F04F.1020503@alexb.ch> On 6/4/2008 7:36 PM, Devon Harding wrote: >> >> >> the rules are in 25_uribl.cf >> >> Julian's entries are obsolete and should be removed. >> (left over from the days when Uribl.com wasn't yet included in SA) >> >> Alex >> > > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin > directory. Where is it located? locate 25_uribl.cf /usr/share/spamassassin/25_uribl.cf /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf From ms-list at alexb.ch Wed Jun 4 20:47:36 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 20:47:50 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> Message-ID: <4846F158.5020202@alexb.ch> On 6/4/2008 8:10 PM, Devon Harding wrote: > On Wed, Jun 4, 2008 at 1:39 PM, Devon Harding > wrote: > >> >> On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding >> wrote: >> >>>> >>>> the rules are in 25_uribl.cf >>>> >>>> Julian's entries are obsolete and should be removed. >>>> (left over from the days when Uribl.com wasn't yet included in SA) >>>> >>>> Alex >>>> >>> Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin >>> directory. Where is it located? >>> >>> -Devon >>> >> Disregard....found it here: >> http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf >> > > > > I''m wondering if I should load the rest of the rules from > http://spamassassin.apache.org/full/3.0.x/dist/rules/? > > any thoughts? NO! hands off - beer time... no need to becoem over-creative :-) if you installed SA, its all there. if you see no URIBL or SURBL hits, it probably means your URIBL plugin is not enabled in /etc/mail/spamassassin/v320.pre if enabled but you see SURBL yet no URIBL.com hits, it means your DNS recursor/cacher has been ACLd by Uribl.com and you may need a datafeed. Alex From devonharding at gmail.com Wed Jun 4 21:41:38 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 21:41:48 2008 Subject: Spamassassin rules In-Reply-To: <4846F158.5020202@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> <4846F158.5020202@alexb.ch> Message-ID: <2baac6140806041341n2b0b235bua5851dd31d725d7a@mail.gmail.com> > > > > > NO! hands off - beer time... no need to becoem over-creative :-) > > if you installed SA, its all there. > > if you see no URIBL or SURBL hits, it probably means your URIBL plugin is > not enabled in /etc/mail/spamassassin/v320.pre > > if enabled but you see SURBL yet no URIBL.com hits, it means your DNS > recursor/cacher has been ACLd by Uribl.com and you may need a datafeed. > > > Alex > I see SURBL but no URIBL.com hits. How do I obtain a datafeed? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/1f478ce3/attachment.html From lists at designmedia.com Wed Jun 4 23:14:32 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 23:14:56 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: Ken Goods cropusainsurance.com> writes: > I used a guide on the MailScanner site for the initial setup. Take a look > around there and see what you come up with. If you need more help or have > other questions don't hesitate to ask. Hi Ken, I'm currently installing a MailScanner (using Sendmail) and Exchange 2007 setup and have it mostly configured but in the process of testing it, I did come across an issue. When I create a distribution list in Exchange, by default it only accepts mail from authenticated senders. I have to manually unset that option before I can send emails to that distribution list from the outside world. How do I make my MailScanner box an authenticated sender to Exchange? Currently, there is a Receive Connector that accepts anonymous SMTP only from the MailScanner box and no other IP. Thanks. From peter at farrows.org Wed Jun 4 23:41:27 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 4 23:41:48 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: <48471A17.2020707@farrows.org> Henry Kwan wrote: > Ken Goods cropusainsurance.com> writes: > > >> I used a guide on the MailScanner site for the initial setup. Take a look >> around there and see what you come up with. If you need more help or have >> other questions don't hesitate to ask. >> > > Hi Ken, > > I'm currently installing a MailScanner (using Sendmail) and Exchange 2007 setup > and have it mostly configured but in the process of testing it, I did come > across an issue. > > When I create a distribution list in Exchange, by default it only accepts mail > from authenticated senders. I have to manually unset that option before I can > send emails to that distribution list from the outside world. How do I make my > MailScanner box an authenticated sender to Exchange? Currently, there is a > Receive Connector that accepts anonymous SMTP only from the MailScanner box and > no other IP. > > Thanks. > > > If your MailSCanner authenticated to the exchange and it accepts email from the outside world, then the end result is the same as simply unchecking the authenticated senders option. Its there as a mechanism to prevent outsiders from emailing certain groups within the organisation. For example if you had a distribution group than encompassed the whole company you wouldn't necessarily want outsiders to the company being able to fire one email that went to all say 1000+ employees. This mechanism simply allows control over who can email to the distribution list. If you want people from outside to be able to use certain distribution groups then you simply turn this option off for those groups, its not really any big deal, exchange versions prior to 2007 didn't have this "feature" implemented in this way anyway so its no great loss turning it off. You can probably setup a group policy option to set this automagically by default. Use this command to unset it for Set-DistributionGroup "? -RequireSenderAuthenticationEnabled $False P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/7c609ac9/attachment.html From lists at designmedia.com Thu Jun 5 01:41:27 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jun 5 01:41:53 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: Peter Farrow farrows.org> writes: > If your MailSCanner authenticated to the exchange and it accepts email > from the outside world, then the end result is the same as simply > unchecking the authenticated senders option. Its there as a mechanism > to prevent outsiders from emailing certain groups within the > organisation. For example if you had a distribution group than > encompassed the whole company you wouldn't necessarily want outsiders > to the company being able to fire one email that went to all say 1000+ > employees. Ah, ok. Thanks for the explanation. I'll just stick with setting that option to off for all of my public distribution groups then. But is there any value to making the MailScanner box an authenticated sender to Exchange? Is there even a way to do this? Thanks. From hvdkooij at vanderkooij.org Thu Jun 5 06:06:03 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 5 06:06:14 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: <4847743B.6030003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Kwan wrote: | But is there any value to making the MailScanner box an authenticated sender to | Exchange? Is there even a way to do this? MailScanner does not communicate with Exchange. Your MTA on the MailScanner machine does. Which is ? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIR3Q6BvzDRVjxmYERAk0uAJ9F74KcZWJBvArBKOJl+YwnVIMvsgCfRl/S /ZaSM4t5uwMQ0XhdB8Znw90= =9azP -----END PGP SIGNATURE----- From gary at sgluk.com Thu Jun 5 09:21:26 2008 From: gary at sgluk.com (Gary Pentland) Date: Thu Jun 5 09:21:54 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: > But is there any value to making the MailScanner box an > authenticated sender to Exchange? Is there even a way to do this? Yes, I found this after an upgrade to Exchange 2007. As Hugo pointed out, it's not MailScanner itself but the MTA software that does the sending of mail and hence needs to do the authentication bit. I use sendmail and it is possible to make sendmail authenticate when sending to Exchange. Start with http://www.sendmail.org/~ca/email/auth.html - about half way down it starts the "client" side authentication stuff. Remember when sending to another MTA (Exchange in this case) sendmail or whatever is the client sending to a server for onward delivery. If you're not using sendmail then I'm afraid you'll have to ask others on this or other lists for advice. Gary From Dirk.Heuvels at inovasec.de Thu Jun 5 09:55:29 2008 From: Dirk.Heuvels at inovasec.de (Dirk.Heuvels@inovasec.de) Date: Thu Jun 5 09:55:46 2008 Subject: Clamav timeouts block Mailscanner Message-ID: Hello, I am using Mailscanner for quiet a while and I'm really happy with it. There is only one problem which arises from time to time. Whenever a message is big enough to let clamav time out, MS will write "Denial Of Service attack detected" to its log and restart the affected MS child process. (We sometimes receive compressed logfiles, wich increase dramatically in size when being uncompressed for scanning.) Unfortunately after spawning a new process MC will try to rescan the same message again, wich will fail. I tried playing with the "Max Children" Option, but this doesn't solve the problem. The queue will fill up with messages on hold, because at least one MS Process won't requeue any mails, as it plays with the message that always times out. Did anyone solve this problem already? Is there a way to tell MS to mark the blocking message as "unavailable", as it is possible for spamassassin (Option "Max SpamAssassin Timeouts")? Thanks in advance, Dirk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/8bfe9a85/attachment.html From list-mailscanner at linguaphone.com Wed Jun 4 12:45:19 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 5 10:14:18 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> Message-ID: <1212579918.15489.3.camel@gblades-suse.linguaphone-intranet.co.uk> http://www.gbnetwork.co.uk/mailscanner/ On Wed, 2008-06-04 at 12:21, Devon Harding wrote: > For MailScanner users, which one of the SARE rules (from the link > below) are a must have? I have a few spam messages that are still > getting through (mainly cause of BAYES_00). > > http://www.rulesemporium.com/rules.htm > > -Devon > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Jun 5 11:06:38 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 5 11:06:51 2008 Subject: Bad Filenames In-Reply-To: <4846D098.5060800@kettle.org.uk> Message-ID: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> Rob Rule overloading is what you need.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Kettle > Sent: 04 June 2008 18:28 > To: MailScanner discussion > Subject: Bad Filenames > > Hi, > > hoping someone can help because I may have missed the obvious.... > > Is there a way to whitelist a sender so that bad filename or filetype > rules are not applied ? > > many thanks > Rob > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From pedro.hoffmann at gmail.com Thu Jun 5 15:30:13 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 15:30:23 2008 Subject: .AGP Files Message-ID: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> Hello. I have this client that sends attached in the message a file, with the extension .agp This file is a security signature to work with banks, but if Mailscanner scan it for virus, it gets corrupted. How should I do to make mailscanner don't scan this kind a file? Already try to put this in /etc/MailScanner/filnename.rules.conf Something like this: allow \.agp$ - - But still getting corrupted. What should I do? Thanks for the help! Regards Pedro -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/ca0c0bc1/attachment.html From alex at nkpanama.com Thu Jun 5 15:42:01 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 5 15:42:36 2008 Subject: .AGP Files Message-ID: <200806051442.m55EgRIT006784@safir.blacknight.ie> Scanning for viruses doesn't corrupt files. Modifying the message after it's scanned (adding signatures and headers) may make digital signatures like DKIM and such fail their specific checks because the message has been modified. Allowing the file through doesn't corrupt the file. It changes the message. You need to NOT process those messages. Try adding: Scan Messages = %rules-dir%/scan.messages.rules And in your scan.messages.rules file, located within the %rules-dir% folder, add: FromOrTo: default yes From: xx.xx.xx.xx no ... where xx.xx.xx.xx is the IP address of the sending server. You could ask "why not use From: *@domain.com"... that would mean that anyone could pretend to be from that domain and get through mailscanner untouched. In fact, the truly paranoid could use: From: blabla@domain.com and From: xx.xx.xx.xx yes That would mean a message would have to be from blabla@domain.com AND come from that IP in order to skip processing by MailScanner. Fake messages from elsewhere would be scanned, and messages that don't have that AGP thing would be scanned because they come from somebody else that doesn't use them. On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with > the extension .agp > This file is a security signature to work with banks, but if > Mailscanner scan it for virus, it gets corrupted. > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rgreen at trayerproducts.com Thu Jun 5 16:13:13 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Jun 5 16:14:03 2008 Subject: .AGP Files In-Reply-To: <200806051442.m55EgRIT006784@safir.blacknight.ie> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> Message-ID: <48480289.70209@trayerproducts.com> Should the "FromorTo: default yes" statement be the last line in the scan.messages.rule file? Alex Neuman wrote: > Scanning for viruses doesn't corrupt files. > Modifying the message after it's scanned (adding signatures and > headers) may make digital signatures like DKIM and such fail their > specific checks because the message has been modified. > Allowing the file through doesn't corrupt the file. It changes the > message. > You need to NOT process those messages. Try adding: > Scan Messages = %rules-dir%/scan.messages.rules > > And in your scan.messages.rules file, located within the %rules-dir% > folder, add: > > FromOrTo: default yes > From: xx.xx.xx.xx no > > ... where xx.xx.xx.xx is the IP address of the sending server. > > You could ask "why not use From: *@domain.com"... that would mean that > anyone could pretend to be from that domain and get through > mailscanner untouched. > > In fact, the truly paranoid could use: > > From: blabla@domain.com and From: xx.xx.xx.xx yes > > That would mean a message would have to be from blabla@domain.com AND > come from that IP in order to skip processing by MailScanner. Fake > messages from elsewhere would be scanned, and messages that don't have > that AGP thing would be scanned because they come from somebody else > that doesn't use them. > > On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pedro.hoffmann at gmail.com Thu Jun 5 17:44:41 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 17:44:52 2008 Subject: .AGP Files In-Reply-To: <48480289.70209@trayerproducts.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> Message-ID: <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> In the moment I'm not using the scan.messages.rules What about I remove the signature of e-mail? Those signature that mailscanner put in the sent e-mail. Will sove? Thanks so much about this help Regards Pedro 2008/6/5 Rodney Green : > Should the "FromorTo: default yes" statement be the last line in the > scan.messages.rule file? > > Alex Neuman wrote: > >> Scanning for viruses doesn't corrupt files. >> Modifying the message after it's scanned (adding signatures and headers) >> may make digital signatures like DKIM and such fail their specific checks >> because the message has been modified. >> Allowing the file through doesn't corrupt the file. It changes the >> message. >> You need to NOT process those messages. Try adding: >> Scan Messages = %rules-dir%/scan.messages.rules >> >> And in your scan.messages.rules file, located within the %rules-dir% >> folder, add: >> >> FromOrTo: default yes >> From: xx.xx.xx.xx no >> >> ... where xx.xx.xx.xx is the IP address of the sending server. >> >> You could ask "why not use From: *@domain.com"... that would mean that >> anyone could pretend to be from that domain and get through mailscanner >> untouched. >> >> In fact, the truly paranoid could use: >> >> From: blabla@domain.com and From: xx.xx.xx.xx yes >> >> That would mean a message would have to be from blabla@domain.com AND >> come from that IP in order to skip processing by MailScanner. Fake messages >> from elsewhere would be scanned, and messages that don't have that AGP thing >> would be scanned because they come from somebody else that doesn't use them. >> >> On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/2f049c91/attachment.html From davejenx at googlemail.com Thu Jun 5 18:04:44 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Thu Jun 5 18:04:54 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 Message-ID: Hello, I'm new to the list . I have successfully run MailScanner with sendmail for a couple of years, now setting it up with postfix on another server. MailScanner & postfix have mostly been running happily for a few weeks, averaging about 5 msgs/min. But on two occasions we've had defunct MailScanner processes and the error "postfix: Process did not exit cleanly, returned 1 with signal 0". Once the error & the defunct processes started appearing, there was an ever-growing "Found N messages waiting" (got to 480 first time) and no mail getting through. /var/log/maillog revealed that the same batch of 30 messages was being scanned over & over. Disabling virus scanning in MailScanner.conf, didn't help. Neither did removing all "yes" entries from /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I restarted MailScanner after each change.) Finally I turned off scanning (Scan Messages = no) and this allowed the queue to clear. I then switched scanning, virus and spamassassin back on (i.e. restored previous config) and it then ran fine. I'm wondering if it was a peculiarity of one of the messages that caused MailScanner to crash. The second time it happened, before clearing the queue I took a copy of /var/spool/MailScanner/incoming; will that help in debugging the problem? If so, what should I do with it and if not, what should I do next time it happens? Software: Centos 5 postfix-2.3.3-2 mailscanner-4.69.8-1 from rpm from mailscanner.info clamav-0.93-2.el5.rf spamassassin-3.1.9-1.el5 Hardware: CPU: AMD Phenom(tm) 9550 Quad-Core Processor RAM: 2G DIsks: 2 x 500GB SATA in software RAID-1 Thanks, Dave. From ssilva at sgvwater.com Thu Jun 5 18:20:08 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 5 18:20:27 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> Message-ID: on 6-5-2008 9:44 AM Pedro Bordin Hoffmann - [M]orpheus spake the following: > In the moment I'm not using the scan.messages.rules > > What about I remove the signature of e-mail? Those signature that > mailscanner put in the sent e-mail. > Will solve? > You would have to test it and see if it solves it. Or you can use a ruleset to only tag outgoing mail, and leave incoming untagged. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/ffcc8870/signature.bin From pedro.hoffmann at gmail.com Thu Jun 5 18:41:28 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 18:41:49 2008 Subject: .AGP Files In-Reply-To: <48480289.70209@trayerproducts.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> Message-ID: <21be6cae0806051041t6e052a39lf8ad8600a064c008@mail.gmail.com> Hummm, I'll test the remove of signature. But, some doubts has come to mind :) From: user@domain.com From: 192.168.1.25 yes Should be like that? I have only one user that sends this kind a message. Don't want to all output messages goes without passing by mailscanner. So will be like that the scan.messages.rule file? Thanks Pedro 2008/6/5 Rodney Green : > Should the "FromorTo: default yes" statement be the last line in the > scan.messages.rule file? > > Alex Neuman wrote: > >> Scanning for viruses doesn't corrupt files. >> Modifying the message after it's scanned (adding signatures and headers) >> may make digital signatures like DKIM and such fail their specific checks >> because the message has been modified. >> Allowing the file through doesn't corrupt the file. It changes the >> message. >> You need to NOT process those messages. Try adding: >> Scan Messages = %rules-dir%/scan.messages.rules >> >> And in your scan.messages.rules file, located within the %rules-dir% >> folder, add: >> >> FromOrTo: default yes >> From: xx.xx.xx.xx no >> >> ... where xx.xx.xx.xx is the IP address of the sending server. >> >> You could ask "why not use From: *@domain.com"... that would mean that >> anyone could pretend to be from that domain and get through mailscanner >> untouched. >> >> In fact, the truly paranoid could use: >> >> From: blabla@domain.com and From: xx.xx.xx.xx yes >> >> That would mean a message would have to be from blabla@domain.com AND >> come from that IP in order to skip processing by MailScanner. Fake messages >> from elsewhere would be scanned, and messages that don't have that AGP thing >> would be scanned because they come from somebody else that doesn't use them. >> >> On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/aacef9c4/attachment.html From ssilva at sgvwater.com Thu Jun 5 18:44:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 5 18:44:59 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: on 6-5-2008 10:04 AM Dave Jenkins spake the following: > Hello, > > I'm new to the list . I have successfully run MailScanner with > sendmail for a couple of years, now setting it up with postfix on > another server. > > MailScanner & postfix have mostly been running happily for a few > weeks, averaging about 5 msgs/min. But on two occasions we've had > defunct MailScanner processes and the error "postfix: Process did not > exit cleanly, returned 1 with signal 0". > > Once the error & the defunct processes started appearing, there was an > ever-growing "Found N messages waiting" (got to 480 first time) and no > mail getting through. /var/log/maillog revealed that the same batch of > 30 messages was being scanned over & over. > > Disabling virus scanning in MailScanner.conf, didn't help. Neither did > removing all "yes" entries from > /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I > restarted MailScanner after each change.) Finally I turned off > scanning (Scan Messages = no) and this allowed the queue to clear. > > I then switched scanning, virus and spamassassin back on (i.e. > restored previous config) and it then ran fine. I'm wondering if it > was a peculiarity of one of the messages that caused MailScanner to > crash. > > The second time it happened, before clearing the queue I took a copy > of /var/spool/MailScanner/incoming; will that help in debugging the > problem? If so, what should I do with it and if not, what should I do > next time it happens? > > Software: > Centos 5 > postfix-2.3.3-2 > mailscanner-4.69.8-1 from rpm from mailscanner.info > clamav-0.93-2.el5.rf > spamassassin-3.1.9-1.el5 > > Hardware: > CPU: AMD Phenom(tm) 9550 Quad-Core Processor > RAM: 2G > DIsks: 2 x 500GB SATA in software RAID-1 > > Thanks, > Dave. If a single message brought down the system, it is usually the oldest message in the queue. So if you copied the queue, and the times are preserved, you could look there. Many times what kills postfix is non-queue files in the queue directory. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/08272f4f/signature.bin From lists at designmedia.com Thu Jun 5 23:43:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jun 5 23:43:44 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> <4847743B.6030003@vanderkooij.org> Message-ID: Hugo van der Kooij vanderkooij.org> writes: > Henry Kwan wrote: > > | But is there any value to making the MailScanner box an authenticated > sender to > | Exchange? Is there even a way to do this? > > MailScanner does not communicate with Exchange. Your MTA on the > MailScanner machine does. Which is ? Ah, poor wording on my part. I should have known better. :) I'm running sendmail so Gary Pentland's link for "Using sendmail as a client with AUTH" should work for me. I'll try it out in a bit. Thanks to both of you. From james at gray.net.au Thu Jun 5 23:08:21 2008 From: james at gray.net.au (James Gray) Date: Fri Jun 6 04:07:31 2008 Subject: Viruses flagged as spam too Message-ID: Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/02171427/smime.bin From prandal at herefordshire.gov.uk Fri Jun 6 07:24:42 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 6 07:24:57 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03DB9D86@HC-MBX02.herefordshire.gov.uk> Bad idea! Learning viruses as spam (and training Bayes with them) may well protect you against new variants which are sufficiently similar to their predecessors but not enough to be caught by your antivirus program. What you propose is a false economy, IMHO. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Gray Sent: 05 June 2008 23:08 To: MailScanner Discussion List Subject: Viruses flagged as spam too Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James From rob at kettle.org.uk Fri Jun 6 07:36:33 2008 From: rob at kettle.org.uk (rob@kettle.org.uk) Date: Fri Jun 6 07:36:48 2008 Subject: Bad Filenames In-Reply-To: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> References: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> Message-ID: Hi, thanks. that has sorted it. Rob > Rob > > Rule overloading is what you need.. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Kettle >> Sent: 04 June 2008 18:28 >> To: MailScanner discussion >> Subject: Bad Filenames >> >> Hi, >> >> hoping someone can help because I may have missed the obvious.... >> >> Is there a way to whitelist a sender so that bad filename or filetype >> rules are not applied ? >> >> many thanks >> Rob >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > From martinh at solidstatelogic.com Fri Jun 6 08:03:36 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 6 08:03:35 2008 Subject: Viruses flagged as spam too Message-ID: James How many viruses are you seeing? Ie whats the size of the problem? For me i see very few (1 a day maybe), so this option wouldn;t gain me much. -- martin -----Original Message----- From: James Gray Sent: Friday, June 06, 2008 4:13 AM To: MailScanner Discussion List Subject: Viruses flagged as spam too Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From telecaadmin at gmail.com Fri Jun 6 09:19:02 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 6 09:20:50 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: <4848F2F6.3060803@gmail.com> >> MailScanner & postfix have mostly been running happily for a few >> weeks, averaging about 5 msgs/min. But on two occasions we've had >> defunct MailScanner processes and the error "postfix: Process did not >> exit cleanly, returned 1 with signal 0". >> >> Once the error & the defunct processes started appearing, there was an >> ever-growing "Found N messages waiting" (got to 480 first time) and no >> mail getting through. /var/log/maillog revealed that the same batch of >> 30 messages was being scanned over & over. I looks like your postfix has problems. postfix does not do such things - maybe some smtpds died in the middle of something? Did you DOUBLEcheck your config? Please have a CLOSE look into the maillog for postfix's error messages - they can be quite subtle at times. >> The second time it happened, before clearing the queue I took a copy >> of /var/spool/MailScanner/incoming; will that help in debugging the >> problem? If so, what should I do with it and if not, what should I do >> next time it happens? Make sure that MailScanner is running as your postfix user and you did the postfix-specific side of the setup procedure. Your versions of postfix and MailScanner look fine. One small thing: have a look at the permissions and ownerships of the incoming/ snapshot you took. postfix will be totally knocked out if queue files have wrong ownerships. The delivery will come to a total(!) halt, and you will not really see any errors in the log. All files should have postfix as owner, and 0600 if the files are "in progress" and 0700 if they are deemed ready for final delievery. To hardcore-test your postfix you can do the following: Stop MailScanner, have only postfix running. #> cd /var/spool/postfix #> mv hold/ incoming #> chmod 0700 incoming/ This file should be delivered successfully without any scanning and you should see entries in the maillog. Cheers, Ronny From gmatt at nerc.ac.uk Fri Jun 6 10:13:02 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 6 10:13:46 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> Message-ID: <4848FF9E.1020509@nerc.ac.uk> Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with the > extension .agp > This file is a security signature to work with banks, but if Mailscanner > scan it for virus, it gets corrupted. this is almost certainly your signature - this was discussed way back on the list. It is alleged that there is a bug in perl itself which means that the signature adding bit of MailScanner can end up changing the line terminations throughout the whole message body. This obviously affects digital signatures and the like. As far as I know it has never been fixed. I'm having difficulty tracking down the relevant threads on this list but it has been discussed a couple of times. Either you have secure digital signatures, OR you add a corporate sig onto each message. You can't have both. Of course you can add a rule-set for adding/not adding the corporate sig. GREG > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ja at conviator.com Fri Jun 6 10:41:06 2008 From: ja at conviator.com (Jan Agermose) Date: Fri Jun 6 10:41:35 2008 Subject: tmp blocking new incomming mail Message-ID: hi I want to block for new mails with out stopping mailscanner handling mails already queued and I dont want to do it by sending a "get back later" error since this will not ofload to the 2. MX correct? So I was thinking that I could simply block using iptables but Im not sure how to write the rule with out stopping Mailscanner completly. But as I understand it the incomming sendmail is listening on eht0 and the outgoing is listening on the lo-interface? So if I block port 25 on eth0 only then Mailscanner will still be able to process all the mails queued already? regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/d42bcf02/attachment.html From garyalex at gmail.com Fri Jun 6 10:49:45 2008 From: garyalex at gmail.com (Gary Alexander) Date: Fri Jun 6 10:49:55 2008 Subject: tmp blocking new incomming mail In-Reply-To: References: Message-ID: <5489f9700806060249v3e5ed5cn9f7a9808441497f8@mail.gmail.com> 2008/6/6 Jan Agermose : > hi > > > > I want to block for new mails with out stopping mailscanner handling mails > already queued and I dont want to do it by sending a "get back later" error > since this will not ofload to the 2. MX correct? So I was thinking that I > could simply block using iptables but Im not sure how to write the rule with > out stopping Mailscanner completly. But as I understand it the incomming > sendmail is listening on eht0 and the outgoing is listening on the > lo-interface? So if I block port 25 on eth0 only then Mailscanner will still > be able to process all the mails queued already? > > > > regards > > Jan You can do it with iptables: iptables -I INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT That's applicable if eth0 is your external interface to the internet... -- Open Answers to IT Questions - http://www.openanswers.co.za Recycle your unwanted goods - http://www.freecycle.org From glenn.steen at gmail.com Fri Jun 6 10:50:57 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 10:51:07 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> 2008/6/5 Dave Jenkins : > Hello, > > I'm new to the list . I have successfully run MailScanner with > sendmail for a couple of years, now setting it up with postfix on > another server. > > MailScanner & postfix have mostly been running happily for a few > weeks, averaging about 5 msgs/min. But on two occasions we've had > defunct MailScanner processes and the error "postfix: Process did not > exit cleanly, returned 1 with signal 0". > > Once the error & the defunct processes started appearing, there was an > ever-growing "Found N messages waiting" (got to 480 first time) and no > mail getting through. /var/log/maillog revealed that the same batch of > 30 messages was being scanned over & over. > > Disabling virus scanning in MailScanner.conf, didn't help. Neither did > removing all "yes" entries from > /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I > restarted MailScanner after each change.) Finally I turned off > scanning (Scan Messages = no) and this allowed the queue to clear. > > I then switched scanning, virus and spamassassin back on (i.e. > restored previous config) and it then ran fine. I'm wondering if it > was a peculiarity of one of the messages that caused MailScanner to > crash. > > The second time it happened, before clearing the queue I took a copy > of /var/spool/MailScanner/incoming; will that help in debugging the > problem? If so, what should I do with it and if not, what should I do > next time it happens? > > Software: > Centos 5 > postfix-2.3.3-2 > mailscanner-4.69.8-1 from rpm from mailscanner.info > clamav-0.93-2.el5.rf > spamassassin-3.1.9-1.el5 > > Hardware: > CPU: AMD Phenom(tm) 9550 Quad-Core Processor > RAM: 2G > DIsks: 2 x 500GB SATA in software RAID-1 > > Thanks, > Dave. Next time it happens, look in the hold queue, the oldest messages, to see if you have a problem there. If it were non-queue files fouling things up, doing what you did would likely not have cleared things up, so it might not be the usual razor agent log misplaced in the hold directory... More like some subtle permission thing or subcomponent "borking totally" on a specific mail. Trick is to find what part and what to do with it:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 6 11:44:57 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 11:45:07 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> Message-ID: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Guys'n'gals! It's that silly time of year again, when nominations are counted... bribes are made... accusations fly...:-) Let your voice be counted for Jules and MailScanner! I've just nominated MailScanner (with the official link of http://www.mailscanner.info) both for Best Project and Best SysAdmin Tool... Why don't you do that too? Cheers -- Glenn ---------- Forwarded message ---------- From: SourceForge. net Community Choice Awards Date: 2008/6/6 Subject: Vote for Open Source Awesomeness! To: glenn.steen@gmail.com If you can't read the message below, you can view it on the web at http://sourceforge.net/community/wp-content/uploads/2008/06/nominate.html. You have received this message because you subscribed to it on SourceForge(R).net. To unsubscribe from future mailings, login to the SourceForge.net site and modify your subscription preferences at: https://sourceforge.net/account/ Hey! You! Are you sick of letting the big hardware companies, tech blogs, and mainstream media decide which open source projects deserve widespread attention? So are we. That's why we created the SourceForge.net Community Choice Awards, and we need your nominations! Award Categories Most Likely to Change the World Best New Project Most Likely to Be Ambiguously Accused of Patent Violation Most Likely to Get Users Sued Best Tool or Utility for SysAdmins Best Tool or Utility for Developers Best Project Best Project for the Enterprise Best Project for Educators Most Likely to Be the Next $1B Acquisition Best Project for Multimedia Best Project for Gamers Based on your nominations, ten finalists will be chosen in each category. The winners will receive our coveted award robot, be showered with praise, and will have vastly increased reputation in the city or town of their choice. So nominate now, because there's no better way to tell the world that your favorite open source project can beat up your friend's favorite open source project. Make your voice heard! This message was sent on behalf of SourceForge.net. To unsubscribe from future mailings, login to the SourceForge(R).net site and modify your subscription preferences at: https://sourceforge.net/account/ Or contact us by postal mail at: Attn: SourceForge(R).net Legal Services - Unsubscribe SourceForge(R), Inc. 650 Castro Street, Suite 450 Mountain View, CA 94041 Unsubscribe requests will be processed within 10 days of receipt. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Jun 6 12:26:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 6 12:26:53 2008 Subject: F-Secure licence keys for V7.0.1? Message-ID: <48491EEB.4060907@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone give me a working licence key for the command-line client? Someone gave me a key to use for development work, but it isn't accepted. I've got the 64 bit package, but no licence key. It won't start without one. :-( It will only be used for development work, and will never be given to anyone, you're quite safe. But I can't implement support for it if I can't run it with a real licence :-( Thanks folks, Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFISR7sEfZZRxQVtlQRAo6NAKDV/oAaVnLoOtPfzBBWWpifp9wwewCgu8P2 fe5aOZlZXddcK6DJok2Y10Y= =NUsP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Hostmaster at computerservicecentre.com Fri Jun 6 12:36:29 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Fri Jun 6 12:36:46 2008 Subject: F-Secure licence keys for V7.0.1? In-Reply-To: <48491EEB.4060907@ecs.soton.ac.uk> References: <48491EEB.4060907@ecs.soton.ac.uk> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A79F7@commssrv01.computerservicecentre.com> >Can anyone give me a working licence key for the command-line client? >Someone gave me a key to use for development work, but it isn't accepted. >I've got the 64 bit package, but no licence key. It won't start without >one. :-( Hi Jules, This might seem like a bit of a far-out idea, but have you considered going to F-Secure and asking if you can have a NFR license for your development work? Obviously it's in their interests that MailScanner supports F-Secure AV, as then MailScanner users can buy licenses for F-Sec AV... I had some dealings with F-Secure quite some time ago, and have their news feed in my feedreader and they seem like pretty friendly chaps - it's worth a shot just to ask :) -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From pedro.hoffmann at gmail.com Fri Jun 6 13:25:47 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Fri Jun 6 13:25:58 2008 Subject: .AGP Files In-Reply-To: <4848FF9E.1020509@nerc.ac.uk> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> Message-ID: <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> Hello again! So is there no solution?? :( I added this on scan.messages.rules *From: luciano.b@sullog.com.br no From: 192.168.1.11 no FromOrTo: default yes* But isn't working. I'm changing to don't sign clean messages, will test this way. Thanks! 2008/6/6 Greg Matthews : > Pedro Bordin Hoffmann - [M]orpheus wrote: > >> Hello. >> >> I have this client that sends attached in the message a file, with the >> extension .agp >> This file is a security signature to work with banks, but if Mailscanner >> scan it for virus, it gets corrupted. >> > > this is almost certainly your signature - this was discussed way back on > the list. It is alleged that there is a bug in perl itself which means that > the signature adding bit of MailScanner can end up changing the line > terminations throughout the whole message body. This obviously affects > digital signatures and the like. As far as I know it has never been fixed. > I'm having difficulty tracking down the relevant threads on this list but it > has been discussed a couple of times. > > Either you have secure digital signatures, OR you add a corporate sig onto > each message. You can't have both. > > Of course you can add a rule-set for adding/not adding the corporate sig. > > GREG > > >> How should I do to make mailscanner don't scan this kind a file? >> Already try to put this in /etc/MailScanner/filnename.rules.conf >> Something like this: >> >> allow \.agp$ - - >> >> But still getting corrupted. >> >> What should I do? >> >> Thanks for the help! >> Regards >> Pedro >> >> >> > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/c678e33c/attachment.html From Denis.Beauchemin at USherbrooke.ca Fri Jun 6 13:29:00 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 6 13:29:23 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Message-ID: <48492D8C.7070000@USherbrooke.ca> Glenn Steen a ?crit : > Guys'n'gals! > > It's that silly time of year again, when nominations are counted... > bribes are made... accusations fly...:-) > Let your voice be counted for Jules and MailScanner! > > I've just nominated MailScanner (with the official link of > http://www.mailscanner.info) both for Best Project and Best SysAdmin > Tool... Why don't you do that too? > > Cheers > -- Glenn > Done! Jules, if you want to put "vote-for-MailScanner" badges on the website, look here: https://sourceforge.net/community/cca08-badge?project_name=MailScanner&project_url=http://www.mailscanner.info Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From gmatt at nerc.ac.uk Fri Jun 6 13:40:20 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 6 13:40:37 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> Message-ID: <48493034.9010708@nerc.ac.uk> Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello again! > > So is there no solution?? :( AFAIK there is *no solution* to the "sign clean messages" altering the line endings of the message. Jules will know more. > > I added this on scan.messages.rules > > *From: luciano.b@sullog.com.br no > From: 192.168.1.11 no > FromOrTo: default yes* are those "*" typos? Seems like turning off scanning is a harsh solution. > But isn't working. I'm changing to don't sign clean messages, will test this > way. that would be preferable - still get scanning. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From piero at arrigoni.cl Fri Jun 6 17:35:49 2008 From: piero at arrigoni.cl (Piero Arrigoni) Date: Fri Jun 6 17:36:36 2008 Subject: "spam(no null-header or sender address)" problem Message-ID: <001b01c8c7f3$61158600$23409200$@cl> Hello, I run a mailscanner configuration, using postfix, spamassassin and mailscanner. Mail accounts stores in an sql database. Today I started to receive what seemed to be a Spam attack. Two of the accounts were filled with all sort of junk mail. The messages are in several languages, and came from different ip's from several different places. The situation is really annoying because the mails are still coming in, even receiving dozens of those mails per minute, filling the mailboxes with garbage. All of these mail one thing in common. These have empty "from" addresses. So mailwatch flags the mail as light spam (the kind of spam that gets its subject marked but it's delivered to the recipient anyway), giving the following message in the spam report: "spam(no null-header or sender address)". The spam score remains in 0. I would like to modify mailscanner so that messages with empty from-addresses get filtered as usual mail, going through the regular scoring other mails do. Could you please help me with this? I have been looking around a lot but still have not found a solution. Thank you all. Best regards, Piero P.S.: I found a post in google that had a similar problem. It was fixed by changing a configuration from "Treat Invalid Watermarks With No Sender as Spam = spam" To "Treat Invalid Watermarks With No Sender as Spam = nothing" However I do not know in which configuration file this option can be changed to try it out. I am sort of a newbie in this. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/e7d4aa59/attachment.html From ssilva at sgvwater.com Fri Jun 6 17:57:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 6 17:58:16 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Message-ID: on 6-6-2008 3:44 AM Glenn Steen spake the following: > Guys'n'gals! > > It's that silly time of year again, when nominations are counted... > bribes are made... accusations fly...:-) > Let your voice be counted for Jules and MailScanner! > > I've just nominated MailScanner (with the official link of > http://www.mailscanner.info) both for Best Project and Best SysAdmin > Tool... Why don't you do that too? > > Cheers > -- Glenn Already been there, done that!!! Cheers Glenn! Scott -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/bc50bc51/signature.bin From davejenx at googlemail.com Fri Jun 6 18:58:07 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Fri Jun 6 18:58:19 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> References: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> Message-ID: 2008/6/6 Glenn Steen : > 2008/6/5 Dave Jenkins : >> MailScanner & postfix have mostly been running happily for a few >> weeks, averaging about 5 msgs/min. But on two occasions we've had >> defunct MailScanner processes and the error "postfix: Process did not >> exit cleanly, returned 1 with signal 0". ... >> ...Finally I turned off >> scanning (Scan Messages = no) and this allowed the queue to clear. >> >> I then switched scanning, virus and spamassassin back on (i.e. >> restored previous config) and it then ran fine. I'm wondering if it >> was a peculiarity of one of the messages that caused MailScanner to >> crash. >> >> The second time it happened, before clearing the queue I took a copy >> of /var/spool/MailScanner/incoming; will that help in debugging the >> problem? If so, what should I do with it and if not, what should I do >> next time it happens? > ... > Next time it happens, look in the hold queue, the oldest size... usually 30 or so> messages, to see if you have a problem > there. So it's the Incoming Queue Dir, in my case /var/spool/postfix/hold, that I should grab a copy of, rather than Incoming Work Dir (/var/spool/MailScanner/incoming), is that right? > If it were non-queue files fouling things up, doing what you > did would likely not have cleared things up, so it might not be the > usual razor agent log misplaced in the hold directory... That makes sense to me; I would have thought the fact that disabling scanning alowed the queue to be processed successfully and re-enabling scanning restored normal function, suggests that MailScanner choked during the scanning of a specific message. So I'm guessing the defunct MailScanner processes were the cause rather than effect of the postfix process exiting uncleanly. All files in my copy of /var/spool/MailScanner/incoming were owned by postfix:postfix and all files perm 600, subdirectories 700. > More like some subtle permission thing or subcomponent "borking totally" on a > specific mail. > Trick is to find what part and what to do with it:-):-) I think I've found which mail caused the problem. By finding the time of the first "postfix: Process did not exit cleanly" in /var/log/messages then looking at what happened around that time in /var/log/maillog, I've found a message that fits the timing perfectly and that seems to be the first in a growing queue of messages that got repeatedly but unsuccessfully processed until I set Scan Messages to off. I recognise the recipient from my perusing of the logs the first time the problem happened. But this time I have the offending message's entry from /var/spool/MailScanner/incoming: -rw------- 1 postfix postfix 1014 Jun 5 15:39 9E379FE019.AC06E.header 9E379FE019.AC06E: total 32 drwx------ 2 postfix postfix 4096 Jun 5 15:39 . drwx------ 31 postfix postfix 4096 Jun 5 15:39 .. -rw------- 1 postfix postfix 5571 Jun 5 15:39 msg-1101-41.txt -rw------- 1 postfix postfix 14362 Jun 5 15:39 msg-1101-42.html When I view the files with less, I get: "9E379FE019.AC06E/msg-1101-41.txt" may be a binary file. See it anyway? # file 9E379FE019.AC06E/msg-1101-41.txt 9E379FE019.AC06E/msg-1101-41.txt: Microsoft Office Document The .html file is OK. Cheers, Dave From glenn.steen at gmail.com Fri Jun 6 19:44:07 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 19:44:17 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> Message-ID: <223f97700806061144m5612b659k667b3950776fa27b@mail.gmail.com> 2008/6/6 Dave Jenkins : > 2008/6/6 Glenn Steen : >> 2008/6/5 Dave Jenkins : >>> MailScanner & postfix have mostly been running happily for a few >>> weeks, averaging about 5 msgs/min. But on two occasions we've had >>> defunct MailScanner processes and the error "postfix: Process did not >>> exit cleanly, returned 1 with signal 0". > ... >>> ...Finally I turned off >>> scanning (Scan Messages = no) and this allowed the queue to clear. >>> >>> I then switched scanning, virus and spamassassin back on (i.e. >>> restored previous config) and it then ran fine. I'm wondering if it >>> was a peculiarity of one of the messages that caused MailScanner to >>> crash. >>> >>> The second time it happened, before clearing the queue I took a copy >>> of /var/spool/MailScanner/incoming; will that help in debugging the >>> problem? If so, what should I do with it and if not, what should I do >>> next time it happens? >> ... >> Next time it happens, look in the hold queue, the oldest > size... usually 30 or so> messages, to see if you have a problem >> there. > > So it's the Incoming Queue Dir, in my case /var/spool/postfix/hold, > that I should grab a copy of, rather than Incoming Work Dir > (/var/spool/MailScanner/incoming), is that right? > Yep. >> If it were non-queue files fouling things up, doing what you >> did would likely not have cleared things up, so it might not be the >> usual razor agent log misplaced in the hold directory... > > That makes sense to me; I would have thought the fact that disabling > scanning alowed the queue to be processed successfully and re-enabling > scanning restored normal function, suggests that MailScanner choked > during the scanning of a specific message. So I'm guessing the defunct > MailScanner processes were the cause rather than effect of the postfix > process exiting uncleanly. Sort of, yes. Find whatever message is causing the problem, and then try submitting it with small changes over and over until it works... Tedious tweak-work:-). > All files in my copy of /var/spool/MailScanner/incoming were owned by > postfix:postfix and all files perm 600, subdirectories 700. > >> More like some subtle permission thing or subcomponent "borking totally" on a >> specific mail. >> Trick is to find what part and what to do with it:-):-) > > I think I've found which mail caused the problem. By finding the time > of the first "postfix: Process did not exit cleanly" in > /var/log/messages then looking at what happened around that time in > /var/log/maillog, I've found a message that fits the timing perfectly > and that seems to be the first in a growing queue of messages that got > repeatedly but unsuccessfully processed until I set Scan Messages to > off. I recognise the recipient from my perusing of the logs the first > time the problem happened. But this time I have the offending > message's entry from /var/spool/MailScanner/incoming: > > -rw------- 1 postfix postfix 1014 Jun 5 15:39 9E379FE019.AC06E.header > > 9E379FE019.AC06E: > total 32 > drwx------ 2 postfix postfix 4096 Jun 5 15:39 . > drwx------ 31 postfix postfix 4096 Jun 5 15:39 .. > -rw------- 1 postfix postfix 5571 Jun 5 15:39 msg-1101-41.txt > -rw------- 1 postfix postfix 14362 Jun 5 15:39 msg-1101-42.html > > When I view the files with less, I get: > "9E379FE019.AC06E/msg-1101-41.txt" may be a binary file. See it anyway? > > # file 9E379FE019.AC06E/msg-1101-41.txt > 9E379FE019.AC06E/msg-1101-41.txt: Microsoft Office Document > > The .html file is OK. So something about the "office doc" is ... problematic. Or with your TNEF expander, perhaps... Hard to say, since you don't have the original file to work with. If I were you, I'd just keep an eye on things until next time, then grab the hold queue and start experimenting with that. > Cheers, > > Dave Cheers to you too;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pedro.hoffmann at gmail.com Fri Jun 6 21:27:20 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Fri Jun 6 21:27:32 2008 Subject: Mailscanner exiting every second. Message-ID: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> I'm having this error on a Debian Etch 64 bits. ?Jun 6 17:19:35 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Don't know what is going on. Already try to restart the server, the services, all! I took a look in the permitions, in the spool dirs, and nothing found. It was working fine 1 day ago :\ Please some help Best wishes Pedro [Full] Jun 6 17:21:35 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:35 observi_2008 MailScanner[23006]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLSpamScores Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 Spam entries Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLBlacklist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function MailWatchLogging Jun 6 17:21:35 observi_2008 MailScanner[23006]: Started SQL Logging child Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 high Spam entries Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLWhitelist Jun 6 17:21:35 observi_2008 MailScanner[23006]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:35 observi_2008 MailScanner[23006]: Using SpamAssassin results cache Jun 6 17:21:35 observi_2008 MailScanner[23006]: Connected to SpamAssassin cache database Jun 6 17:21:37 observi_2008 MailScanner[22990]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:37 observi_2008 MailScanner[22990]: Using locktype = flock Jun 6 17:21:37 observi_2008 MailScanner[22990]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:37 observi_2008 MailScanner[22990]: Spam Checks: Starting Jun 6 17:21:37 observi_2008 postfix/smtpd[22576]: connect from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:38 observi_2008 postfix/smtpd[22647]: connect from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:38 observi_2008 dovecot: pop3-login: Login: user=< rfadanelli@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.104, lip= 192.168.100.2 Jun 6 17:21:38 observi_2008 dovecot: POP3(rfadanelli@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:38 observi_2008 dovecot: pop3-login: Login: user=< rfadanelli@toigo.com.br>, method=PLAIN, rip=192.168.100.104, lip= 192.168.100.2 Jun 6 17:21:38 observi_2008 dovecot: POP3(rfadanelli@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:39 observi_2008 gld: Greylist activated for recipient=< ruzzarindigo@grandesamigos.com.br> sender= ip=< 87.248.80.2> Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: NOQUEUE: reject: RCPT from static-ip-87-248-80-2.promax.media.pl[87.248.80.2]: 450 4.7.1 < Tomer-0nehpets@30cs.com>: Sender address rejected: Service temporarily unavailable, please try later; from= to=< ruzzarindigo@grandesamigos.com.br> proto=ESMTP helo=< static-ip-87-248-80-2.promax.media.pl> Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: too many errors after RCPT from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: disconnect from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:39 observi_2008 gld: Greylist activated for recipient=< gabriela@toigo.com.br> sender= ip=<200.90.229.74> Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: NOQUEUE: reject: RCPT from 74-229-90.dial.terra.cl[200.90.229.74]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: too many errors after RCPT from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: disconnect from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:40 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:40 observi_2008 MailScanner[23024]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLSpamScores Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 Spam entries Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLBlacklist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function MailWatchLogging Jun 6 17:21:40 observi_2008 MailScanner[23024]: Started SQL Logging child Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 high Spam entries Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLWhitelist Jun 6 17:21:40 observi_2008 MailScanner[23024]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:40 observi_2008 MailScanner[23024]: Using SpamAssassin results cache Jun 6 17:21:40 observi_2008 MailScanner[23024]: Connected to SpamAssassin cache database Jun 6 17:21:42 observi_2008 MailScanner[23006]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:42 observi_2008 MailScanner[23006]: Using locktype = flock Jun 6 17:21:42 observi_2008 MailScanner[23006]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:42 observi_2008 MailScanner[23006]: Spam Checks: Starting Jun 6 17:21:43 observi_2008 dovecot: pop3-login: Login: user=< fiscal@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.12, lip= 192.168.100.2 Jun 6 17:21:43 observi_2008 dovecot: POP3(fiscal@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:43 observi_2008 dovecot: pop3-login: Login: user=< fiscal@toigo.com.br>, method=PLAIN, rip=192.168.100.12, lip=192.168.100.2 Jun 6 17:21:43 observi_2008 dovecot: POP3(fiscal@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:44 observi_2008 dovecot: pop3-login: Login: user=< tania@toigo.com.br>, method=PLAIN, rip=192.168.100.159, lip=192.168.100.2 Jun 6 17:21:44 observi_2008 dovecot: POP3(tania@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:44 observi_2008 dovecot: pop3-login: Login: user=< tania@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.159, lip= 192.168.100.2 Jun 6 17:21:44 observi_2008 dovecot: POP3(tania@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 dovecot: pop3-login: Login: user=< tania@toigo.com.br>, method=PLAIN, rip=192.168.100.159, lip=192.168.100.2 Jun 6 17:21:45 observi_2008 dovecot: POP3(tania@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 dovecot: pop3-login: Login: user=< tania@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.159, lip= 192.168.100.2 Jun 6 17:21:45 observi_2008 dovecot: POP3(tania@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:45 observi_2008 MailScanner[23058]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLSpamScores Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 Spam entries Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLBlacklist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function MailWatchLogging Jun 6 17:21:45 observi_2008 MailScanner[23058]: Started SQL Logging child Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 high Spam entries Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLWhitelist Jun 6 17:21:45 observi_2008 MailScanner[23058]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:45 observi_2008 MailScanner[23058]: Using SpamAssassin results cache Jun 6 17:21:45 observi_2008 MailScanner[23058]: Connected to SpamAssassin cache database Jun 6 17:21:47 observi_2008 MailScanner[23024]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:47 observi_2008 MailScanner[23024]: Using locktype = flock Jun 6 17:21:47 observi_2008 MailScanner[23024]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:47 observi_2008 MailScanner[23024]: Spam Checks: Starting Jun 6 17:21:48 observi_2008 postfix/smtpd[22666]: connect from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:49 observi_2008 gld: Greylist activated for recipient=< sabrina@toigo.com.br> sender= ip=< 68.185.136.176> Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: NOQUEUE: reject: RCPT from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176]: 450 4.7.1 < Edward-unsuccin@2m-online.de>: Sender address rejected: Service temporarily unavailable, please try later; from= to=< sabrina@toigo.com.br> proto=ESMTP helo=< 68-185-136-176.dhcp.jcsn.tn.charter.com> Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: too many errors after RCPT from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: disconnect from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:50 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:50 observi_2008 MailScanner[23066]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLSpamScores Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 Spam entries Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLBlacklist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function MailWatchLogging Jun 6 17:21:50 observi_2008 MailScanner[23066]: Started SQL Logging child Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 high Spam entries Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLWhitelist Jun 6 17:21:50 observi_2008 MailScanner[23066]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:50 observi_2008 MailScanner[23066]: Using SpamAssassin results cache Jun 6 17:21:50 observi_2008 MailScanner[23066]: Connected to SpamAssassin cache database Jun 6 17:21:52 observi_2008 named[3303]: lame server resolving 'blast.pp.ru' (in 'blast.pp.ru'?): 195.161.113.218#53 Jun 6 17:21:52 observi_2008 named[3303]: lame server resolving 'blast.pp.ru' (in 'blast.pp.ru'?): 217.16.27.36#53 Jun 6 17:21:52 observi_2008 MailScanner[23058]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:52 observi_2008 MailScanner[23058]: Using locktype = flock Jun 6 17:21:52 observi_2008 MailScanner[23058]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:52 observi_2008 MailScanner[23058]: Spam Checks: Starting Jun 6 17:21:55 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:55 observi_2008 MailScanner[23072]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLSpamScores Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 Spam entries Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLBlacklist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function MailWatchLogging Jun 6 17:21:55 observi_2008 MailScanner[23072]: Started SQL Logging child Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 high Spam entries Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLWhitelist Jun 6 17:21:55 observi_2008 MailScanner[23072]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:55 observi_2008 MailScanner[23072]: Using SpamAssassin results cache Jun 6 17:21:55 observi_2008 MailScanner[23072]: Connected to SpamAssassin cache database Jun 6 17:21:57 observi_2008 MailScanner[23066]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:57 observi_2008 MailScanner[23066]: Using locktype = flock Jun 6 17:21:57 observi_2008 MailScanner[23066]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:57 observi_2008 MailScanner[23066]: Spam Checks: Starting [ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/3037eec5/attachment.html From alex at nkpanama.com Sat Jun 7 00:11:51 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 7 00:12:37 2008 Subject: .AGP Files In-Reply-To: <4848FF9E.1020509@nerc.ac.uk> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> Message-ID: <200806062312.m56NCP2n030918@safir.blacknight.ie> If it isn't working it means you're not restarting or reloading MailScanner between edits. On Jun 6, 2008, at 7:25 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello again! > > So is there no solution?? :( > > I added this on scan.messages.rules > > From: luciano.b@sullog.com.br no > From: 192.168.1.11 no > FromOrTo: default yes > > > But isn't working. I'm changing to don't sign clean messages, will > test this way. > > Thanks! > > > 2008/6/6 Greg Matthews : > Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with the > extension .agp > This file is a security signature to work with banks, but if > Mailscanner > scan it for virus, it gets corrupted. > > this is almost certainly your signature - this was discussed way > back on the list. It is alleged that there is a bug in perl itself > which means that the signature adding bit of MailScanner can end up > changing the line terminations throughout the whole message body. > This obviously affects digital signatures and the like. As far as I > know it has never been fixed. I'm having difficulty tracking down > the relevant threads on this list but it has been discussed a couple > of times. > > Either you have secure digital signatures, OR you add a corporate > sig onto each message. You can't have both. > > Of course you can add a rule-set for adding/not adding the corporate > sig. > > GREG > > > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > > > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From james at gray.net.au Fri Jun 6 10:17:34 2008 From: james at gray.net.au (James Gray) Date: Sat Jun 7 00:22:46 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > James > > How many viruses are you seeing? Ie whats the size of the problem? > For me i see very few (1 a day maybe), so this option wouldn;t gain > me much. Not that many - probably accounting for about 50% of all virus detections, which in turn is less than 1% of total mail volume. However, the work involved explaining that an email can be BOTH a virus and spam is chewing up significantly more than 0.5% of our support desk's resources (probably 1-2 man hours per day!). Consequently I've been asked to investigate ways to mitigate the confusion from a technical perspective, by avoiding the double classification (if possible). Failing that, we'll try to educate the users in a formal training scheme (probably just one of the support people spending a few minutes with each business unit and backed up with some documentation etc.) .... but as they say, "you can lead a (l)user to a clue, but you can't make them think". I also think Phil's comments regarding learning the viruses as spam can have a positive effect when the viruses inevitably morph is another bonus to throw at the "powers that be". However, protection from a *possible* future threat doesn't solve the immediate problem of disproportionate resource consumption of our support team. Frankly, I don't really care about the processing overhead (the time is negligible). I just want to avoid the double classification of spam +virus. One classification or the other seems to be about all our users are capable of processing in a single message :P Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/05705ca3/smime.bin From ssilva at sgvwater.com Sat Jun 7 00:42:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jun 7 00:42:42 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: on 6-6-2008 2:17 AM James Gray spake the following: > > On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > >> James >> >> How many viruses are you seeing? Ie whats the size of the problem? For >> me i see very few (1 a day maybe), so this option wouldn;t gain me much. > > Not that many - probably accounting for about 50% of all virus > detections, which in turn is less than 1% of total mail volume. > However, the work involved explaining that an email can be BOTH a virus > and spam is chewing up significantly more than 0.5% of our support > desk's resources (probably 1-2 man hours per day!). Consequently I've > been asked to investigate ways to mitigate the confusion from a > technical perspective, by avoiding the double classification (if > possible). Failing that, we'll try to educate the users in a formal > training scheme (probably just one of the support people spending a few > minutes with each business unit and backed up with some documentation > etc.) .... but as they say, "you can lead a (l)user to a clue, but you > can't make them think". > > I also think Phil's comments regarding learning the viruses as spam can > have a positive effect when the viruses inevitably morph is another > bonus to throw at the "powers that be". However, protection from a > *possible* future threat doesn't solve the immediate problem of > disproportionate resource consumption of our support team. Frankly, I > don't really care about the processing overhead (the time is > negligible). I just want to avoid the double classification of > spam+virus. One classification or the other seems to be about all our > users are capable of processing in a single message :P > > Cheers, > > James > Just don't notify your users of viruses. I don't notify my users of either viruses or high scoring spam. I quarantine for a short while high spam that scores less than 30, and dump the rest. Low spam is the only thing that gets passed and tagged. If you let the users know that something was blocked, they are going to want to see it because they always assume they know better. I don't even have exec's complaining about it. Sure I have had a few FP's, but I get notified of everything, and usually release the FP's before they know what happened. Their time is too valuable to mess with the crap, and they pay me to watch out for them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/4fd4e2f1/signature.bin From alex at nkpanama.com Sat Jun 7 00:43:14 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 7 00:43:51 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: <200806062343.m56NhfHA031965@safir.blacknight.ie> Have you tried using clamav-milter? On Jun 6, 2008, at 4:17 AM, James Gray wrote: > > On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > >> James >> >> How many viruses are you seeing? Ie whats the size of the problem? >> For me i see very few (1 a day maybe), so this option wouldn;t gain >> me much. > > Not that many - probably accounting for about 50% of all virus > detections, which in turn is less than 1% of total mail volume. > However, the work involved explaining that an email can be BOTH a > virus and spam is chewing up significantly more than 0.5% of our > support desk's resources (probably 1-2 man hours per day!). > Consequently I've been asked to investigate ways to mitigate the > confusion from a technical perspective, by avoiding the double > classification (if possible). Failing that, we'll try to educate > the users in a formal training scheme (probably just one of the > support people spending a few minutes with each business unit and > backed up with some documentation etc.) .... but as they say, "you > can lead a (l)user to a clue, but you can't make them think". > > I also think Phil's comments regarding learning the viruses as spam > can have a positive effect when the viruses inevitably morph is > another bonus to throw at the "powers that be". However, protection > from a *possible* future threat doesn't solve the immediate problem > of disproportionate resource consumption of our support team. > Frankly, I don't really care about the processing overhead (the time > is negligible). I just want to avoid the double classification of > spam+virus. One classification or the other seems to be about all > our users are capable of processing in a single message :P > > Cheers, > > James-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rob at kettle.org.uk Sun Jun 8 12:10:49 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 12:11:03 2008 Subject: Stop Virus Scanning In-Reply-To: References: Message-ID: <484BBE39.1040709@kettle.org.uk> Hi, I want to be able to ignore certain users and not do any virus scanning for them. I have set Mailscanner to show Virus Scanning = /etc/MailScanner/rules/scan.messages.rules and then in that file put: From: someuser@thedomain.org.uk no FromOrTo: default yes It still scans for virus according the the logfile. Am I missing the obvious ? If so apoogies up front. thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Jun 8 14:24:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 8 14:24:22 2008 Subject: Stop Virus Scanning In-Reply-To: <484BBE39.1040709@kettle.org.uk> References: <484BBE39.1040709@kettle.org.uk> Message-ID: <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> 2008/6/8 Rob Kettle : > Hi, > > I want to be able to ignore certain users and not do any virus scanning for > them. > > I have set Mailscanner to show Virus Scanning = > /etc/MailScanner/rules/scan.messages.rules > > and then in that file put: > From: someuser@thedomain.org.uk no > FromOrTo: default yes > > It still scans for virus according the the logfile. > > Am I missing the obvious ? If so apoogies up front. > > thanks > Rob > Did your reload/restart MailScanner after the edit? BTW, why would you do this? Avoiding all scanning, or spam sanning...that I might understand, but only AV? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at kettle.org.uk Sun Jun 8 15:14:58 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 15:15:20 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> Message-ID: <484BE962.7020200@kettle.org.uk> Glenn Steen wrote: > 2008/6/8 Rob Kettle : > >> Hi, >> >> I want to be able to ignore certain users and not do any virus scanning for >> them. >> >> I have set Mailscanner to show Virus Scanning = >> /etc/MailScanner/rules/scan.messages.rules >> >> and then in that file put: >> From: someuser@thedomain.org.uk no >> FromOrTo: default yes >> >> It still scans for virus according the the logfile. >> >> Am I missing the obvious ? If so apoogies up front. >> >> thanks >> Rob >> >> > Did your reload/restart MailScanner after the edit? > > BTW, why would you do this? Avoiding all scanning, or spam > sanning...that I might understand, but only AV? > > Cheers > Hi, I did reload Mailscanner. I was aksing about stopping virus scanning at this stage but the real goal is to bypass all scanning for certain users as their mail needs to be scanned/quarantined etc. on a server that this server hands the mail over to. So in reality I actually want to bypass all scanning for certain from or to addresses and just have Mailscanner take the mail in and pass it off to another server. thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Sun Jun 8 15:25:48 2008 From: steve at fsl.com (Stephen Swaney) Date: Sun Jun 8 15:26:00 2008 Subject: Stop Virus Scanning In-Reply-To: <484BE962.7020200@kettle.org.uk> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> Message-ID: <484BEBEC.9000206@fsl.com> Rob Kettle wrote: > Glenn Steen wrote: >> 2008/6/8 Rob Kettle : >> >>> Hi, >>> >>> I want to be able to ignore certain users and not do any virus >>> scanning for >>> them. >>> >>> I have set Mailscanner to show Virus Scanning = >>> /etc/MailScanner/rules/scan.messages.rules >>> >>> and then in that file put: >>> From: someuser@thedomain.org.uk no >>> FromOrTo: default yes >>> >>> It still scans for virus according the the logfile. >>> >>> Am I missing the obvious ? If so apoogies up front. >>> >>> thanks >>> Rob >>> >>> >> Did your reload/restart MailScanner after the edit? >> >> BTW, why would you do this? Avoiding all scanning, or spam >> sanning...that I might understand, but only AV? >> >> Cheers >> > > Hi, > > I did reload Mailscanner. > > I was aksing about stopping virus scanning at this stage but the real > goal is to bypass all scanning for certain users as their mail needs > to be scanned/quarantined etc. on a server that this server hands the > mail over to. > > So in reality I actually want to bypass all scanning for certain from > or to addresses and just have Mailscanner take the mail in and pass it > off to another server. > > thanks > Rob > Simple. In Mailscanner.conf: Scan Messages = %rules-dir%/scan.messages.rules # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest. # A sample ruleset would look like this: # To: bad.customer.com no # From: ignore.domain.com no # FromOrTo: default yes # That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above). Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From glenn.steen at gmail.com Sun Jun 8 15:57:37 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 8 15:57:48 2008 Subject: Stop Virus Scanning In-Reply-To: <484BEBEC.9000206@fsl.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> Message-ID: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> 2008/6/8 Stephen Swaney : > Rob Kettle wrote: >> >> Glenn Steen wrote: >>> >>> 2008/6/8 Rob Kettle : >>> >>>> >>>> Hi, >>>> >>>> I want to be able to ignore certain users and not do any virus scanning >>>> for >>>> them. >>>> >>>> I have set Mailscanner to show Virus Scanning = >>>> /etc/MailScanner/rules/scan.messages.rules >>>> >>>> and then in that file put: >>>> From: someuser@thedomain.org.uk no >>>> FromOrTo: default yes >>>> >>>> It still scans for virus according the the logfile. >>>> >>>> Am I missing the obvious ? If so apoogies up front. >>>> >>>> thanks >>>> Rob >>>> >>>> >>> >>> Did your reload/restart MailScanner after the edit? >>> >>> BTW, why would you do this? Avoiding all scanning, or spam >>> sanning...that I might understand, but only AV? >>> >>> Cheers >>> >> >> Hi, >> >> I did reload Mailscanner. >> >> I was aksing about stopping virus scanning at this stage but the real goal >> is to bypass all scanning for certain users as their mail needs to be >> scanned/quarantined etc. on a server that this server hands the mail over >> to. >> >> So in reality I actually want to bypass all scanning for certain from or >> to addresses and just have Mailscanner take the mail in and pass it off to >> another server. >> >> thanks >> Rob >> > Simple. In Mailscanner.conf: > > Scan Messages = %rules-dir%/scan.messages.rules > > # can skip all scanning of mail destined for some of your users/customers > # and still scan all the rest. > # A sample ruleset would look like this: > # To: bad.customer.com no > # From: ignore.domain.com no > # FromOrTo: default yes > # That will scan all mail except mail to bad.customer.com and mail from > # ignore.domain.com. To set this up, put the 3 lines above into a file > # called /etc/MailScanner/rules/scan.messages.rules and set the next line to > # Scan Messages = %rules-dir%/scan.messages.rules > # This can also be the filename of a ruleset (as illustrated above). > > Best regards, > > Steve > > Steve Swaney > steve@fsl.com > www.fsl.com > CC If you do as Steve suggest, try use something more than just the recipient address, since that is easily spoofed. Then again, if you trust the "destination server" to do a good job... it wouldn't matter much that some things would be spoofed:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at kettle.org.uk Sun Jun 8 16:54:11 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 16:54:22 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> Message-ID: <484C00A3.2030605@kettle.org.uk> Glenn Steen wrote: > 2008/6/8 Stephen Swaney : > >> Rob Kettle wrote: >> >>> Glenn Steen wrote: >>> >>>> 2008/6/8 Rob Kettle : >>>> >>>> >>>>> Hi, >>>>> >>>>> I want to be able to ignore certain users and not do any virus scanning >>>>> for >>>>> them. >>>>> >>>>> I have set Mailscanner to show Virus Scanning = >>>>> /etc/MailScanner/rules/scan.messages.rules >>>>> >>>>> and then in that file put: >>>>> From: someuser@thedomain.org.uk no >>>>> FromOrTo: default yes >>>>> >>>>> It still scans for virus according the the logfile. >>>>> >>>>> Am I missing the obvious ? If so apoogies up front. >>>>> >>>>> thanks >>>>> Rob >>>>> >>>>> >>>>> >>>> Did your reload/restart MailScanner after the edit? >>>> >>>> BTW, why would you do this? Avoiding all scanning, or spam >>>> sanning...that I might understand, but only AV? >>>> >>>> Cheers >>>> >>>> >>> Hi, >>> >>> I did reload Mailscanner. >>> >>> I was aksing about stopping virus scanning at this stage but the real goal >>> is to bypass all scanning for certain users as their mail needs to be >>> scanned/quarantined etc. on a server that this server hands the mail over >>> to. >>> >>> So in reality I actually want to bypass all scanning for certain from or >>> to addresses and just have Mailscanner take the mail in and pass it off to >>> another server. >>> >>> thanks >>> Rob >>> >>> >> Simple. In Mailscanner.conf: >> >> Scan Messages = %rules-dir%/scan.messages.rules >> >> # can skip all scanning of mail destined for some of your users/customers >> # and still scan all the rest. >> # A sample ruleset would look like this: >> # To: bad.customer.com no >> # From: ignore.domain.com no >> # FromOrTo: default yes >> # That will scan all mail except mail to bad.customer.com and mail from >> # ignore.domain.com. To set this up, put the 3 lines above into a file >> # called /etc/MailScanner/rules/scan.messages.rules and set the next line to >> # Scan Messages = %rules-dir%/scan.messages.rules >> # This can also be the filename of a ruleset (as illustrated above). >> >> Best regards, >> >> Steve >> >> Steve Swaney >> steve@fsl.com >> www.fsl.com >> >> > CC > If you do as Steve suggest, try use something more than just the > recipient address, since that is easily spoofed. Then again, if you > trust the "destination server" to do a good job... it wouldn't matter > much that some things would be spoofed:-) > > Cheers > Much appreciated to all. That seems to give what I wanted. Thanks Rob From martinh at solidstatelogic.com Mon Jun 9 14:41:45 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 9 14:41:56 2008 Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 Message-ID: FYI -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 09 June 2008 13:46 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.93.1 > > Dear ClamAV users, > > This version improves handling of PDF, CAB, RTF, OLE2 and HTML files and > includes various bugfixes for 0.93 issues. > > -- > The ClamAV team (http://www.clamav.net/team) > > -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From davejenx at googlemail.com Mon Jun 9 14:48:21 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Mon Jun 9 14:48:31 2008 Subject: Mailscanner exiting every second. In-Reply-To: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> References: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> Message-ID: 2008/6/6 Pedro Bordin Hoffmann - [M]orpheus : > I'm having this error on a Debian Etch 64 bits. > > ?Jun 6 17:19:35 observi_2008 MailScanner: Process did not exit cleanly, > returned 1 with signal 0 I had exactly the same error, also on a 64-bit machine (CentOS 5, AMD Phenom 9550) - see this thread: http://lists.mailscanner.info/pipermail/mailscanner/2008-June/085202.html If your symptoms match mine - see the detailed description in that thread- then the same workaround might get you going again: I temporarily disabled scanning (Scan Messages = no in MailScanner.conf) which cleared the queue (but of course let a load of spam through), then re-enabled it. It seems that a particular message tripped up MailScanner. As you'll see from that thread, the cause is currently unresolved, I'll post back if it happens again & I catch the offending message in the hold queue. Good luck, Dave From alex at nkpanama.com Mon Jun 9 15:06:57 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Jun 9 15:08:14 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> Message-ID: <200806091408.m59E85hU024035@safir.blacknight.ie> Except if you're not separating e-mails by recipient and one of your recipients receives an e-mail addressed to more than one person, it will still be scanned. On Jun 8, 2008, at 10:54 AM, Rob Kettle wrote: > > Much appreciated to all. > > That seems to give what I wanted. From prandal at herefordshire.gov.uk Mon Jun 9 15:16:43 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 9 15:17:11 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03F02382@HC-MBX02.herefordshire.gov.uk> Works fine here. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: 09 June 2008 14:42 To: mailscanner@lists.mailscanner.info Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 FYI -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce- bounces@lists.clamav.net] On Behalf Of Luca > Gibelli > Sent: 09 June 2008 13:46 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.93.1 > > Dear ClamAV users, > > This version improves handling of PDF, CAB, RTF, OLE2 and HTML files > and includes various bugfixes for 0.93 issues. > > -- > The ClamAV team (http://www.clamav.net/team) > > -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] > nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || > http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Mon Jun 9 15:21:28 2008 From: ka at pacific.net (Ken A) Date: Mon Jun 9 15:21:20 2008 Subject: 3rd party clamav sig false positive - securiteinfo.com Message-ID: <484D3C68.3010309@pacific.net> There was a bad 3rd party clamav sig from securiteinfo.com yesterday (securiteinfo.hdb.gz). It's been fixed now, but was marking all HTML mail as virus (HTML.Clamav.4808). If you use this sig, you might want to check your quarantine. Ken -- Ken Anderson Pacific.Net From peter at farrows.org Mon Jun 9 15:52:23 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jun 9 15:52:46 2008 Subject: 3rd party clamav sig false positive - securiteinfo.com In-Reply-To: <484D3C68.3010309@pacific.net> References: <484D3C68.3010309@pacific.net> Message-ID: <484D43A7.9060901@farrows.org> Ken A wrote: > There was a bad 3rd party clamav sig from securiteinfo.com yesterday > (securiteinfo.hdb.gz). It's been fixed now, but was marking all HTML > mail as virus (HTML.Clamav.4808). If you use this sig, you might want > to check your quarantine. > > Ken > > Thanks for letting us know Ken. Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From MailScanner at ecs.soton.ac.uk Mon Jun 9 16:04:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 16:04:43 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: Message-ID: <484D4671.6020902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great. I have updated my ClamAV+SpamAssassin package on www.mailscanner.info. Randal, Phil wrote: > Works fine here. > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 09 June 2008 14:42 > To: mailscanner@lists.mailscanner.info > Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 > > FYI > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: clamav-announce-bounces@lists.clamav.net >> [mailto:clamav-announce- bounces@lists.clamav.net] On Behalf Of Luca >> Gibelli >> Sent: 09 June 2008 13:46 >> To: ClamAV Announce >> Subject: [Clamav-announce] announcing ClamAV 0.93.1 >> >> Dear ClamAV users, >> >> This version improves handling of PDF, CAB, RTF, OLE2 and HTML files >> and includes various bugfixes for 0.93 issues. >> >> -- >> The ClamAV team (http://www.clamav.net/team) >> >> -- >> Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus >> > toolkit > >> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] >> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || >> http://www.clamav.net/gpg/luca.gpg >> _______________________________________________ >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error you > must take no action based on them, nor must you copy or show them to > anyone. Please advise the sender by replying to this e-mail immediately > and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 > 1RU, United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFITUZxEfZZRxQVtlQRAljTAKCMD+f0OoZ4V8OpDz8DoGMzIspIugCbBAH2 qJDvpwMsrtPbGLDpnUBFbKI= =PP3d -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 16:51:50 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 16:52:14 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D4671.6020902@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> Message-ID: on 6-9-2008 8:04 AM Julian Field spake the following: > Great. I have updated my ClamAV+SpamAssassin package on > www.mailscanner.info. > Julian, I still see the warning about the mail:clamav perl module. Do you think it stable yet in your easy package, or are you just being careful? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/694c0a82/signature.bin From MailScanner at ecs.soton.ac.uk Mon Jun 9 17:47:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 17:47:51 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: <484D4671.6020902@ecs.soton.ac.uk> Message-ID: <484D5E91.30808@ecs.soton.ac.uk> Scott Silva wrote: > on 6-9-2008 8:04 AM Julian Field spake the following: >> Great. I have updated my ClamAV+SpamAssassin package on >> www.mailscanner.info. >> > Julian, > I still see the warning about the mail:clamav perl module. Do you > think it stable yet in your easy package, or are you just being careful? > I have taken the warning off downloads.html. Thanks for letting me know it was still there. Next job is a new release with fully working Watermarking. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 9 17:55:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 17:55:39 2008 Subject: Beta release 4.70.3 Message-ID: <484D6078.90102@ecs.soton.ac.uk> I have just released a new beta version 4.70.3. Please try this version if you have been having any problems with Watermarks, or the spam handling of them. Download as usual from www.mailscanner.info. Please let me know if you still have any problems with this release, and also if it fixes the problems you have been having. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 18:48:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 18:49:01 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D5E91.30808@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> Message-ID: on 6-9-2008 9:47 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-9-2008 8:04 AM Julian Field spake the following: >>> Great. I have updated my ClamAV+SpamAssassin package on >>> www.mailscanner.info. >>> >> Julian, >> I still see the warning about the mail:clamav perl module. Do you >> think it stable yet in your easy package, or are you just being careful? >> > I have taken the warning off downloads.html. Thanks for letting me know > it was still there. > Next job is a new release with fully working Watermarking. > > Jules > Not to nitpick, but there is still the text (see the Others section below if you use "clamavmodule") in the stable section. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/e7a9181c/signature.bin From MailScanner at ecs.soton.ac.uk Mon Jun 9 18:57:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 18:57:24 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> Message-ID: <484D6EF0.3050300@ecs.soton.ac.uk> Scott Silva wrote: > on 6-9-2008 9:47 AM Julian Field spake the following: >> >> >> Scott Silva wrote: >>> on 6-9-2008 8:04 AM Julian Field spake the following: >>>> Great. I have updated my ClamAV+SpamAssassin package on >>>> www.mailscanner.info. >>>> >>> Julian, >>> I still see the warning about the mail:clamav perl module. Do you >>> think it stable yet in your easy package, or are you just being >>> careful? >>> >> I have taken the warning off downloads.html. Thanks for letting me >> know it was still there. >> Next job is a new release with fully working Watermarking. >> >> Jules >> > Not to nitpick, but there is still the text > (see the Others section below if you use "clamavmodule") > in the stable section. Better now? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 19:19:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 19:20:24 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D6EF0.3050300@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> <484D6EF0.3050300@ecs.soton.ac.uk> Message-ID: on 6-9-2008 10:57 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-9-2008 9:47 AM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-9-2008 8:04 AM Julian Field spake the following: >>>>> Great. I have updated my ClamAV+SpamAssassin package on >>>>> www.mailscanner.info. >>>>> >>>> Julian, >>>> I still see the warning about the mail:clamav perl module. Do you >>>> think it stable yet in your easy package, or are you just being >>>> careful? >>>> >>> I have taken the warning off downloads.html. Thanks for letting me >>> know it was still there. >>> Next job is a new release with fully working Watermarking. >>> >>> Jules >>> >> Not to nitpick, but there is still the text >> (see the Others section below if you use "clamavmodule") >> in the stable section. > Better now? > > Jules > I didn't want to bang on about it, I just assumed you missed it since you are so busy. But thanks! Your a peach! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/b64dd852/signature.bin From ajcartmell at fonant.com Mon Jun 9 21:24:35 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Jun 9 21:24:54 2008 Subject: Minor suggestion for Message-ID: Try as I might to sort out whitespace differences, I always get some appearing in my diff after upgrade_MailScanner_conf. Might it be an idea if upgrade_MailScanner_conf suggested using diff with "-w", to ignore whitespace changes? diff -w MailScanner.conf.rpmnew MailScanner.new Perhaps that's not platform-independant enough... Anthony -- www.fonant.com - Quality web sites From shuttlebox at gmail.com Mon Jun 9 21:42:37 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jun 9 21:42:46 2008 Subject: Minor suggestion for In-Reply-To: References: Message-ID: <625385e30806091342r37cf806bl50981d5d26d6cec5@mail.gmail.com> On Mon, Jun 9, 2008 at 10:24 PM, Anthony Cartmell wrote: > Try as I might to sort out whitespace differences, I always get some > appearing in my diff after upgrade_MailScanner_conf. > > Might it be an idea if upgrade_MailScanner_conf suggested using diff with > "-w", to ignore whitespace changes? > > diff -w MailScanner.conf.rpmnew MailScanner.new > > Perhaps that's not platform-independant enough... Good chance it is since it's supported in Solaris 8. :-) -- Emo Philips - "I was the kid next door's imaginary friend." From MailScanner at ecs.soton.ac.uk Mon Jun 9 21:47:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 21:47:25 2008 Subject: Minor suggestion for In-Reply-To: References: Message-ID: <484D96CA.5050404@ecs.soton.ac.uk> Anthony Cartmell wrote: > Try as I might to sort out whitespace differences, I always get some > appearing in my diff after upgrade_MailScanner_conf. > > Might it be an idea if upgrade_MailScanner_conf suggested using diff > with "-w", to ignore whitespace changes? > > diff -w MailScanner.conf.rpmnew MailScanner.new > > Perhaps that's not platform-independant enough... It's fine (it's in Solaris 8, so it will be in most things). I have added it. Good call! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at designmedia.com Tue Jun 10 20:05:08 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 10 20:05:37 2008 Subject: Hosting multiple domains on a MailScanner box? Message-ID: Hi, I almost have my MailScanner/Exchange setup complete but then I realized that I had a couple of secondary domains that I wanted to host the MX for as well. I thought I could setup a virtusertable entry to create a catchall that forwards to a mailbox on the Exchange box but it doesn't seem to be working. Whenever I send email to the secondary domains, I get a "dsn=5.1.1, stat=User unknown" and then a "savemail: cannot save rejected email anywhere" in maillog. Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner box is part of the designmedia.com domain. There is a mailertable entry that forwards the "designmedia.com" to the IP of the Exchange box. The domain "designmedia.com" is also in relay-domains. I enter all the valid mailboxes as "RELAY" in access and everything else is rejected. I thought that entering them in virtusertable as "@domain2.com catchall@designmedia.com" would remap the emails as they came in but evidently this isn't the case. Where is the proper place to stick all the information about the secondary domains? Thanks. From email at ace.net.au Tue Jun 10 20:54:16 2008 From: email at ace.net.au (Peter Nitschke) Date: Tue Jun 10 20:54:53 2008 Subject: Hosting multiple domains on a MailScanner box? In-Reply-To: References: Message-ID: <200806110524160199.4FE0D5BB@web.ace.net.au> Use "Domain Routing" not Virtuser as the users don't exist on the MS box. Also add the domains to "Relay Domains". *********** REPLY SEPARATOR *********** On 10/06/2008 at 7:05 PM Henry Kwan wrote: >Hi, > >I almost have my MailScanner/Exchange setup complete but then I realized >that I >had a couple of secondary domains that I wanted to host the MX for as >well. I >thought I could setup a virtusertable entry to create a catchall that >forwards >to a mailbox on the Exchange box but it doesn't seem to be working. >Whenever I >send email to the secondary domains, I get a "dsn=5.1.1, stat=User >unknown" and >then a "savemail: cannot save rejected email anywhere" in maillog. > >Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running >MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner >box >is part of the designmedia.com domain. There is a mailertable entry that >forwards the "designmedia.com" to the IP of the Exchange box. The domain >"designmedia.com" is also in relay-domains. I enter all the valid >mailboxes as >"RELAY" in access and everything else is rejected. > >I thought that entering them in virtusertable as "@domain2.com >catchall@designmedia.com" would remap the emails as they came in but >evidently >this isn't the case. Where is the proper place to stick all the >information >about the secondary domains? > >Thanks. > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ecasarero at gmail.com Tue Jun 10 20:57:01 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Jun 10 20:57:11 2008 Subject: Hosting multiple domains on a MailScanner box? In-Reply-To: References: Message-ID: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> 2008/6/10 Henry Kwan : > > Hi, > > I almost have my MailScanner/Exchange setup complete but then I realized that I > had a couple of secondary domains that I wanted to host the MX for as well. I > thought I could setup a virtusertable entry to create a catchall that forwards > to a mailbox on the Exchange box but it doesn't seem to be working. Whenever I > send email to the secondary domains, I get a "dsn=5.1.1, stat=User unknown" and > then a "savemail: cannot save rejected email anywhere" in maillog. > > Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running > MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner box > is part of the designmedia.com domain. There is a mailertable entry that > forwards the "designmedia.com" to the IP of the Exchange box. The domain > "designmedia.com" is also in relay-domains. I enter all the valid mailboxes as > "RELAY" in access and everything else is rejected. > in your /etc/mail/mailertable should se this for each domain: domain1.com smtp:[1.2.3.4] domain2.com smtp:[exchange.domain2.com] domain3.com smtp:[alterserver.domain3.com] and in your /etc/mail/access this: To:domain1.com RELAY To:domain2.com RELAY To:domain3.com RELAY > I thought that entering them in virtusertable as "@domain2.com > catchall@designmedia.com" would remap the emails as they came in but evidently > this isn't the case. Where is the proper place to stick all the information > about the secondary domains? > > Thanks. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From julien.buratto at gmail.com Tue Jun 10 22:52:16 2008 From: julien.buratto at gmail.com (Julien Buratto) Date: Tue Jun 10 22:52:26 2008 Subject: Tag in subject, header present but score is 0 Message-ID: Quite strange, however since a while I started to get email's subject changed to {Spam? X} where X can be 0 or negative values, headers in the email show the Spam-Status: Yes but then there is no details about any other tags. Other emails which are "clean" are just clean, some others don't even get it as the score is high ... so the point is that all those emails with negative scores where "ok" emails for me... I don't know where to double check this behavior as the mailscanner is running spamassassin. I think that maybe one of the spamlists return negative values ...any hint ? -- Julien Buratto From ssilva at sgvwater.com Tue Jun 10 23:04:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 10 23:05:16 2008 Subject: Tag in subject, header present but score is 0 In-Reply-To: References: Message-ID: on 6-10-2008 2:52 PM Julien Buratto spake the following: > Quite strange, however since a while I started to get email's subject > changed to {Spam? X} where X can be 0 or negative values, headers in > the email show the Spam-Status: Yes but then there is no details about > any other tags. > > Other emails which are "clean" are just clean, some others don't even > get it as the score is high ... so the point is that all those emails > with negative scores where "ok" emails for me... I don't know where to > double check this behavior as the mailscanner is running spamassassin. > > I think that maybe one of the spamlists return negative values ...any hint ? > Hitting blacklists can set the spam tag without changing the score. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080610/45766e89/signature.bin From FStein at thehill.org Wed Jun 11 03:47:27 2008 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed Jun 11 03:48:30 2008 Subject: Beta release 4.70.3 References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" Fred Stein Network Administrator The Hill School 717 High Street Pottstown, PA 19464 610-326-1000 ext. 7356 fstein@thehill.org www.thehill.org ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Mon 6/9/2008 12:55 PM To: MailScanner discussion Subject: Beta release 4.70.3 I have just released a new beta version 4.70.3. Please try this version if you have been having any problems with Watermarks, or the spam handling of them. Download as usual from www.mailscanner.info. Please let me know if you still have any problems with this release, and also if it fixes the problems you have been having. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gdoris at rogers.com Wed Jun 11 06:03:30 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 06:03:42 2008 Subject: Problems with beta 4.70.4-2 Message-ID: <484F5CA2.5010200@rogers.com> I installed the Fedora beta 4.70.4-2 and immediately ran into problems. All emails were marked as spam with a default score of 5 which allowed everything through. The reason given was "spam(no watermark or sender address)". I couldn't figure out what to change so I went back to the stable version and all is working again. From neilw at dcdata.co.za Wed Jun 11 07:25:46 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Wed Jun 11 07:29:51 2008 Subject: install-Clam-0.93.1-SA-3.2.4.tar.gz Message-ID: <484F6FEA.103@dcdata.co.za> Hi guys. I'm trying to install the latest Clam/SA package that is available under SLES 9, and I'm getting the following compile errors, and then the install just hangs, and I have to stop it with Ctrl-C. Anyone else ever seen this before? t/overload_threads........ok 1/5 skipped: not really skipped, testing overloaded reason t/plan....................ok t/plan_bad................ok t/plan_is_noplan..........ok t/plan_no_plan............ok 1/6 skipped: Just testing skip with no_plan t/plan_shouldnt_import....ok t/plan_skip_all...........skipped all skipped: Just testing plan & skip_all t/pod-coverage............skipped all skipped: Test::Pod::Coverage 1.08 required for testing POD coverage t/pod.....................skipped all skipped: Test::Pod 1.00 required for testing POD t/require_ok..............ok t/reset...................ok t/simple..................ok t/skip....................ok 8/17 skipped: various reasons t/skipall.................ok t/sort_bug................ok 1/2*** glibc detected *** corrupted double-linked list: 0x000000000076c100 *** *** glibc detected *** corrupted double-linked list: 0x000000000076c380 *** *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** Thanks. Neil This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From martinh at solidstatelogic.com Wed Jun 11 07:58:04 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 07:57:31 2008 Subject: Problems with beta 4.70.4-2 Message-ID: Gerry What Mta? No problems here with exim -- martin -----Original Message----- From: Gerry Doris Sent: Wednesday, June 11, 2008 6:09 AM To: MailScanner discussion Subject: Problems with beta 4.70.4-2 I installed the Fedora beta 4.70.4-2 and immediately ran into problems. All emails were marked as spam with a default score of 5 which allowed everything through. The reason given was "spam(no watermark or sender address)". I couldn't figure out what to change so I went back to the stable version and all is working again. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From john at tradoc.fr Wed Jun 11 08:38:55 2008 From: john at tradoc.fr (John Wilcock) Date: Wed Jun 11 08:39:17 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484F810F.7010000@tradoc.fr> Martin.Hepworth a ?crit : > Gerry > > What Mta? No problems here with exim > I'm seeing the same symptoms as Gerry, running postfix. I've been working with Julian to solve some problems with the watermarking code, but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian a new beta will be forthcoming later today. The workaround in the meantime if you want to stay on 4.70 is to turn off the watermarking checks. Unfortunately "Use Watermarking = no" seems to be at least partly ignored currently, but "Treat Invalid Watermarks With No Sender as Spam = nothing" does the trick. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From neilw at dcdata.co.za Wed Jun 11 09:01:46 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Wed Jun 11 09:06:00 2008 Subject: install-Clam-0.93.1-SA-3.2.4.tar.gz In-Reply-To: <484F6FEA.103@dcdata.co.za> References: <484F6FEA.103@dcdata.co.za> Message-ID: <484F866A.8000403@dcdata.co.za> Neil Wilson wrote: > *** glibc detected *** corrupted double-linked list: 0x000000000076c380 *** > *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** > *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** Well, attempted a second install and the error didn't appear this time, so don't worry about this :) Thanks. Neil. This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From gdoris at rogers.com Wed Jun 11 09:07:37 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 09:07:49 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F810F.7010000@tradoc.fr> References: <484F810F.7010000@tradoc.fr> Message-ID: <484F87C9.5090701@rogers.com> John Wilcock wrote: > Martin.Hepworth a ?crit : >> Gerry >> >> What Mta? No problems here with exim >> > > I'm seeing the same symptoms as Gerry, running postfix. I've been > working with Julian to solve some problems with the watermarking code, > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian a > new beta will be forthcoming later today. > > The workaround in the meantime if you want to stay on 4.70 is to turn > off the watermarking checks. Unfortunately "Use Watermarking = no" seems > to be at least partly ignored currently, but "Treat Invalid Watermarks > With No Sender as Spam = nothing" does the trick. > > John. > I'm using sendmail. I tried "Use Watermarking = no". When that didn't work I went back to the stable release. From MailScanner at ecs.soton.ac.uk Wed Jun 11 09:54:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 09:55:00 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484F92C5.5040401@ecs.soton.ac.uk> John Wilcock wrote: > Martin.Hepworth a ?crit : >> Gerry >> >> What Mta? No problems here with exim >> > > I'm seeing the same symptoms as Gerry, running postfix. I've been > working with Julian to solve some problems with the watermarking code, > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > a new beta will be forthcoming later today. > > The workaround in the meantime if you want to stay on 4.70 is to turn > off the watermarking checks. Unfortunately "Use Watermarking = no" > seems to be at least partly ignored currently, but "Treat Invalid > Watermarks With No Sender as Spam = nothing" does the trick. Here's a new Message.pm to try. Let me know if this helps. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.zip Type: application/zip Size: 68935 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/9be9b107/Message.pm-0001.zip From martinh at solidstatelogic.com Wed Jun 11 10:09:07 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 10:09:18 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F92C5.5040401@ecs.soton.ac.uk> Message-ID: <772c934bfbd5be44a8c22cc26dd2cc49@solidstatelogic.com> Jules Ok - give me a couple of minutes, looks like you snook out a .4 beta yesterday so I'll install that first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 11 June 2008 09:54 > To: MailScanner discussion > Subject: Re: Problems with beta 4.70.4-2 > > John Wilcock wrote: > > Martin.Hepworth a ?crit : > >> Gerry > >> > >> What Mta? No problems here with exim > >> > > > > I'm seeing the same symptoms as Gerry, running postfix. I've been > > working with Julian to solve some problems with the watermarking code, > > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > > a new beta will be forthcoming later today. > > > > The workaround in the meantime if you want to stay on 4.70 is to turn > > off the watermarking checks. Unfortunately "Use Watermarking = no" > > seems to be at least partly ignored currently, but "Treat Invalid > > Watermarks With No Sender as Spam = nothing" does the trick. > Here's a new Message.pm to try. Let me know if this helps. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed Jun 11 10:31:13 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 10:31:24 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <772c934bfbd5be44a8c22cc26dd2cc49@solidstatelogic.com> Message-ID: No problems here. But then I didn't notice any with the old code. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 11 June 2008 10:09 > To: MailScanner discussion > Subject: RE: Problems with beta 4.70.4-2 > > Jules > > Ok - give me a couple of minutes, looks like you snook out a .4 beta > yesterday so I'll install that first.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 11 June 2008 09:54 > > To: MailScanner discussion > > Subject: Re: Problems with beta 4.70.4-2 > > > > John Wilcock wrote: > > > Martin.Hepworth a ?crit : > > >> Gerry > > >> > > >> What Mta? No problems here with exim > > >> > > > > > > I'm seeing the same symptoms as Gerry, running postfix. I've been > > > working with Julian to solve some problems with the watermarking code, > > > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > > > a new beta will be forthcoming later today. > > > > > > The workaround in the meantime if you want to stay on 4.70 is to turn > > > off the watermarking checks. Unfortunately "Use Watermarking = no" > > > seems to be at least partly ignored currently, but "Treat Invalid > > > Watermarks With No Sender as Spam = nothing" does the trick. > > Here's a new Message.pm to try. Let me know if this helps. > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 11 10:56:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 10:56:40 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484FA13C.4010802@ecs.soton.ac.uk> 4.70.5-1 is out there for you guys. Please let me know how you get on with it. Thanks! Jules. Martin.Hepworth wrote: > No problems here. But then I didn't notice any with the old code. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth >> Sent: 11 June 2008 10:09 >> To: MailScanner discussion >> Subject: RE: Problems with beta 4.70.4-2 >> >> Jules >> >> Ok - give me a couple of minutes, looks like you snook out a .4 beta >> yesterday so I'll install that first.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Julian Field >>> Sent: 11 June 2008 09:54 >>> To: MailScanner discussion >>> Subject: Re: Problems with beta 4.70.4-2 >>> >>> John Wilcock wrote: >>> >>>> Martin.Hepworth a ?crit : >>>> >>>>> Gerry >>>>> >>>>> What Mta? No problems here with exim >>>>> >>>>> >>>> I'm seeing the same symptoms as Gerry, running postfix. I've been >>>> working with Julian to solve some problems with the watermarking code, >>>> but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian >>>> a new beta will be forthcoming later today. >>>> >>>> The workaround in the meantime if you want to stay on 4.70 is to turn >>>> off the watermarking checks. Unfortunately "Use Watermarking = no" >>>> seems to be at least partly ignored currently, but "Treat Invalid >>>> Watermarks With No Sender as Spam = nothing" does the trick. >>>> >>> Here's a new Message.pm to try. Let me know if this helps. >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> PGP public key: http://www.jules.fm/julesfm.asc >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Wed Jun 11 13:49:10 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 13:49:25 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F92C5.5040401@ecs.soton.ac.uk> References: <484F92C5.5040401@ecs.soton.ac.uk> Message-ID: <484FC9C6.70702@rogers.com> Julian Field wrote: > John Wilcock wrote: >> Martin.Hepworth a ?crit : >>> Gerry >>> >>> What Mta? No problems here with exim >>> >> >> I'm seeing the same symptoms as Gerry, running postfix. I've been >> working with Julian to solve some problems with the watermarking code, >> but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian >> a new beta will be forthcoming later today. >> >> The workaround in the meantime if you want to stay on 4.70 is to turn >> off the watermarking checks. Unfortunately "Use Watermarking = no" >> seems to be at least partly ignored currently, but "Treat Invalid >> Watermarks With No Sender as Spam = nothing" does the trick. > Here's a new Message.pm to try. Let me know if this helps. > > Jules > I can't get to it until later today. I'll let you know how it works then. From dominian at slackadelic.com Wed Jun 11 14:32:22 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 14:32:38 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: <484FD3E6.7080802@slackadelic.com> Stein, Mr. Fred wrote: > Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" > > Fred Stein > Network Administrator > The Hill School > 717 High Street > Pottstown, PA 19464 > 610-326-1000 ext. 7356 > fstein@thehill.org > www.thehill.org > I too can confirm this. I had to roll back to the previous release. I used watermarking in the previous release.. worked fine. HOwever, rolled to the latest beta and it started marking EVERYTHING as a potential virus because of no watermark. Rolled back, everything is fine now. -Matt From MailScanner at ecs.soton.ac.uk Wed Jun 11 14:56:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 14:56:21 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: <484FD973.6060004@ecs.soton.ac.uk> Matt Hayes wrote: > Stein, Mr. Fred wrote: >> Beta release 4,70.4-2 no longer turns all Watermarking off with "Use >> Watermarking = no" >> >> Fred Stein >> Network Administrator >> The Hill School >> 717 High Street >> Pottstown, PA 19464 >> 610-326-1000 ext. 7356 >> fstein@thehill.org >> www.thehill.org >> > > I too can confirm this. I had to roll back to the previous release. > I used watermarking in the previous release.. worked fine. HOwever, > rolled to the latest beta and it started marking EVERYTHING as a > potential virus because of no watermark. Rolled back, everything is > fine now. And 4.70.5-1? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From FStein at thehill.org Wed Jun 11 14:57:50 2008 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed Jun 11 14:58:29 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FD3E6.7080802@slackadelic.com> References: <484D6078.90102@ecs.soton.ac.uk> <484FD3E6.7080802@slackadelic.com> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hayes Sent: Wednesday, June 11, 2008 9:32 AM To: MailScanner discussion Subject: Re: Beta release 4.70.3 Stein, Mr. Fred wrote: > Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" > > Fred Stein > Network Administrator > The Hill School > 717 High Street > Pottstown, PA 19464 > 610-326-1000 ext. 7356 > fstein@thehill.org > www.thehill.org > I too can confirm this. I had to roll back to the previous release. I used watermarking in the previous release.. worked fine. HOwever, rolled to the latest beta and it started marking EVERYTHING as a potential virus because of no watermark. Rolled back, everything is fine now. -Matt -- This has been corrected with the latest 4.70.5 release. Fred MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dominian at slackadelic.com Wed Jun 11 15:05:43 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 15:05:55 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FD973.6060004@ecs.soton.ac.uk> References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> Message-ID: <484FDBB7.7010004@slackadelic.com> Julian Field wrote: > > > Matt Hayes wrote: >> Stein, Mr. Fred wrote: >>> Beta release 4,70.4-2 no longer turns all Watermarking off with "Use >>> Watermarking = no" >>> >>> Fred Stein >>> Network Administrator >>> The Hill School >>> 717 High Street >>> Pottstown, PA 19464 >>> 610-326-1000 ext. 7356 >>> fstein@thehill.org >>> www.thehill.org >>> >> >> I too can confirm this. I had to roll back to the previous release. >> I used watermarking in the previous release.. worked fine. HOwever, >> rolled to the latest beta and it started marking EVERYTHING as a >> potential virus because of no watermark. Rolled back, everything is >> fine now. > And 4.70.5-1? > > Jules > I take that back.. I used 4.70.4 then rolled back to 4.70.1. I apologize. I didn't test anything in between Jules. -Matt From MailScanner at ecs.soton.ac.uk Wed Jun 11 16:18:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 16:18:28 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> Message-ID: <484FECAF.1080202@ecs.soton.ac.uk> Matt Hayes wrote: > Julian Field wrote: >> >> >> Matt Hayes wrote: >>> Stein, Mr. Fred wrote: >>>> Beta release 4,70.4-2 no longer turns all Watermarking off with >>>> "Use Watermarking = no" >>>> >>>> Fred Stein >>>> Network Administrator >>>> The Hill School >>>> 717 High Street >>>> Pottstown, PA 19464 >>>> 610-326-1000 ext. 7356 >>>> fstein@thehill.org >>>> www.thehill.org >>>> >>> >>> I too can confirm this. I had to roll back to the previous >>> release. I used watermarking in the previous release.. worked >>> fine. HOwever, rolled to the latest beta and it started marking >>> EVERYTHING as a potential virus because of no watermark. Rolled >>> back, everything is fine now. >> And 4.70.5-1? >> >> Jules >> > > I take that back.. I used 4.70.4 then rolled back to 4.70.1. I > apologize. I didn't test anything in between Jules. Please can you try 4.70.5-1, I am pretty confident that this version should work as advertised. Thank you for your patience while I got this issue fixed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doepain at gmail.com Wed Jun 11 16:47:58 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 16:48:07 2008 Subject: MailWatch Message-ID: Has anyone installed MailWatch as a webUI for their MailScanner service? Where can I find installation documentaion for MailWatch? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/4dcef388/attachment.html From hvdkooij at vanderkooij.org Wed Jun 11 16:57:18 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 11 16:57:27 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF5DE.2090702@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dOE wrote: | Has anyone installed MailWatch as a webUI for their MailScanner | service? Where can I find installation documentaion for MailWatch? Have you tried something simple as a search engine? http://www.google.com/search?q=mailwatch Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIT/XWBvzDRVjxmYERAswwAJ99tNAoIHvT6rVXHhxmbBlFVtw5TwCfU31S O5hjgaW0QlktZFYi5Uwe4ho= =i2vR -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Jun 11 16:57:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 16:57:51 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF5EB.2060504@ecs.soton.ac.uk> Have you tried typing in "MailWatch" to Google? This is not the correct place to ask for help about MailWatch, it has its own mailing list(s) which are all documented on the web: see my previous sentence for pointers to it. dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner > service? Where can I find installation documentaion for MailWatch? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jun 11 16:58:30 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jun 11 16:58:50 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <200806111158.30817.dyioulos@firstbhph.com> On Wednesday 11 June 2008 11:47 am, dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner service? > Where can I find installation documentaion for MailWatch? There's documentation with the program itself (INSTALL, UPGRADING, etc.). The MailWatch wiki is useful (mailwatch.sourceforge.net/doku.php). You may also want to subscribe to the mailing list. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dominian at slackadelic.com Wed Jun 11 17:12:05 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 17:12:20 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FECAF.1080202@ecs.soton.ac.uk> References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> <484FECAF.1080202@ecs.soton.ac.uk> Message-ID: <484FF955.8080203@slackadelic.com> Julian Field wrote: > > > Matt Hayes wrote: >> Julian Field wrote: >>> >>> >>> Matt Hayes wrote: >>>> Stein, Mr. Fred wrote: >>>>> Beta release 4,70.4-2 no longer turns all Watermarking off with >>>>> "Use Watermarking = no" >>>>> >>>>> Fred Stein >>>>> Network Administrator >>>>> The Hill School >>>>> 717 High Street >>>>> Pottstown, PA 19464 >>>>> 610-326-1000 ext. 7356 >>>>> fstein@thehill.org >>>>> www.thehill.org >>>>> >>>> >>>> I too can confirm this. I had to roll back to the previous >>>> release. I used watermarking in the previous release.. worked >>>> fine. HOwever, rolled to the latest beta and it started marking >>>> EVERYTHING as a potential virus because of no watermark. Rolled >>>> back, everything is fine now. >>> And 4.70.5-1? >>> >>> Jules >>> >> >> I take that back.. I used 4.70.4 then rolled back to 4.70.1. I >> apologize. I didn't test anything in between Jules. > Please can you try 4.70.5-1, I am pretty confident that this version > should work as advertised. > Thank you for your patience while I got this issue fixed. > > Jules > Jules, The 4.70.5 fixed my issue with the watermarking incorrectly marking emails as bad. Working like a charm now. -matt From peter at farrows.org Wed Jun 11 17:13:49 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 11 17:14:31 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF9BD.4090203@farrows.org> Hi There, Since everyone else seems intent on telling you to use google, and generally not being too kind, I thought I would help you out. Try this: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation Its not unreasonable to start asking your question here, and there is another list for mailwatch, and it is related to subject matter here, Feel free ask me off the list if you have any problems, I done quite a few of these, Regards Pete dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner > service? Where can I find installation documentaion for MailWatch? > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [1]. http://www.inexcom.co.uk From doepain at gmail.com Wed Jun 11 17:31:58 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:32:07 2008 Subject: MailWatch In-Reply-To: <200806111158.30817.dyioulos@firstbhph.com> References: <200806111158.30817.dyioulos@firstbhph.com> Message-ID: I just discovered the mailing list and have subscribed. On Wed, Jun 11, 2008 at 11:58 AM, Dimitri Yioulos wrote: > On Wednesday 11 June 2008 11:47 am, dOE wrote: > > Has anyone installed MailWatch as a webUI for their MailScanner service? > > Where can I find installation documentaion for MailWatch? > > There's documentation with the program itself (INSTALL, UPGRADING, etc.). > The > MailWatch wiki is useful (mailwatch.sourceforge.net/doku.php). You may > also > want to subscribe to the mailing list. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/d5aa5289/attachment.html From doepain at gmail.com Wed Jun 11 17:33:23 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:33:32 2008 Subject: MailWatch In-Reply-To: <484FF9BD.4090203@farrows.org> References: <484FF9BD.4090203@farrows.org> Message-ID: Thank you, Peter Sorry for inconveniencing everyone else with my "complicated" question. I will direct any future MailWatch question to its mailing-list from now. On Wed, Jun 11, 2008 at 12:13 PM, Peter Farrow wrote: > Hi There, > > Since everyone else seems intent on telling you to use google, and > generally not being too kind, I thought I would help you out. > > Try this: > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation > > Its not unreasonable to start asking your question here, and there is > another list for mailwatch, and it is related to subject matter here, > > Feel free ask me off the list if you have any problems, I done quite a few > of these, > > Regards > > Pete > > dOE wrote: > >> Has anyone installed MailWatch as a webUI for their MailScanner service? >> Where can I find installation documentaion for MailWatch? >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* system >> scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [0]. >> > > > -- > This message has been scanned for viruses and > dangerous content by the Inexcom system Scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [1]. > http://www.inexcom.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/e31db876/attachment.html From doepain at gmail.com Wed Jun 11 17:34:23 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:34:31 2008 Subject: MailWatch In-Reply-To: <484FF5DE.2090702@vanderkooij.org> References: <484FF5DE.2090702@vanderkooij.org> Message-ID: Hugo, you are very intelligent it seems. On Wed, Jun 11, 2008 at 11:57 AM, Hugo van der Kooij < hvdkooij@vanderkooij.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > dOE wrote: > | Has anyone installed MailWatch as a webUI for their MailScanner > | service? Where can I find installation documentaion for MailWatch? > > Have you tried something simple as a search engine? > http://www.google.com/search?q=mailwatch > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIT/XWBvzDRVjxmYERAswwAJ99tNAoIHvT6rVXHhxmbBlFVtw5TwCfU31S > O5hjgaW0QlktZFYi5Uwe4ho= > =i2vR > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/a985b1b2/attachment.html From rick at duvals.ca Wed Jun 11 17:42:57 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Wed Jun 11 17:43:08 2008 Subject: Interfaces - off topic - sorry References: <484FF9BD.4090203@farrows.org> Message-ID: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> This is not a MailScanner question but since we're all involved in providing email services I thinks its still a somewhat appropriate place to ask... Any opinions on what is the best front end for end users? We've been running MDaemon Pro and our users are really used to that kind of high-end interface. Is there a comparable beast for linux systems that's either GPL or doesn;t cost both arms and both legs like MDaemon? Thanks much.... Rick "Imagination is more important than Knowledge" --Albert Einstein-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/91bc82fe/attachment.html From rick at duvals.ca Wed Jun 11 18:06:56 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Wed Jun 11 18:07:06 2008 Subject: Yahoogroups Bad Centent Message-ID: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> Every time and emial comes in from yahoogroups I get a message that it contains a script and then a Bad Content message. How are other people handling this? R "Imagination is more important than Knowledge" --Albert Einstein-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/3403929b/attachment.html From ssilva at sgvwater.com Wed Jun 11 18:29:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 11 18:29:08 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> References: <484FF9BD.4090203@farrows.org> <001e01c8cbe2$341fb600$6b01a8c0@csmrick> Message-ID: on 6-11-2008 9:42 AM rick@duvals.ca spake the following: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate place > to ask... It would be more appropriate to start a new thread when asking a new question. > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn't cost both arms and both legs like MDaemon? High end interfaces usually cost $$$. By the time someone does that much coding, they sure want to have some profit from their work. You can set up many free applications that will do what you want, but I haven't seen anything for free that does all of that. Maybe Scalix community version does a lot of it. MDaemon Pro has got to be cheaper than an Exchange setup. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/4b90d281/signature.bin From ssilva at sgvwater.com Wed Jun 11 18:36:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 11 18:36:14 2008 Subject: Yahoogroups Bad Centent In-Reply-To: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> References: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> Message-ID: on 6-11-2008 10:06 AM rick@duvals.ca spake the following: > Every time and emial comes in from yahoogroups I get a message that it > contains a script and then a Bad Content message. > > How are other people handling this? > > R I disarm most of the bad content and don't mark the subject. If a user complains, I can release the original from the cache. No complaints in over a year and a half though. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/844fdfaf/signature.bin From lists at designmedia.com Wed Jun 11 19:28:16 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 11 19:28:32 2008 Subject: Hosting multiple domains on a MailScanner box? References: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> Message-ID: Eduardo Casarero gmail.com> writes: > in your /etc/mail/mailertable should se this for each domain: > > domain1.com smtp:[1.2.3.4] > domain2.com smtp:[exchange.domain2.com] > domain3.com smtp:[alterserver.domain3.com] > > and in your /etc/mail/access this: > To:domain1.com RELAY > To:domain2.com RELAY > To:domain3.com RELAY Hi, Is there a way forward all the emails to one account on the primary domain? Right now, what I ended up doing was to deliver the email locally. In /etc/mail/virtusertable: @domain2.com localaccount1 @domain3.com localaccount2 So all those emails are delivered locally on the Mailscanner box and I end up reading them using mutt or pine. Ideally, what I would like to do is to route all those emails to a catchall account on the primary domain (something like domain2.catchall@designmedia.com). But if I modify the virtusertable or even add a .forward to localaccount1 so that email gets forwarded to the primary domain, I get a "DSN: User unknown". Thanks. From lists at designmedia.com Wed Jun 11 19:50:03 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 11 19:50:21 2008 Subject: Hosting multiple domains on a MailScanner box? References: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> Message-ID: Henry Kwan designmedia.com> writes: > Ideally, what I would like to do is to route all those emails to a catchall > account on the primary domain (something like domain2.catchall > designmedia.com). > But if I modify the virtusertable or even add a .forward to localaccount1 so > that email gets forwarded to the primary domain, I get a "DSN: User unknown". Whoops. The reason that it wasn't working was because I had borked the routing by entering the primary domain into local-host-names. Once I removed the primary domain, all emails to the secondary domains are routed properly into the catchall account on the primary domain. Thanks to Peter and Eduardo for the ideas. From rich at mail.wvnet.edu Thu Jun 12 11:59:43 2008 From: rich at mail.wvnet.edu (Richard Lynch) Date: Thu Jun 12 11:59:58 2008 Subject: Warning: latest RH perl update breaks MailScanner Message-ID: <4851019F.4040106@mail.wvnet.edu> Just a quick warning to everyone. A Redhat update for perl was released yesterday. Once applied a restart of MailScanner fails with... Starting MailScanner... **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! Failed. The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's perl-5.8.0-98.EL3. I don't know about the other releases. The fix for us was to re-install MailScanner (i.e. ./install.sh fast). Richard Lynch WVNET -- From martinh at solidstatelogic.com Thu Jun 12 12:11:01 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 12:11:14 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <4851019F.4040106@mail.wvnet.edu> Message-ID: <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> Heh another broken perl RPM from RH, there's a thing ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Lynch > Sent: 12 June 2008 12:00 > To: MailScanner discussion > Subject: Warning: latest RH perl update breaks MailScanner > > > Just a quick warning to everyone. A Redhat update for perl was released > yesterday. Once applied a restart of MailScanner fails with... > > Starting MailScanner... > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > Failed. > > > The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's > perl-5.8.0-98.EL3. I don't know about the other releases. The fix for > us was to re-install MailScanner (i.e. ./install.sh fast). > > Richard Lynch > WVNET > > -- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From peter at farrows.org Thu Jun 12 12:13:00 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jun 12 12:13:22 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <4851019F.4040106@mail.wvnet.edu> References: <4851019F.4040106@mail.wvnet.edu> Message-ID: <485104BC.4090005@farrows.org> Richard Lynch wrote: > > Just a quick warning to everyone. A Redhat update for perl was > released yesterday. Once applied a restart of MailScanner fails with... > > Starting MailScanner... > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > Failed. > > > The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's > perl-5.8.0-98.EL3. I don't know about the other releases. The fix > for us was to re-install MailScanner (i.e. ./install.sh fast). > > Richard Lynch > WVNET > You can probably just re-install the perl io rpm back to a working version, or do it through the CPAN command line interface rather than jumping through the whole install again.. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From shuttlebox at gmail.com Thu Jun 12 12:31:23 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jun 12 12:31:31 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> References: <4851019F.4040106@mail.wvnet.edu> <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> Message-ID: <625385e30806120431r416300e2i97facb1f709e0ab9@mail.gmail.com> On Thu, Jun 12, 2008 at 1:11 PM, Martin.Hepworth wrote: > Heh another broken perl RPM from RH, there's a thing ;-) It's not broken, it's MS that forces its modules to overwrite the systems so when you update the system the version is too old again. This happens because RH backports security patches instead of just providing a newer version of the module. -- PJ O'Rourke - "You can't get rid of poverty by giving people money." From uxbod at splatnix.net Thu Jun 12 12:45:43 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 12 12:46:07 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> Message-ID: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> http://www.zimbra.com - they provide a FOSS release. Try the demo :) I am biast though as I am a moderator ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- rick@duvals.ca wrote: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate > place to ask... > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn;t cost both arms and both legs like MDaemon? > > Thanks much.... > > Rick > > > "Imagination is more important than Knowledge" --Albert Einstein-- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jan-peter at koopmann.eu Thu Jun 12 13:13:08 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Jun 12 13:13:36 2008 Subject: Exim bounces and MailScanner Message-ID: Hi, I just noticed something for the first time. A user is sending a message which is accepted by the inbound exim, processed by MailScanner and then sent out by the outbound exim. This outbound exim is not able to successfully transfer the message since the other side responds with 5xx attachment type is not allowed. So far so good. The outbound exim now creates a NDR. This NDR however is delivered to the user directly without being processed through mailscanner. It all makes sense but is there a way to force the NDRs of the outbound exim process to be delivered through Mailscanner as well? Why you may ask? :-) Because the admin would like to see the NDA in mailwatch as well. Any thoughts appreciated. Regards, JP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/2eee042c/attachment.html From martinh at solidstatelogic.com Thu Jun 12 14:26:40 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 14:26:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Message-ID: <1794543400192d41b27b7ccf0dfd0276@solidstatelogic.com> -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] On Behalf Of Justin Mason > Sent: 12 June 2008 14:24 > To: users@SpamAssassin.apache.org; > dev@SpamAssassin.apache.org; announce@SpamAssassin.apache.org > Subject: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Apache SpamAssassin 3.2.5 is now available! This is a > maintenance release of the 3.2.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2 > 7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz > 663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip > > sha1sum of archive files: > 32b701ffc68f7975eded107c456b902bc710d8b2 > Mail-SpamAssassin-3.2.5.tar.bz2 > 14b1f6eae0221a152176f7f597f55581445e800a > Mail-SpamAssassin-3.2.5.tar.gz > b333acfdaf2289e37f72f1f1a18449645ee532d0 > Mail-SpamAssassin-3.2.5.zip > > > The release files also have a .asc file accompanying them. > The file serves as an external GPG signature for the given > release file. The signing key is available via the > wwwkeys.pgp.net key server, as well as at: > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 > 1987 265F A05B > > > 3.2.5 is a minor bug-fix release. Summary of changes: > > - bug 5775: newer gpg versions require keys to be > cross-certified (backsig). Did a cross-verify on our > sa-update public key and re-exported. (If you are already > seeing "GPG validation failed" errors from sa-update, see > http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .) > > - bug 5899: add perl version string to the storage area for > compiled rulesets, to avoid crashes when perl is upgraded > between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks > > - bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false > positives, particularly on the new-format Message-ID > generated by the Outlook Express version used in Windows XP > service pack 3 > > - bug 5730: when using Postgres >= 8.1.0 with Bayes, this > error occurs: 'WARNING: nonstandard use of \ in a string > literal at character'. fix, thanks to Tomasz Ostrowski > > - bug 5769: fix 'sa-compile: eval failed: Can't find label > NO' error, caused in rare circumstances when sa-compile > attempted to deal with rules written using 'replace_rules' features > > - bug 5858: fix circular reference memory leak caused by some messages > > - bug 5815: update 2TLD list to include .rs CCTLD > > - bug 4706: remove HG_HORMOME rules due to poor performance > > - bug 5835: typo in POD docs for SPF plugin; thanks to Benny > Pedersen for fix > > - bug 5839: a missing or failed eval rule function could > mistakenly count as a rule hit, fixed > > - trivial bugfix for the VBounce ruleset: > __BOUNCE_FROM_DAEMON incorrectly used + instead of *, so some > From addresses were not being recognised as bounce senders > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Thu Jun 12 14:33:42 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 12 14:33:53 2008 Subject: Exim bounces and MailScanner In-Reply-To: References: Message-ID: <485125B6.4010802@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Koopmann, Jan-Peter wrote: | I just noticed something for the first time. A user is sending a message | which is accepted by the inbound exim, processed by MailScanner and then | sent out by the outbound exim. This outbound exim is not able to | successfully transfer the message since the other side responds with 5xx | attachment type is not allowed. So far so good. The outbound exim now | creates a NDR. This NDR however is delivered to the user directly | without being processed through mailscanner. It all makes sense but is | there a way to force the NDRs of the outbound exim process to be | delivered through Mailscanner as well? Why you may ask? :-) Because the | admin would like to see the NDA in mailwatch as well. If that is the whole purpose I would suggest you use SEC and just filter the proper log lines for these NDR's and add the events to the MailWatch log. I do a similar thing with RBL events in postfix: http://hugo.vanderkooij.org/email/mailscanner.htm?lang=en#SEC I suppose that if you have the MSGID still available you can add the details to the outgoing message itself. Feeding NDR's through MS will just add new lines. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUSWrBvzDRVjxmYERArnPAKCd4RxGNGJTZkdUNyvdLD+jk92XewCfdcfo tFsuloyF2Myx/oZ6F/CVBsQ= =TYUd -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Jun 12 14:51:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 14:52:01 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: Message-ID: <485129EE.9080106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated my easy-to-install ClamAV + SpamAssassin package on www.mailscanner.info. Martin.Hepworth wrote: > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: jm@jmason.org [mailto:jm@jmason.org] On Behalf Of Justin Mason >> Sent: 12 June 2008 14:24 >> To: users@SpamAssassin.apache.org; >> dev@SpamAssassin.apache.org; announce@SpamAssassin.apache.org >> Subject: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Apache SpamAssassin 3.2.5 is now available! This is a >> maintenance release of the 3.2.x branch. >> >> Downloads are available from: >> http://spamassassin.apache.org/downloads.cgi >> >> The release file will also be available via CPAN in the near future. >> >> md5sum of archive files: >> 695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2 >> 7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz >> 663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip >> >> sha1sum of archive files: >> 32b701ffc68f7975eded107c456b902bc710d8b2 >> Mail-SpamAssassin-3.2.5.tar.bz2 >> 14b1f6eae0221a152176f7f597f55581445e800a >> Mail-SpamAssassin-3.2.5.tar.gz >> b333acfdaf2289e37f72f1f1a18449645ee532d0 >> Mail-SpamAssassin-3.2.5.zip >> >> >> The release files also have a .asc file accompanying them. >> The file serves as an external GPG signature for the given >> release file. The signing key is available via the >> wwwkeys.pgp.net key server, as well as at: >> http://spamassassin.apache.org/released/GPG-SIGNING-KEY >> >> The key information is: >> >> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key >> >> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 >> 1987 265F A05B >> >> >> 3.2.5 is a minor bug-fix release. Summary of changes: >> >> - bug 5775: newer gpg versions require keys to be >> cross-certified (backsig). Did a cross-verify on our >> sa-update public key and re-exported. (If you are already >> seeing "GPG validation failed" errors from sa-update, see >> http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .) >> >> - bug 5899: add perl version string to the storage area for >> compiled rulesets, to avoid crashes when perl is upgraded >> between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks >> >> - bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false >> positives, particularly on the new-format Message-ID >> generated by the Outlook Express version used in Windows XP >> service pack 3 >> >> - bug 5730: when using Postgres >= 8.1.0 with Bayes, this >> error occurs: 'WARNING: nonstandard use of \ in a string >> literal at character'. fix, thanks to Tomasz Ostrowski >> >> - bug 5769: fix 'sa-compile: eval failed: Can't find label >> NO' error, caused in rare circumstances when sa-compile >> attempted to deal with rules written using 'replace_rules' features >> >> - bug 5858: fix circular reference memory leak caused by some messages >> >> - bug 5815: update 2TLD list to include .rs CCTLD >> >> - bug 4706: remove HG_HORMOME rules due to poor performance >> >> - bug 5835: typo in POD docs for SPF plugin; thanks to Benny >> Pedersen for fix >> >> - bug 5839: a missing or failed eval rule function could >> mistakenly count as a rule hit, fixed >> >> - trivial bugfix for the VBounce ruleset: >> __BOUNCE_FROM_DAEMON incorrectly used + instead of *, so some >> From addresses were not being recognised as bounce senders >> >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUSnvEfZZRxQVtlQRAvbSAJ42HnYu+yNs6FnNtqeORmgcekh+9ACfU58x 3bh4e6EUo7notoSkDfzgRrs= =FSfi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stef at aoc-uk.com Thu Jun 12 16:53:31 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jun 12 17:01:42 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: Message-ID: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> mailscanner-bounces@lists.mailscanner.info wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just updated my easy-to-install ClamAV + SpamAssassin > package on www.mailscanner.info. > It might just be me, but after upgrading, spamassassin just stopped working completely, no real problems I could see in a -D --lint either - just scored everything zero. I had to manually downgrade back to 3.2.4 to get it working again. You folks may wish to test before running ahead. Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From submit at zuka.net Thu Jun 12 17:05:15 2008 From: submit at zuka.net (Dave Filchak) Date: Thu Jun 12 17:05:32 2008 Subject: MailWatch In-Reply-To: <484FF9BD.4090203@farrows.org> References: <484FF9BD.4090203@farrows.org> Message-ID: <4851493B.3090504@zuka.net> You know .. Peter is right here ... there are better ways to direct a person with shall we say, less experience than the general population of this list than the use of sarcasm. A simple answer like "The best place to find this info is ... ". I know everyone is busy and sometimes there are a lot of questions by new users .... but everyone started somewhere .... right? I do not want (and probably won't) to start a discussion of this in any way but I see this behavior on so many lists that I thought I would just put my 2 cents in here. Dave You Peter Farrow wrote: >
Hi There, > > Since everyone else seems intent on telling you to use google, and > generally not being too kind, I thought I would help you out. > > Try this: > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation > > Its not unreasonable to start asking your question here, and there is > another list for mailwatch, and it is related to subject matter here, > > Feel free ask me off the list if you have any problems, I done quite a > few of these, > > Regards > > Pete > > dOE wrote: >> Has anyone installed MailWatch as a webUI for their MailScanner >> service? Where can I find installation documentaion for MailWatch? >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* system >> scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [0]. > > From doc at maddoc.net Thu Jun 12 17:10:36 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 17:10:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> Message-ID: <48514A7C.8060900@maddoc.net> Stef Morrell wrote: > mailscanner-bounces@lists.mailscanner.info wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just updated my easy-to-install ClamAV + SpamAssassin >> package on www.mailscanner.info. >> > > It might just be me, but after upgrading, spamassassin just stopped > working completely, no real problems I could see in a -D --lint either - > just scored everything zero. > > I had to manually downgrade back to 3.2.4 to get it working again. You > folks may wish to test before running ahead. Did you run sa-update to grab the base rules? Also sa-compile may also need to be run if you're using the compiled SA. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From johnnyb at marlboro.edu Thu Jun 12 17:15:20 2008 From: johnnyb at marlboro.edu (John Baker) Date: Thu Jun 12 17:15:46 2008 Subject: Nigerian fraud email Message-ID: <48514B98.5080204@marlboro.edu> Hi all, I've noticed a huge increase in Nigerian fraud type emails for the last moths or so. I'm using everything I can from rules emporium and well as kam and they all get some hits but nothing adds up to a "is spam" score for most of them. Would anybody have any suggestions for getting at more of these? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From rick at duvals.ca Thu Jun 12 17:26:07 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Thu Jun 12 17:26:22 2008 Subject: Interfaces - off topic - sorry References: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> Message-ID: <004f01c8cca9$0463d550$6b01a8c0@csmrick> Thanks for the comeback... Whats a FOSS release? R "Imagination is more important than Knowledge" --Albert Einstein-- ----- Original Message ----- From: --[ UxBoD ]-- To: MailScanner discussion Sent: Thursday, June 12, 2008 7:45 AM Subject: Re: Interfaces - off topic - sorry http://www.zimbra.com - they provide a FOSS release. Try the demo :) I am biast though as I am a moderator ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- rick@duvals.ca wrote: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate > place to ask... > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn;t cost both arms and both legs like MDaemon? > > Thanks much.... > > Rick > > > "Imagination is more important than Knowledge" --Albert Einstein-- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Accurate Anti-Spam Technologies and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/b17ff347/attachment.html From Hostmaster at computerservicecentre.com Thu Jun 12 17:28:50 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Thu Jun 12 17:29:06 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7AC5@commssrv01.computerservicecentre.com> >Hi all, > >I've noticed a huge increase in Nigerian fraud type emails for the last >moths or so. I'm using everything I can from rules emporium and well as >kam and they all get some hits but nothing adds up to a "is spam" score >for most of them. Would anybody have any suggestions for getting at more >of these? We found that RBL blocking at MTA time killed almost all of these, spamcop+njabl+zen.spamhaus (if you are not-for-profit or on a feed) does the job beautifully. Slightly O-T, you might be interested in thescambaiter.com (to whom I have no connection), where people get revenge on these 419 scammers. -- Richard All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From mkercher at nfsmith.com Thu Jun 12 17:47:10 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 17:48:25 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48514A7C.8060900@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 11:11 AM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Stef Morrell wrote: > mailscanner-bounces@lists.mailscanner.info wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just updated my easy-to-install ClamAV + SpamAssassin package >> on www.mailscanner.info. >> > > It might just be me, but after upgrading, spamassassin just stopped > working completely, no real problems I could see in a -D --lint either > - just scored everything zero. > > I had to manually downgrade back to 3.2.4 to get it working again. You > folks may wish to test before running ahead. Did you run sa-update to grab the base rules? Also sa-compile may also need to be run if you're using the compiled SA. -- -Doc Lincoln, NE. I just installed the latest Easy Install ClamAV/SA package and am now seeing this in my logs: Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm line 120. I'm reinstalling right now just to make sure something didn't get funky last time. Mike From hvdkooij at vanderkooij.org Thu Jun 12 17:58:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 12 17:58:12 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <4851559A.2010205@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Baker wrote: | Hi all, | | I've noticed a huge increase in Nigerian fraud type emails for the last | moths or so. I'm using everything I can from rules emporium and well as | kam and they all get some hits but nothing adds up to a "is spam" score | for most of them. Would anybody have any suggestions for getting at more | of these? You need to show a bit more details if you want useful suggestions. What are your values for normal and high scoring spam? How spamlike are they if you look at the bayesian scores? What other measures have you taken to stop them? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUVWOBvzDRVjxmYERAjMPAJ9QLXnwFWexd/kNDmmF9O2AKDOB2wCgiFEI 4C4ceYNzZODVVdJAHi5zlbw= =L7TK -----END PGP SIGNATURE----- From doc at maddoc.net Thu Jun 12 18:02:23 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 18:02:39 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> Message-ID: <4851569F.5090503@maddoc.net> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get funky > last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From stef at aoc-uk.com Thu Jun 12 17:44:26 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jun 12 18:02:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> Message-ID: <200806121702.m5CH2jh2029736@safir.blacknight.ie> doc@maddoc.net wrote: > Did you run sa-update to grab the base rules? Also sa-compile > may also need to be run if you're using the compiled SA. Oh... now then... hmmm.. I know I did run sa-update for SARE and sought.cf - and I did sa-compile. And it turns out I didn't do the main ruleset - what a muppet. Many thanks for the brain assist. It's clearly too hot in here and I should repair to the nearest hostelry for some suitably soothing libation. Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From mkercher at nfsmith.com Thu Jun 12 18:08:10 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 18:08:47 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <4851569F.5090503@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BC4@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 12:02 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint >> either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. >> You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST > at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get > funky last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- Roger that...downloading. Thanks! From campbell at cnpapers.com Thu Jun 12 18:14:15 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 12 18:14:32 2008 Subject: MailWatch In-Reply-To: <4851493B.3090504@zuka.net> References: <484FF9BD.4090203@farrows.org> <4851493B.3090504@zuka.net> Message-ID: <48515967.10406@cnpapers.com> I always thought it was funny that people would bluntly tell you to look in the archives instead of just pointing you there or telling you the answer. So when you went and searched the archives, all you ever found was 30 or so "Search the archives" responses and maybe one real answer. Steve Campbell >> From campbell at cnpapers.com Thu Jun 12 18:16:13 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 12 18:16:32 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <485159DD.6080903@cnpapers.com> Is re-evaluating your score thresholds out of line? Steve Campbell John Baker wrote: > Hi all, > > I've noticed a huge increase in Nigerian fraud type emails for the > last moths or so. I'm using everything I can from rules emporium and > well as kam and they all get some hits but nothing adds up to a "is > spam" score for most of them. Would anybody have any suggestions for > getting at more of these? > > Thanks From mkercher at nfsmith.com Thu Jun 12 18:25:11 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 18:25:44 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <4851569F.5090503@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 12:02 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint >> either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. >> You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST > at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get > funky last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- I just remembered that 4.70 is still beta and I'd prefer NOT to run that in production yet. I'll go downgrade my Mail-ClamAV for now. Mike From doc at maddoc.net Thu Jun 12 18:37:42 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 18:38:00 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> Message-ID: <48515EE6.3090802@maddoc.net> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 12:02 PM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Mike Kercher wrote: >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >> Schneider >> Sent: Thursday, June 12, 2008 11:11 AM >> To: MailScanner discussion >> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Stef Morrell wrote: >>> mailscanner-bounces@lists.mailscanner.info wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> I have just updated my easy-to-install ClamAV + SpamAssassin package > >>>> on www.mailscanner.info. >>>> >>> It might just be me, but after upgrading, spamassassin just stopped >>> working completely, no real problems I could see in a -D --lint >>> either >>> - just scored everything zero. >>> >>> I had to manually downgrade back to 3.2.4 to get it working again. >>> You >>> folks may wish to test before running ahead. >> Did you run sa-update to grab the base rules? Also sa-compile may also > >> need to be run if you're using the compiled SA. >> >> -- >> -Doc >> Lincoln, NE. >> >> >> I just installed the latest Easy Install ClamAV/SA package and am now >> seeing this in my logs: >> >> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >> at >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >> line 120. >> >> I'm reinstalling right now just to make sure something didn't get >> funky last time. >> >> Mike >> > > Those would be errors coming from clamavmodule due to an older version > of MailScanner. You'll need to update to at least 4.70.x I believe. > > > -- > -Doc > Lincoln, NE. > http://www.fsl.com/ > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > > I just remembered that 4.70 is still beta and I'd prefer NOT to run that > in production yet. I'll go downgrade my Mail-ClamAV for now. > > Mike You'll also need to downgrade clamav or you can go to using clamd which works--until Jules releases a new version that supports the newest Mail::ClamAV. See the wiki for details on making that work. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jodedor at gmail.com Thu Jun 12 18:41:06 2008 From: jodedor at gmail.com (David Guillermo) Date: Thu Jun 12 18:41:18 2008 Subject: is too big for spam checks Message-ID: Hellow List. im a user dummie whitch MailScanner and have this problem, my conf is: Max SpamAssassin Size = 5000000 Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks (3017954 > 150000 bytes) Thanks. -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From MailScanner at ecs.soton.ac.uk Thu Jun 12 18:56:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 18:56:32 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> Message-ID: <48516337.2020203@ecs.soton.ac.uk> Doc Schneider wrote: > Mike Kercher wrote: > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >> Schneider >> Sent: Thursday, June 12, 2008 12:02 PM >> To: MailScanner discussion >> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 11:11 AM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>> >>> Stef Morrell wrote: >>> >>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>>>> >>>>> on www.mailscanner.info. >>>>> >>>>> >>>> It might just be me, but after upgrading, spamassassin just stopped >>>> working completely, no real problems I could see in a -D --lint >>>> either >>>> - just scored everything zero. >>>> >>>> I had to manually downgrade back to 3.2.4 to get it working again. >>>> You >>>> folks may wish to test before running ahead. >>>> >>> Did you run sa-update to grab the base rules? Also sa-compile may also >>> >>> need to be run if you're using the compiled SA. >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> >>> >>> I just installed the latest Easy Install ClamAV/SA package and am now >>> seeing this in my logs: >>> >>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >>> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >>> at >>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>> line 120. >>> >>> I'm reinstalling right now just to make sure something didn't get >>> funky last time. >>> >>> Mike >>> >>> >> Those would be errors coming from clamavmodule due to an older version >> of MailScanner. You'll need to update to at least 4.70.x I believe. >> >> >> -- >> -Doc >> Lincoln, NE. >> http://www.fsl.com/ >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> -- >> >> I just remembered that 4.70 is still beta and I'd prefer NOT to run that >> in production yet. I'll go downgrade my Mail-ClamAV for now. >> >> Mike >> > > You'll also need to downgrade clamav or you can go to using clamd which > works--until Jules releases a new version that supports the newest > Mail::ClamAV. See the wiki for details on making that work. > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? I've been holding off from a stable release waiting for F-Secure 7.0.1 keys, but they haven't appeared so I think I'll just put out a stable release now unless anyone has any strong objections. Speak now or forever hold thy pieces. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jun 12 18:58:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 18:59:12 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: <485163DE.4030102@ecs.soton.ac.uk> David Guillermo wrote: > Hellow List. > > im a user dummie whitch MailScanner and have this problem, my conf is: > > Max SpamAssassin Size = 5000000 > > > Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 > from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks > (3017954 > 150000 bytes) You have set the Max *SpamAssassin* Size, while the error is about the Max *Spam Check* Size. You need to set that too. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Thu Jun 12 19:01:13 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 19:01:29 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <48516469.2040209@maddoc.net> Julian Field wrote: > > > Doc Schneider wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 12:02 PM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>> >>> Mike Kercher wrote: >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>>> Schneider >>>> Sent: Thursday, June 12, 2008 11:11 AM >>>> To: MailScanner discussion >>>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>>> >>>> Stef Morrell wrote: >>>> >>>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>>>>> on www.mailscanner.info. >>>>>> >>>>>> >>>>> It might just be me, but after upgrading, spamassassin just stopped >>>>> working completely, no real problems I could see in a -D --lint either >>>>> - just scored everything zero. >>>>> >>>>> I had to manually downgrade back to 3.2.4 to get it working again. You >>>>> folks may wish to test before running ahead. >>>>> >>>> Did you run sa-update to grab the base rules? Also sa-compile may also >>>> need to be run if you're using the compiled SA. >>>> >>>> -- >>>> -Doc >>>> Lincoln, NE. >>>> >>>> >>>> I just installed the latest Easy Install ClamAV/SA package and am >>>> now seeing this in my logs: >>>> >>>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >>>> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >>>> at >>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>>> line 120. >>>> I'm reinstalling right now just to make sure something didn't get >>>> funky last time. >>>> >>>> Mike >>>> >>>> >>> Those would be errors coming from clamavmodule due to an older version >>> of MailScanner. You'll need to update to at least 4.70.x I believe. >>> >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> http://www.fsl.com/ >>> http://www.genealogyforyou.com/ >>> http://www.cairnproductions.com/ >>> >>> -- >>> >>> I just remembered that 4.70 is still beta and I'd prefer NOT to run that >>> in production yet. I'll go downgrade my Mail-ClamAV for now. >>> >>> Mike >>> >> >> You'll also need to downgrade clamav or you can go to using clamd which >> works--until Jules releases a new version that supports the newest >> Mail::ClamAV. See the wiki for details on making that work. >> > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? > I've been holding off from a stable release waiting for F-Secure 7.0.1 > keys, but they haven't appeared so I think I'll just put out a stable > release now unless anyone has any strong objections. Speak now or > forever hold thy pieces. > > Jules > I've been using 4.70.5 since the day you added it without any problems. So +1 on releasing the hounds! 8*) -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From rob at robhq.com Thu Jun 12 19:03:34 2008 From: rob at robhq.com (Rob Freeman) Date: Thu Jun 12 19:03:50 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: You need to change this in the MailScanner.conf file: # Spammers do not have the power to send out huge messages to everyone as # it costs them too much (more smaller messages makes more profit than less # very large messages). So if a message is bigger than a certain size, it # is highly unlikely to be spam. Limiting this saves a lot of time checking # huge messages. # This can also be the filename of a ruleset. Max Spam Check Size = 150000 On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: > Hellow List. > > im a user dummie whitch MailScanner and have this problem, my conf is: > > Max SpamAssassin Size = 5000000 > > > Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 > from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks > (3017954 > 150000 bytes) > > > Thanks. > > -- > -:- j0d3 > David Guillermo Rodriguez > Debian Unstable/Sid GNU/Linux > e-mail: davocasc98@gmail.com > http://j0d3.blogspot.com > Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ > Kernel: 2.6.24.2 > Linux user #408522 > -:- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/8317e44a/attachment.html From ssilva at sgvwater.com Thu Jun 12 20:01:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 20:01:46 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <004f01c8cca9$0463d550$6b01a8c0@csmrick> References: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> <004f01c8cca9$0463d550$6b01a8c0@csmrick> Message-ID: on 6-12-2008 9:26 AM rick@duvals.ca spake the following: > Thanks for the comeback... Whats a FOSS release? > Free and Open Source Software. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/c138d8b2/signature.bin From martinh at solidstatelogic.com Thu Jun 12 20:25:17 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 20:25:27 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: On Thu, 12 Jun 2008 18:56:07 +0100 Julian Field wrote: > > > Doc Schneider wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 12:02 PM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 >>>available >>> >>> Mike Kercher wrote: >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>>Behalf Of Doc >>>> Schneider >>>> Sent: Thursday, June 12, 2008 11:11 AM >>>> To: MailScanner discussion >>>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 >>>>available >>>> >>>> Stef Morrell wrote: >>>> >>>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> I have just updated my easy-to-install ClamAV + >>>>>>SpamAssassin package >>>>>> >>>>>> on www.mailscanner.info. >>>>>> >>>>>> >>>>> It might just be me, but after upgrading, spamassassin >>>>>just stopped >>>>> working completely, no real problems I could see in a -D >>>>>--lint >>>>> either >>>>> - just scored everything zero. >>>>> >>>>> I had to manually downgrade back to 3.2.4 to get it >>>>>working again. >>>>> You >>>>> folks may wish to test before running ahead. >>>>> >>>> Did you run sa-update to grab the base rules? Also >>>>sa-compile may also >>>> >>>> need to be run if you're using the compiled SA. >>>> >>>> -- >>>> -Doc >>>> Lincoln, NE. >>>> >>>> >>>> I just installed the latest Easy Install ClamAV/SA >>>>package and am now >>>> seeing this in my logs: >>>> >>>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial >>>>virus checker >>>> failed with real error: Invalid function >>>>CL_SCAN_PHISHING_DOMAINLIST >>>> at >>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>>> line 120. >>>> >>>> I'm reinstalling right now just to make sure something >>>>didn't get >>>> funky last time. >>>> >>>> Mike >>>> >>>> >>> Those would be errors coming from clamavmodule due to an >>>older version >>> of MailScanner. You'll need to update to at least 4.70.x >>>I believe. >>> >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> http://www.fsl.com/ >>> http://www.genealogyforyou.com/ >>> http://www.cairnproductions.com/ >>> >>> -- >>> >>> I just remembered that 4.70 is still beta and I'd prefer >>>NOT to run that >>> in production yet. I'll go downgrade my Mail-ClamAV for >>>now. >>> >>> Mike >>> >> >> You'll also need to downgrade clamav or you can go to >>using clamd which >> works--until Jules releases a new version that supports >>the newest >> Mail::ClamAV. See the wiki for details on making that >>work. >> > 4.70.5 should support the newest Mail::ClamAV. It does, >doesn't it? > I've been holding off from a stable release waiting for >F-Secure 7.0.1 keys, but they haven't appeared so I think >I'll just put out a stable release now unless anyone has >any strong objections. Speak now or forever hold thy >pieces. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info we had someone on the IRC channel informing of problems with the watermark stuff (still) on 40.70.5 we asked them to post here, but I've not seem anything so far. Might want the 4.70.5 to live a beta for a few more days yet. -- martin ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From donnieq at quindardonet.net Thu Jun 12 20:27:30 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Thu Jun 12 20:27:39 2008 Subject: Watermark and User Notification Message-ID: <485178A2.2050606@quindardonet.net> Hello, I have MS 4.70.5 in a test lab right now and I was not able to find that the notices to users (when an attachment is blocked) were being passed as non-spam. Is anyone else able to notice this? Will there be a fix? Don Q. From ssilva at sgvwater.com Thu Jun 12 20:49:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 20:50:28 2008 Subject: Watermark and User Notification In-Reply-To: <485178A2.2050606@quindardonet.net> References: <485178A2.2050606@quindardonet.net> Message-ID: on 6-12-2008 12:27 PM Donnie D. Quindardo spake the following: > Hello, > > I have MS 4.70.5 in a test lab right now and I was not able to find that > the notices to users (when an attachment is blocked) were being passed > as non-spam. Is anyone else able to notice this? Will there be a fix? > > > Don Q. Please give a little more detail. Maybe an example. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/4e036d73/signature.bin From donnieq at quindardonet.net Thu Jun 12 20:58:41 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Thu Jun 12 20:58:51 2008 Subject: Watermark and User Notification In-Reply-To: <485178A2.2050606@quindardonet.net> References: <485178A2.2050606@quindardonet.net> Message-ID: <48517FF1.5060801@quindardonet.net> - Configure MailScanner to notify users that their attachments have been blocked. - Configure MailScanner to use Watermarks and note that messages that have no sender and no watermark are spam. - Send an e-mail through MailScanner with an attachment that is banned, perhaps "test.com". - Look in the spam quarantine of MailScanner, the notification e-mail that is sent to the user is there. That's because it is sent with an envelope address of <> and does not get a MailScanner Signature beforehand. From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:10:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:10:56 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> Message-ID: <485182BF.6030706@ecs.soton.ac.uk> Donnie D. Quindardo wrote: > - Configure MailScanner to notify users that their attachments have > been blocked. > > - Configure MailScanner to use Watermarks and note that messages that > have no sender and no watermark are spam. > > - Send an e-mail through MailScanner with an attachment that is > banned, perhaps "test.com". > > - Look in the spam quarantine of MailScanner, the notification e-mail > that is sent to the user is there. That's because it is sent with an > envelope address of <> and does not get a MailScanner Signature > beforehand. In which case you just need to use a ruleset to exempt mail from 127.0.0.1 from watermarking checks. Should I do this automatically in the code, or are there situations in which this isn't the desired behaviour? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 21:20:17 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 21:20:48 2008 Subject: Watermark and User Notification In-Reply-To: <485182BF.6030706@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:10 PM Julian Field spake the following: > > > Donnie D. Quindardo wrote: >> - Configure MailScanner to notify users that their attachments have >> been blocked. >> >> - Configure MailScanner to use Watermarks and note that messages that >> have no sender and no watermark are spam. >> >> - Send an e-mail through MailScanner with an attachment that is >> banned, perhaps "test.com". >> >> - Look in the spam quarantine of MailScanner, the notification e-mail >> that is sent to the user is there. That's because it is sent with an >> envelope address of <> and does not get a MailScanner Signature >> beforehand. > In which case you just need to use a ruleset to exempt mail from > 127.0.0.1 from watermarking checks. Should I do this automatically in > the code, or are there situations in which this isn't the desired > behaviour? > > Jules > Does a ruleset on scan messages also cover this, or is watermarking outside that catch-all? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/2a3d6a2b/signature.bin From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:26:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:27:12 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> Message-ID: <4851868E.5070900@ecs.soton.ac.uk> Scott Silva wrote: > on 6-12-2008 1:10 PM Julian Field spake the following: >> >> >> Donnie D. Quindardo wrote: >>> - Configure MailScanner to notify users that their attachments have >>> been blocked. >>> >>> - Configure MailScanner to use Watermarks and note that messages >>> that have no sender and no watermark are spam. >>> >>> - Send an e-mail through MailScanner with an attachment that is >>> banned, perhaps "test.com". >>> >>> - Look in the spam quarantine of MailScanner, the notification >>> e-mail that is sent to the user is there. That's because it is sent >>> with an envelope address of <> and does not get a MailScanner >>> Signature beforehand. >> In which case you just need to use a ruleset to exempt mail from >> 127.0.0.1 from watermarking checks. Should I do this automatically in >> the code, or are there situations in which this isn't the desired >> behaviour? >> >> Jules >> > Does a ruleset on scan messages also cover this, or is watermarking > outside that catch-all? You don't need to do anything that radical, you just need a ruleset on the option that controls the checking of watermarks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 21:38:12 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 21:38:46 2008 Subject: Watermark and User Notification In-Reply-To: <4851868E.5070900@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:26 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-12-2008 1:10 PM Julian Field spake the following: >>> >>> >>> Donnie D. Quindardo wrote: >>>> - Configure MailScanner to notify users that their attachments have >>>> been blocked. >>>> >>>> - Configure MailScanner to use Watermarks and note that messages >>>> that have no sender and no watermark are spam. >>>> >>>> - Send an e-mail through MailScanner with an attachment that is >>>> banned, perhaps "test.com". >>>> >>>> - Look in the spam quarantine of MailScanner, the notification >>>> e-mail that is sent to the user is there. That's because it is sent >>>> with an envelope address of <> and does not get a MailScanner >>>> Signature beforehand. >>> In which case you just need to use a ruleset to exempt mail from >>> 127.0.0.1 from watermarking checks. Should I do this automatically in >>> the code, or are there situations in which this isn't the desired >>> behaviour? >>> >>> Jules >>> >> Does a ruleset on scan messages also cover this, or is watermarking >> outside that catch-all? > You don't need to do anything that radical, you just need a ruleset on > the option that controls the checking of watermarks. > > Jules > Let me re-phrase this... If you already have a rule in scan messages for mailwatch releases, will it also cover the watermark code? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/24f139ce/signature.bin From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:44:24 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:44:43 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> Message-ID: <48518AA8.1070106@ecs.soton.ac.uk> Scott Silva wrote: > on 6-12-2008 1:26 PM Julian Field spake the following: >> >> >> Scott Silva wrote: >>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>> >>>> >>>> Donnie D. Quindardo wrote: >>>>> - Configure MailScanner to notify users that their attachments >>>>> have been blocked. >>>>> >>>>> - Configure MailScanner to use Watermarks and note that messages >>>>> that have no sender and no watermark are spam. >>>>> >>>>> - Send an e-mail through MailScanner with an attachment that is >>>>> banned, perhaps "test.com". >>>>> >>>>> - Look in the spam quarantine of MailScanner, the notification >>>>> e-mail that is sent to the user is there. That's because it is >>>>> sent with an envelope address of <> and does not get a MailScanner >>>>> Signature beforehand. >>>> In which case you just need to use a ruleset to exempt mail from >>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>> in the code, or are there situations in which this isn't the >>>> desired behaviour? >>>> >>>> Jules >>>> >>> Does a ruleset on scan messages also cover this, or is watermarking >>> outside that catch-all? >> You don't need to do anything that radical, you just need a ruleset >> on the option that controls the checking of watermarks. >> >> Jules >> > Let me re-phrase this... If you already have a rule in scan messages > for mailwatch releases, will it also cover the watermark code? If the rule is on "Scan Messages" then yes, it will cover everything. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 23:02:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 23:03:42 2008 Subject: Watermark and User Notification In-Reply-To: <48518AA8.1070106@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:44 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-12-2008 1:26 PM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>> >>>>> >>>>> Donnie D. Quindardo wrote: >>>>>> - Configure MailScanner to notify users that their attachments >>>>>> have been blocked. >>>>>> >>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>> that have no sender and no watermark are spam. >>>>>> >>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>> banned, perhaps "test.com". >>>>>> >>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>> e-mail that is sent to the user is there. That's because it is >>>>>> sent with an envelope address of <> and does not get a MailScanner >>>>>> Signature beforehand. >>>>> In which case you just need to use a ruleset to exempt mail from >>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>> in the code, or are there situations in which this isn't the >>>>> desired behaviour? >>>>> >>>>> Jules >>>>> >>>> Does a ruleset on scan messages also cover this, or is watermarking >>>> outside that catch-all? >>> You don't need to do anything that radical, you just need a ruleset >>> on the option that controls the checking of watermarks. >>> >>> Jules >>> >> Let me re-phrase this... If you already have a rule in scan messages >> for mailwatch releases, will it also cover the watermark code? > If the rule is on "Scan Messages" then yes, it will cover everything. > > Jules > Thanks Jules! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/0798bcf0/signature.bin From mi6 at orcon.net.nz Fri Jun 13 02:44:45 2008 From: mi6 at orcon.net.nz (Charlie) Date: Fri Jun 13 02:44:51 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Hi, I run an email server (Exim) which uses Mailscanner in combination with ClamAV and SpamAssassin. The server scans about 15,000 emails per day. SpamAssassin currently seems to take 5-10 seconds to scan even the smallest email, which is unacceptable for us. I was wondering if anyone had either any tips on reducing the amount of time taken to scan an email for spam using SpamAssassin to 'well under one second', or if anyone can recommend a good, not too expensive, commercial alternative to SpamAssassin. Thank you! Charlie From ecasarero at gmail.com Fri Jun 13 02:52:10 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Jun 13 02:52:19 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> References: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Message-ID: <7d9b3cf20806121852y7b58cf1cxcf41af553969e3cf@mail.gmail.com> do you use clamd? tmpfs for working directory? 2008/6/12 Charlie : > Hi, > I run an email server (Exim) which uses Mailscanner in combination with > ClamAV and SpamAssassin. The server scans about 15,000 emails per day. > SpamAssassin currently seems to take 5-10 seconds to scan even the smallest > email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount of time > taken to scan an email for spam using SpamAssassin to 'well under one > second', or if anyone can recommend a good, not too expensive, commercial > alternative to SpamAssassin. > > Thank you! > Charlie > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From donnieq at quindardonet.net Fri Jun 13 05:42:32 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 05:42:43 2008 Subject: Watermark and User Notification In-Reply-To: <48518AA8.1070106@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> Message-ID: <4851FAB8.7070101@quindardonet.net> Unfortunately, this is not working. /etc/MailScanner/MailScanner.conf: Scan Messages = %rules-dir%/scan.rules /etc/MailScanner/rules/scan.rules: From: 127.0.0.1/32 no FromOrTo: default yes The notification message sent by "Notify Senders" if their attachments are blocked is still being flagged as spam. Please advise, Don Q. Julian Field wrote: > > > Scott Silva wrote: >> on 6-12-2008 1:26 PM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>> >>>>> >>>>> Donnie D. Quindardo wrote: >>>>>> - Configure MailScanner to notify users that their attachments >>>>>> have been blocked. >>>>>> >>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>> that have no sender and no watermark are spam. >>>>>> >>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>> banned, perhaps "test.com". >>>>>> >>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>> e-mail that is sent to the user is there. That's because it is >>>>>> sent with an envelope address of <> and does not get a MailScanner >>>>>> Signature beforehand. >>>>> In which case you just need to use a ruleset to exempt mail from >>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>> in the code, or are there situations in which this isn't the >>>>> desired behaviour? >>>>> >>>>> Jules >>>>> >>>> Does a ruleset on scan messages also cover this, or is watermarking >>>> outside that catch-all? >>> You don't need to do anything that radical, you just need a ruleset >>> on the option that controls the checking of watermarks. >>> >>> Jules >>> >> Let me re-phrase this... If you already have a rule in scan messages >> for mailwatch releases, will it also cover the watermark code? > If the rule is on "Scan Messages" then yes, it will cover everything. > > Jules > From donnieq at quindardonet.net Fri Jun 13 06:19:19 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 06:19:28 2008 Subject: Watermark and User Notification In-Reply-To: <4851FAB8.7070101@quindardonet.net> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> Message-ID: <48520357.2070909@quindardonet.net> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark or sender address Hmmm. :-) Donnie D. Quindardo wrote: > Unfortunately, this is not working. > > /etc/MailScanner/MailScanner.conf: > > Scan Messages = %rules-dir%/scan.rules > > /etc/MailScanner/rules/scan.rules: > > From: 127.0.0.1/32 no > FromOrTo: default yes > > The notification message sent by "Notify Senders" if their attachments > are blocked is still being flagged as spam. > > Please advise, > > Don Q. > > > Julian Field wrote: >> >> >> Scott Silva wrote: >>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>> >>>> >>>> Scott Silva wrote: >>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>> >>>>>> >>>>>> Donnie D. Quindardo wrote: >>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>> have been blocked. >>>>>>> >>>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>>> that have no sender and no watermark are spam. >>>>>>> >>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>> banned, perhaps "test.com". >>>>>>> >>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>> sent with an envelope address of <> and does not get a >>>>>>> MailScanner Signature beforehand. >>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>>> in the code, or are there situations in which this isn't the >>>>>> desired behaviour? >>>>>> >>>>>> Jules >>>>>> >>>>> Does a ruleset on scan messages also cover this, or is watermarking >>>>> outside that catch-all? >>>> You don't need to do anything that radical, you just need a ruleset >>>> on the option that controls the checking of watermarks. >>>> >>>> Jules >>>> >>> Let me re-phrase this... If you already have a rule in scan messages >>> for mailwatch releases, will it also cover the watermark code? >> If the rule is on "Scan Messages" then yes, it will cover everything. >> >> Jules >> > From jodedor at gmail.com Fri Jun 13 07:26:55 2008 From: jodedor at gmail.com (David Guillermo) Date: Fri Jun 13 07:27:05 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: Hi. Rob Freeman and Julian Field thanks, that option not in my MailScanner.conf why not change it, thanks again 2008/6/12 Rob Freeman : > You need to change this in the MailScanner.conf file: > > # Spammers do not have the power to send out huge messages to everyone as > # it costs them too much (more smaller messages makes more profit than less > > # very large messages). So if a message is bigger than a certain size, it > # is highly unlikely to be spam. Limiting this saves a lot of time checking > # huge messages. > # This can also be the filename of a ruleset. > > Max Spam Check Size = 150000 > > On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: >> >> Hellow List. >> >> im a user dummie whitch MailScanner and have this problem, my conf is: >> >> Max SpamAssassin Size = 5000000 >> >> >> Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 >> from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks >> (3017954 > 150000 bytes) >> >> >> Thanks. >> >> -- >> -:- j0d3 >> David Guillermo Rodriguez >> Debian Unstable/Sid GNU/Linux >> e-mail: davocasc98@gmail.com >> http://j0d3.blogspot.com >> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >> Kernel: 2.6.24.2 >> Linux user #408522 >> -:- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From jan-peter at koopmann.eu Fri Jun 13 07:28:22 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Jun 13 07:29:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: References: Message-ID: >I run an email server (Exim) which uses Mailscanner in combination with >ClamAV and SpamAssassin. The server scans about 15,000 emails per day. >SpamAssassin currently seems to take 5-10 seconds to scan even the smallest >email, which is unacceptable for us. May I ask why? Is it because your mail system is getting into load trouble? Or is the delay itself on legit mail the problem? I would like to know how an additional 5-10 seconds on an async communication medium like e-mail that was never designed for real-time in the first place could be a problem. If it is a load problem you should try to reduce the amount of mail reaching SpamAssassin in the first place. RBLs come to mind. Or (since you asked for a commercial solution) have a look at BarricadeMX from FSL. BMX will greatly reduce the amount of mail reaching your MTA. Yet on the other hand, if the 15.000 mails a day that your server scans are mostly ham, this will not help. So please enlarge a bit on the problem itself. Regards, JP From mi6 at orcon.net.nz Fri Jun 13 08:12:09 2008 From: mi6 at orcon.net.nz (Charlie) Date: Fri Jun 13 08:12:16 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> >>I run an email server (Exim) which uses Mailscanner in combination with >>ClamAV and SpamAssassin. The server scans about 15,000 emails per day. >>SpamAssassin currently seems to take 5-10 seconds to scan even the smallest >>email, which is unacceptable for us. >May I ask why? Is it because your mail system is getting into load >trouble? Or is the delay itself on legit mail the problem? I would like >to know how an additional 5-10 seconds on an async communication medium >like e-mail that was never designed for real-time in the first place >could be a problem. It is not really a problem except during peak hours, where there can be numerous emails sent every 1-2 seconds. These emails then pile up on eachother, and eventually cause the mail queue to grow very long, with emails taking 8-15 *minutes* to actually leave the queue. It is then a very serious problem. >If it is a load problem you should try to reduce the amount of mail >reaching SpamAssassin in the first place. RBLs come to mind. Or (since >you asked for a commercial solution) have a look at BarricadeMX from >FSL. BMX will greatly reduce the amount of mail reaching your MTA. Our userbase means that over 99% of emails sent through the server are *not* spam, so any limiting of the emails reaching the MTA would not help. >Yet on the other hand, if the 15.000 mails a day that your server scans >are mostly ham, this will not help. So please enlarge a bit on the >problem itself. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080613/4f8fd6e3/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:53:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:54:08 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: References: Message-ID: <4852278E.6070804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My advice would be to run MailScanner --debug --debug-sa as that will print out all the progress of SpamAssassin, including a timestamp at the start of each line so you can see where the holdups are. If you do that, and then show us where the holdups are, we may be able to help you some more... Jules. Charlie wrote: > Hi, > I run an email server (Exim) which uses Mailscanner in combination > with ClamAV and SpamAssassin. The server scans about 15,000 emails per > day. SpamAssassin currently seems to take 5-10 seconds to scan even > the smallest email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount > of time taken to scan an email for spam using SpamAssassin to 'well > under one second', or if anyone can recommend a good, not too > expensive, commercial alternative to SpamAssassin. > > Thank you! > Charlie Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUiePEfZZRxQVtlQRAq7mAJoCd2VZa/9WZCr9b5vJMl0LJuhlEgCdFKCp 8pKvx/3RVDAyLnkOL/u9sOo= =vtb1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:55:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:56:09 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: <48522802.5000205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Guillermo wrote: > Hi. Rob Freeman and Julian Field thanks, that option not in my > MailScanner.conf why not change it, thanks again > It certainly should be there. Can you run upgrade_MailScanner_conf, read everything it prints out, then run it according to the instructions it gives you. That should get your MailScanner.conf file up to date. > > 2008/6/12 Rob Freeman : > >> You need to change this in the MailScanner.conf file: >> >> # Spammers do not have the power to send out huge messages to everyone as >> # it costs them too much (more smaller messages makes more profit than less >> >> # very large messages). So if a message is bigger than a certain size, it >> # is highly unlikely to be spam. Limiting this saves a lot of time checking >> # huge messages. >> # This can also be the filename of a ruleset. >> >> Max Spam Check Size = 150000 >> >> On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: >> >>> Hellow List. >>> >>> im a user dummie whitch MailScanner and have this problem, my conf is: >>> >>> Max SpamAssassin Size = 5000000 >>> >>> >>> Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 >>> from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks >>> (3017954 > 150000 bytes) >>> >>> >>> Thanks. >>> >>> -- >>> -:- j0d3 >>> David Guillermo Rodriguez >>> Debian Unstable/Sid GNU/Linux >>> e-mail: davocasc98@gmail.com >>> http://j0d3.blogspot.com >>> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >>> Kernel: 2.6.24.2 >>> Linux user #408522 >>> -:- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUigDEfZZRxQVtlQRAguAAJ9CQ50DS81cPkcK3W7meE34ZSy+xQCcCfd4 IP2I6BitZXYp2FZD4fhSEUs= =JwJr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:57:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:58:16 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> Message-ID: <48522881.20002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It puts in 0.0.0.0 if there was no IP address present at all. Maybe I should change that to 127.0.0.1? What does anyone think of that change? Currently, you need to change your "From" line to From: 0.0.0.0 no FromOrTo: default yes Donnie D. Quindardo wrote: > Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark > or sender address > > Hmmm. :-) > > Donnie D. Quindardo wrote: >> Unfortunately, this is not working. >> >> /etc/MailScanner/MailScanner.conf: >> >> Scan Messages = %rules-dir%/scan.rules >> >> /etc/MailScanner/rules/scan.rules: >> >> From: 127.0.0.1/32 no >> FromOrTo: default yes >> >> The notification message sent by "Notify Senders" if their >> attachments are blocked is still being flagged as spam. >> >> Please advise, >> >> Don Q. >> >> >> Julian Field wrote: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>> >>>>> >>>>> Scott Silva wrote: >>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>> >>>>>>> >>>>>>> Donnie D. Quindardo wrote: >>>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>>> have been blocked. >>>>>>>> >>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>> >>>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>>> banned, perhaps "test.com". >>>>>>>> >>>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>>> sent with an envelope address of <> and does not get a >>>>>>>> MailScanner Signature beforehand. >>>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>>> 127.0.0.1 from watermarking checks. Should I do this >>>>>>> automatically in the code, or are there situations in which this >>>>>>> isn't the desired behaviour? >>>>>>> >>>>>>> Jules >>>>>>> >>>>>> Does a ruleset on scan messages also cover this, or is >>>>>> watermarking outside that catch-all? >>>>> You don't need to do anything that radical, you just need a >>>>> ruleset on the option that controls the checking of watermarks. >>>>> >>>>> Jules >>>>> >>>> Let me re-phrase this... If you already have a rule in scan >>>> messages for mailwatch releases, will it also cover the watermark >>>> code? >>> If the rule is on "Scan Messages" then yes, it will cover everything. >>> >>> Jules >>> >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu 0NGxjdrsTHySaDvXDtw/6Kk= =3bx5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Fri Jun 13 09:26:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 13 09:26:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <4852278E.6070804@ecs.soton.ac.uk> References: <4852278E.6070804@ecs.soton.ac.uk> Message-ID: <48522F1D.5070701@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | My advice would be to run | MailScanner --debug --debug-sa | as that will print out all the progress of SpamAssassin, including a | timestamp at the start of each line so you can see where the holdups are. | If you do that, and then show us where the holdups are, we may be able | to help you some more. DNS checks inside SA could be a real killer. Disable them and see what happens. A good DNS forwarder on your machine will also improve things. On the other hand you may have CPU and RAM to spare. In which case you may add one or two more children to MS and see what happens. But the bottom line is that email is a message forwarding protocol. It may take several hops to delive the message. And 8 to 10 minutes is not bad if you happen to have lived on the edge of a UUCP cloud. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUi8cBvzDRVjxmYERAqPJAJ433+vq3pqJKsrWFRQnwR/BJoWY+QCfY695 +M4P/mz8G3tT/6GsrqfSrhg= =yQJn -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Fri Jun 13 09:34:43 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 13 09:34:54 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> Message-ID: <9b0c696796158646b876a62ba56d03b3@solidstatelogic.com> Charlie http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips And http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin Also check you've got the spamassassin cache working OK - you'll Need the perl module DB_File installed for this to work (check with MailScanner -v) But to be honest I'd say 5-10 seconds for a batch ain't too bad. I'd check how many children you've got and how many in the batch. I'd also drop the spec of the machine here so we can see if there's anything obvious we can recommend. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 13 June 2008 08:12 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > >>I run an email server (Exim) which uses Mailscanner in combination > >>with ClamAV and SpamAssassin. The server scans about 15,000 > emails per day. > >>SpamAssassin currently seems to take 5-10 seconds to scan even the > >>smallest email, which is unacceptable for us. > > >May I ask why? Is it because your mail system is getting into load > >trouble? Or is the delay itself on legit mail the problem? I > would like > >to know how an additional 5-10 seconds on an async > communication medium > >like e-mail that was never designed for real-time in the first place > >could be a problem. > > It is not really a problem except during peak hours, where > there can be numerous emails sent every 1-2 seconds. These > emails then pile up on eachother, and eventually cause the > mail queue to grow very long, with emails taking 8-15 > *minutes* to actually leave the queue. It is then a very > serious problem. > > > > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. > Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > > Our userbase means that over 99% of emails sent through the > server are *not* spam, so any limiting of the emails reaching > the MTA would not help. > > >Yet on the other hand, if the 15.000 mails a day that your > server scans > >are mostly ham, this will not help. So please enlarge a bit on the > >problem itself. > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Jun 13 10:22:53 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 13 10:23:04 2008 Subject: Bus error with 4.70.5 and -v flag Message-ID: Jules Doing a MailScanner -v Gives a bus error.. Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country Bus error (core dumped) Perl is perl -v This is perl, v5.8.5 built for i386-freebsd-64int -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Jun 13 11:18:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 11:19:00 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: References: Message-ID: <48524981.9000203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does it do it for anyone else? Works fine for me. Martin.Hepworth wrote: > Jules > > Doing a > > MailScanner -v > > Gives a bus error.. > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.809 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Encode::Detect > missing Error > missing ExtUtils::CBuilder > missing ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.06 IO::String > 1.04 IO::Zlib > 2.20 IP::Country > Bus error (core dumped) > > Perl is > > perl -v > > This is perl, v5.8.5 built for i386-freebsd-64int > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUkmBEfZZRxQVtlQRAv4+AKDlt9ZgLMyGFYgWhuOAAA5vxVCwkACePYuo qMuTrm9HHwUg7rYhYY755dU= =j/iU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From donnieq at quindardonet.net Fri Jun 13 11:39:31 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 11:39:41 2008 Subject: Watermark and User Notification In-Reply-To: <48522881.20002@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> <48522881.20002@ecs.soton.ac.uk> Message-ID: <48524E63.2050707@quindardonet.net> I'm rather certain that I've tried this; however, I'll try again. For which mailscanner setting should this exception occur? Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It puts in 0.0.0.0 if there was no IP address present at all. > Maybe I should change that to 127.0.0.1? > What does anyone think of that change? > > Currently, you need to change your "From" line to > From: 0.0.0.0 no > FromOrTo: default yes > > > Donnie D. Quindardo wrote: >> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark >> or sender address >> >> Hmmm. :-) >> >> Donnie D. Quindardo wrote: >>> Unfortunately, this is not working. >>> >>> /etc/MailScanner/MailScanner.conf: >>> >>> Scan Messages = %rules-dir%/scan.rules >>> >>> /etc/MailScanner/rules/scan.rules: >>> >>> From: 127.0.0.1/32 no >>> FromOrTo: default yes >>> >>> The notification message sent by "Notify Senders" if their >>> attachments are blocked is still being flagged as spam. >>> >>> Please advise, >>> >>> Don Q. >>> >>> >>> Julian Field wrote: >>>> >>>> Scott Silva wrote: >>>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>>> >>>>>> Scott Silva wrote: >>>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>>> >>>>>>>> Donnie D. Quindardo wrote: >>>>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>>>> have been blocked. >>>>>>>>> >>>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>>> >>>>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>>>> banned, perhaps "test.com". >>>>>>>>> >>>>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>>>> sent with an envelope address of <> and does not get a >>>>>>>>> MailScanner Signature beforehand. >>>>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>>>> 127.0.0.1 from watermarking checks. Should I do this >>>>>>>> automatically in the code, or are there situations in which this >>>>>>>> isn't the desired behaviour? >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>> Does a ruleset on scan messages also cover this, or is >>>>>>> watermarking outside that catch-all? >>>>>> You don't need to do anything that radical, you just need a >>>>>> ruleset on the option that controls the checking of watermarks. >>>>>> >>>>>> Jules >>>>>> >>>>> Let me re-phrase this... If you already have a rule in scan >>>>> messages for mailwatch releases, will it also cover the watermark >>>>> code? >>>> If the rule is on "Scan Messages" then yes, it will cover everything. >>>> >>>> Jules >>>> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.3 (Build 4028) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu > 0NGxjdrsTHySaDvXDtw/6Kk= > =3bx5 > -----END PGP SIGNATURE----- > From telecaadmin at gmail.com Fri Jun 13 12:34:17 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 13 12:36:31 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: <48524981.9000203@ecs.soton.ac.uk> References: <48524981.9000203@ecs.soton.ac.uk> Message-ID: <48525B39.7040709@gmail.com> [...] >> 2.20 IP::Country >> Bus error (core dumped) >> >> Perl is >> >> perl -v >> >> This is perl, v5.8.5 built for i386-freebsd-64int Technically, isn't a bus error rather strange for x86, even x86_64? x86 can do unaligned accesses just fine. Don't know about the BSD semantics, though. Martin, is this new or did you upgrade something? From Lists at Tatorz.com Fri Jun 13 12:41:00 2008 From: Lists at Tatorz.com (Brian) Date: Fri Jun 13 12:41:14 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: <48524981.9000203@ecs.soton.ac.uk> References: <48524981.9000203@ecs.soton.ac.uk> Message-ID: <48525CCC.7000106@Tatorz.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Does it do it for anyone else? Works fine for me. > > Works fine for me also. Centos 5.1 From MailScanner at ecs.soton.ac.uk Fri Jun 13 14:01:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 14:01:33 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> <48522881.20002@ecs.soton.ac.uk> Message-ID: <48526F9A.1060604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check Watermarks With No Sender Donnie D. Quindardo wrote: > I'm rather certain that I've tried this; however, I'll try again. For > which mailscanner setting should this exception occur? > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It puts in 0.0.0.0 if there was no IP address present at all. >> Maybe I should change that to 127.0.0.1? >> What does anyone think of that change? >> >> Currently, you need to change your "From" line to >> From: 0.0.0.0 no >> FromOrTo: default yes >> >> >> Donnie D. Quindardo wrote: >>> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) >>> watermark or sender address >>> >>> Hmmm. :-) >>> >>> Donnie D. Quindardo wrote: >>>> Unfortunately, this is not working. >>>> >>>> /etc/MailScanner/MailScanner.conf: >>>> >>>> Scan Messages = %rules-dir%/scan.rules >>>> >>>> /etc/MailScanner/rules/scan.rules: >>>> >>>> From: 127.0.0.1/32 no >>>> FromOrTo: default yes >>>> >>>> The notification message sent by "Notify Senders" if their >>>> attachments are blocked is still being flagged as spam. >>>> >>>> Please advise, >>>> >>>> Don Q. >>>> >>>> >>>> Julian Field wrote: >>>>> >>>>> Scott Silva wrote: >>>>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>>>> >>>>>>> Scott Silva wrote: >>>>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>>>> >>>>>>>>> Donnie D. Quindardo wrote: >>>>>>>>>> - Configure MailScanner to notify users that their >>>>>>>>>> attachments have been blocked. >>>>>>>>>> >>>>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>>>> >>>>>>>>>> - Send an e-mail through MailScanner with an attachment that >>>>>>>>>> is banned, perhaps "test.com". >>>>>>>>>> >>>>>>>>>> - Look in the spam quarantine of MailScanner, the >>>>>>>>>> notification e-mail that is sent to the user is there. That's >>>>>>>>>> because it is sent with an envelope address of <> and does >>>>>>>>>> not get a MailScanner Signature beforehand. >>>>>>>>> In which case you just need to use a ruleset to exempt mail >>>>>>>>> from 127.0.0.1 from watermarking checks. Should I do this >>>>>>>>> automatically in the code, or are there situations in which >>>>>>>>> this isn't the desired behaviour? >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>> Does a ruleset on scan messages also cover this, or is >>>>>>>> watermarking outside that catch-all? >>>>>>> You don't need to do anything that radical, you just need a >>>>>>> ruleset on the option that controls the checking of watermarks. >>>>>>> >>>>>>> Jules >>>>>>> >>>>>> Let me re-phrase this... If you already have a rule in scan >>>>>> messages for mailwatch releases, will it also cover the watermark >>>>>> code? >>>>> If the rule is on "Scan Messages" then yes, it will cover everything. >>>>> >>>>> Jules >>>>> >> >> Jules >> >> - -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.3 (Build 4028) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-1 >> >> wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu >> 0NGxjdrsTHySaDvXDtw/6Kk= >> =3bx5 >> -----END PGP SIGNATURE----- >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUm+bEfZZRxQVtlQRAgdkAKCI6db4xdivzwa1JN81mch4MFq1igCfWqA1 aracXVBPVwvbxaFbY6APFy4= =yvOn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Jun 13 14:57:53 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 13 14:58:29 2008 Subject: Unable to update Perl on RHEL 5.2 Message-ID: <48527CE1.5050501@USherbrooke.ca> Hello list, I am not able to update Perl because of conflicts with RPMs installed by MS. Any ideas on how to force install it? Thanks! Denis # yum -y update perl Loading "rhnplugin" plugin Loading "security" plugin rhel-i386-server-5 100% |=========================| 1.4 kB 00:00 Skipping security plugin, no data Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package perl.i386 4:5.8.8-10.el5_2.3 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: perl i386 4:5.8.8-10.el5_2.3 rhel-i386-server-5 12 M Transaction Summary ============================================================================= Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total download size: 12 M Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Check Error: file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/File/Temp.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-File-Temp-0.19-1 file /usr/share/man/man3/File::Temp.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-File-Temp-0.19-1 file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 Error Summary ------------- -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Fri Jun 13 15:16:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 15:17:04 2008 Subject: Unable to update Perl on RHEL 5.2 In-Reply-To: References: Message-ID: <4852814C.7050808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try this: rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum yum update perl Then reinstall MailScanner. Denis Beauchemin wrote: > Hello list, > > I am not able to update Perl because of conflicts with RPMs installed > by MS. Any ideas on how to force install it? > > Thanks! > > Denis > # yum -y update perl > Loading "rhnplugin" plugin > Loading "security" plugin > rhel-i386-server-5 100% |=========================| 1.4 kB > 00:00 > Skipping security plugin, no data > Setting up Update Process > Resolving Dependencies > Skipping security plugin, no data > --> Running transaction check > ---> Package perl.i386 4:5.8.8-10.el5_2.3 set to be updated > --> Finished Dependency Resolution > > Dependencies Resolved > > ============================================================================= > > Package Arch Version Repository > Size > ============================================================================= > > Updating: > perl i386 4:5.8.8-10.el5_2.3 > rhel-i386-server-5 12 M > > Transaction Summary > ============================================================================= > > Install 0 Package(s) > Update 1 Package(s) > Remove 0 Package(s) > > Total download size: 12 M > Downloading Packages: > Running rpm_check_debug > Running Transaction Test > Finished Transaction Test > > > Transaction Check Error: > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install > of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/share/man/man3/IO.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Dir.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::File.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Handle.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Pipe.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Poll.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Seekable.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Select.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/File/Temp.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-File-Temp-0.19-1 > file /usr/share/man/man3/File::Temp.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-File-Temp-0.19-1 > file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/share/man/man3/Math::BigRat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/lib/perl5/5.8.8/bigint.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bignum.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bigrat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bigint.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bignum.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bigrat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > > Error Summary > ------------- > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUoFMEfZZRxQVtlQRAqVVAKDvhZu4sdgyOVxUvPq58yW+wdVeNwCghNka 7hrxMrM2l96zAi81h4m8juY= =KRds -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Jun 13 15:59:58 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 13 16:00:33 2008 Subject: Unable to update Perl on RHEL 5.2 In-Reply-To: <4852814C.7050808@ecs.soton.ac.uk> References: <4852814C.7050808@ecs.soton.ac.uk> Message-ID: <48528B6E.7050207@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Try this: > > rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum > yum update perl > > Then reinstall MailScanner. > > Denis Beauchemin wrote: > >> Hello list, >> >> I am not able to update Perl because of conflicts with RPMs installed >> by MS. Any ideas on how to force install it? >> >> Thanks! >> Thanks Julian, It worked just fine! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Kevin_Miller at ci.juneau.ak.us Fri Jun 13 17:26:01 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 13 17:26:20 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <48522F1D.5070701@vanderkooij.org> References: <4852278E.6070804@ecs.soton.ac.uk> <48522F1D.5070701@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > DNS checks inside SA could be a real killer. Disable them and see what > happens. A good DNS forwarder on your machine will also improve > things. > > On the other hand you may have CPU and RAM to spare. In which case you > may add one or two more children to MS and see what happens. Another thought - look and see if you're swapping significantly. That'll slow things down a lot... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From alex at nkpanama.com Fri Jun 13 17:31:15 2008 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 13 17:31:49 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <48522F1D.5070701@vanderkooij.org> References: <4852278E.6070804@ecs.soton.ac.uk> <48522F1D.5070701@vanderkooij.org> Message-ID: <200806131631.m5DGVd5p016956@safir.blacknight.ie> And we all know MailScanner causes swapping! X-D On Jun 13, 2008, at 11:26 AM, Kevin Miller wrote: > Another thought - look and see if you're swapping significantly. > That'll slow things down a lot... From telecaadmin at gmail.com Fri Jun 13 17:44:16 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 13 17:46:25 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> References: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Message-ID: <4852A3E0.8080903@gmail.com> > I run an email server (Exim) which uses Mailscanner in combination with > ClamAV and SpamAssassin. The server scans about 15,000 emails per day. > SpamAssassin currently seems to take 5-10 seconds to scan even the > smallest email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount of > time taken to scan an email for spam using SpamAssassin to 'well under > one second', or if anyone can recommend a good, not too expensive, > commercial alternative to SpamAssassin. To check for *all* problems please show us the output of #> uptime #> free #> cat /proc/cpuinfo #> /etc/init.d/nscd status Then proceed with Julians suggestion: > My advice would be to run > MailScanner --debug --debug-sa > as that will print out all the progress of SpamAssassin, including a > timestamp at the start of each line so you can see where the holdups > are. > If you do that, and then show us where the holdups are, we may be able > to help you some more... The holdups show you *exactly* where and what happens. Usually it's a bad/slow/rejecting/non-caching DNS server, either in resolv.conf or the one you're asking. Or some firewall issues (pyzor etc. come to mind). Cheers, Ronny From ssilva at sgvwater.com Fri Jun 13 19:01:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 13 19:02:08 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> References: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> Message-ID: ... > > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > Our userbase means that over 99% of emails sent through the server are > *not* spam, so any limiting of the emails reaching the MTA would not help. > So if 99% of your mail isn't spam, then why bother using spamassassin? I would dare to say that 65 - 75% of the mail that "attempts" delivery here IS spam. Some days it is over 90%, especially on the weekends when we get very little legit mail. > >Yet on the other hand, if the 15.000 mails a day that your server scans > >are mostly ham, this will not help. So please enlarge a bit on the > >problem itself. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080613/16c8cd4a/signature.bin From MailScanner at ecs.soton.ac.uk Fri Jun 13 19:28:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 19:28:24 2008 Subject: Health update Message-ID: <4852BC3D.3050802@ecs.soton.ac.uk> Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Fri Jun 13 19:35:29 2008 From: lhaig at haigmail.com (lhaig-haigmail.com) Date: Fri Jun 13 19:35:39 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <08172625a4948c021dedb756390afdcf@haigmail.com> Great news Julian, You will be in my families thoughts and prayers Lance On Fri, 13 Jun 2008 19:28:13 +0100, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Fri Jun 13 19:40:20 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Jun 13 19:40:42 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806131440.20631.dyioulos@firstbhph.com> On Friday 13 June 2008 2:28 pm, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > Jules, As if you needed to ask - wishing you the very best! Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkercher at nfsmith.com Fri Jun 13 19:40:13 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Fri Jun 13 19:40:55 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50D8F@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, June 13, 2008 1:28 PM To: MailScanner discussion Subject: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- Best of luck to you! Too bad you can't put a liver on your Amazon Wish List!!! Mike From igueths at lava-net.com Fri Jun 13 19:54:09 2008 From: igueths at lava-net.com (Igor Gueths) Date: Fri Jun 13 19:45:06 2008 Subject: Health update In-Reply-To: <08172625a4948c021dedb756390afdcf@haigmail.com> References: <4852BC3D.3050802@ecs.soton.ac.uk> <08172625a4948c021dedb756390afdcf@haigmail.com> Message-ID: <20080613185409.GA11287@lava-net.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Julian. I wish you the best of luck with your liver transplant. On Fri, Jun 13, 2008 at 02:35:29PM -0400, lhaig-haigmail.com wrote: > Great news Julian, > > You will be in my families thoughts and prayers > > Lance > > On Fri, 13 Jun 2008 19:28:13 +0100, Julian Field > wrote: > > Folks, > > > > Just wanted to let you know that, as soon as I send back the consent > > forms, I am officially on the waiting list for a liver transplant. > > No holidays or anything now until I get my call... > > > > Fortunately, I have grown a new vein in the last few months that means I > > will just need a new liver and not a small bowel as well, which > > significantly improves my survival chances. This is very good news :-) > > > > Wish me luck! > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > - -- Igor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iQIVAwUBSFLCUae2pgKIdGq4AQrnKxAAgHgk4nOUZijVg4yMl3ooRb7ac6+tft7S Rf5VZEnr/1n5ulE3zh9ibi6wpsSc4JE6FkSIdVMjBIm16DHKuhKYxuTZbjKcQ48J c+04/8u2YWP0SBFlXeDHMFp3fKJq3QpP9LRC1use0tDQaB8LGrEovlq2dYZRrUAu IYT4MmOzuCqJMW8xVb4eW1sL0FG0CO1P/g+zklkKCiPpxEdJk1/oWT06yETHDvTa aaDgkY4saN+ck2hul1QyAafNdu0CED9SkO+kC6drfGltZaKBLnl2Ob9ApYT77g5X KQcojWX000NKPMOZRBXpu/LEGfmhNl7ekVP2/b0M3CJbxlogVP9vIePRuJonFWlJ gJ0jw2V8cZRp185Qt8ZbSN9xXqqNsJdR3NCJbi9QwCcNgjFza0791vy7nYfo3i2M DD0LIRGyXMc6WulfEzcxf8QkRvtHmVJBjuCcieDZej1BOdSy8DCeThPbPIAeE20d LfUp3TPbf0vQ9QF6zKHqEEayY5oUn1blBGEltudJsZUG3P7XxQz9G3eEFYQzaX4X slwCAkgp2mT+2UFI+LgT068d3lYA+9Sj/g++064Yw1mald4k2pbciDGyUIykdAW5 M/MyEc4KkuKvpJS6sPTUN/KA+HikEZ6aTzCNNOMtTzZWGeharyQgzBsQLuLBMAmW KV262GUkCs8= =32W7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 13 19:50:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 13 19:50:53 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <223f97700806131150w4cc5db6eub2779b2e6cb7fd9b@mail.gmail.com> 2008/6/13 Julian Field : > Folks, > > Just wanted to let you know that, as soon as I send back the consent forms, > I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Cool! I'll be keeping my fingers crossed that you'll very soon be switching from painkillers to Azatioprin (the stuff I'm on... For CD and transplantees:-)....!!!!:-) Cheers! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Fri Jun 13 19:50:47 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 13 19:51:00 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that > means I will just need a new liver and not a small bowel as well, > which significantly improves my survival chances. This is very good > news :-) > > Wish me luck! Great news (I think) Jules - you'll be in my thoughts & prayers... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ka at pacific.net Fri Jun 13 19:51:55 2008 From: ka at pacific.net (Ken A) Date: Fri Jun 13 19:51:46 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852C1CB.6050701@pacific.net> Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Wishing you a speedy match, and recovery! Ken -- Ken Anderson Pacific.Net From ajcartmell at fonant.com Fri Jun 13 20:13:16 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Jun 13 20:13:25 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: > Fortunately, I have grown a new vein in the last few months Nice one! > Wish me luck! The best of luck! Anthony -- www.fonant.com - Quality web sites From rob at kettle.org.uk Fri Jun 13 20:19:54 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Fri Jun 13 20:20:14 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852C85A.6000104@kettle.org.uk> From someone who doesn't post on here very much but does appreciate all your hard work... Best of luck. We'll be thinking if you. ... and make sure you take time to recover even if MailScanner has to wait a while. It's not as important as your health :) Rob Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martyn at invictawiz.com Fri Jun 13 20:40:06 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Fri Jun 13 20:40:34 2008 Subject: Health Update Message-ID: <4852CD16.9030408@invictawiz.com> My best wishes go to you as well Julian. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From lists at tatorz.com Fri Jun 13 21:20:50 2008 From: lists at tatorz.com (Brian) Date: Fri Jun 13 21:21:05 2008 Subject: Health update In-Reply-To: <4852C1CB.6050701@pacific.net> References: <4852BC3D.3050802@ecs.soton.ac.uk> <4852C1CB.6050701@pacific.net> Message-ID: <4619.192.168.1.2.1213388450.squirrel@mail.tatorz.com> On Fri, June 13, 2008 2:51 pm, Ken A wrote: > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that means I >> will just need a new liver and not a small bowel as well, which >> significantly improves my survival chances. This is very good news :-) >> >> Wish me luck! >> >> Jules >> Best of Luck to you and your family. Brian. -- This message has been scanned for viruses and dangerous content by Tatorz MailScanner, and is believed to be clean. From bamcomp at yahoo.com Fri Jun 13 21:22:24 2008 From: bamcomp at yahoo.com (Brett Moss) Date: Fri Jun 13 21:22:35 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <459742.15165.qm@web30001.mail.mud.yahoo.com> --- Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send > back the consent > forms, I am officially on the waiting list for a > liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few > months that means I > will just need a new liver and not a small bowel as > well, which > significantly improves my survival chances. This is > very good news :-) > > Wish me luck! > > Jules Jules, I wish you a quick and solid match, and an easy and speedy recovery. Brett From Carl.Andrews at crackerbarrel.com Fri Jun 13 22:00:25 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Fri Jun 13 22:00:38 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Good Luck!! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, June 13, 2008 1:28 PM To: MailScanner discussion Subject: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Fri Jun 13 22:13:55 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Jun 13 22:14:15 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> At 02:28 PM 6/13/2008, you wrote: >Folks, > >Just wanted to let you know that, as soon as I send back the consent >forms, I am officially on the waiting list for a liver transplant. >No holidays or anything now until I get my call... Hello Julian, I wish you a short queue! BTW, I am an organ donor and suggest everyone else on this group CONSIDER what a great gift organ donation can be to the individual recipient and all the people associated with them. Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 13 22:20:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 13 22:20:26 2008 Subject: Health update In-Reply-To: <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> Message-ID: <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> 2008/6/13 dnsadmin 1bigthink.com : > At 02:28 PM 6/13/2008, you wrote: >> >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... > > > Hello Julian, > > I wish you a short queue! BTW, I am an organ donor and suggest everyone else > on this group CONSIDER what a great gift organ donation can be to the > individual recipient and all the people associated with them. > > Cheers, > Glenn > Same here... Well. Haven't donated any organs (yet), and some of them are really shoddy... But I do carry my donor card with me at all times... Who knows when time is up?! It's an easy decision (was for me at least:-), and easier still thing to do. The only down-side of Jules getting better ... Someone will actually have to pass on... Oh well, that's life I guess. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From christian at columbiafuels.com Fri Jun 13 22:25:36 2008 From: christian at columbiafuels.com (Christian Rasmussen) Date: Fri Jun 13 22:26:17 2008 Subject: Health update In-Reply-To: <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> I've been a sysadmin for so long I don't think anyone would have much use for my liver. Julian good luck! Our prayers are with you for a speedy turnaround. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, June 13, 2008 2:20 PM To: MailScanner discussion Subject: Re: Health update 2008/6/13 dnsadmin 1bigthink.com : > At 02:28 PM 6/13/2008, you wrote: >> >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... > > > Hello Julian, > > I wish you a short queue! BTW, I am an organ donor and suggest everyone else > on this group CONSIDER what a great gift organ donation can be to the > individual recipient and all the people associated with them. > > Cheers, > Glenn > Same here... Well. Haven't donated any organs (yet), and some of them are really shoddy... But I do carry my donor card with me at all times... Who knows when time is up?! It's an easy decision (was for me at least:-), and easier still thing to do. The only down-side of Jules getting better ... Someone will actually have to pass on... Oh well, that's life I guess. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bbdokken at dokkenengineering.com Fri Jun 13 22:36:08 2008 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Fri Jun 13 22:33:44 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <5A3FEF92FC07F34B9EE30C0D13957164A86D23@monarchs.dokkenengineering.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Friday, June 13, 2008 11:28 AM > To: MailScanner discussion > Subject: Health update > > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months > that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Julian, that sounds like good news. Our thoughts, prayers and best wishes are all with you. Brad From lists at designmedia.com Fri Jun 13 22:42:15 2008 From: lists at designmedia.com (Henry Kwan) Date: Fri Jun 13 22:42:33 2008 Subject: Health update References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Julian Field ecs.soton.ac.uk> writes: > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news > > Wish me luck! Wow, I didn't realize this was the situation. Best of wishes for a quick callback from the waiting list! --Henry From ms-list at alexb.ch Fri Jun 13 22:54:11 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jun 13 22:54:25 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852EC83.9080108@alexb.ch> On 6/13/2008 8:28 PM, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! We're all wishing you more than that. Alex From mailscanner at yeticomputers.com Sat Jun 14 03:34:20 2008 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sat Jun 14 03:34:47 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48532E2C.4090108@yeticomputers.com> Best wishes, Julian. Did the vein spontaneously grow, or was there a treatment that encouraged it? In any case, it's good news. :) Good luck! Rick Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > From mi6 at orcon.net.nz Sat Jun 14 03:49:05 2008 From: mi6 at orcon.net.nz (Charlie) Date: Sat Jun 14 03:49:19 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > Our userbase means that over 99% of emails sent through the server are > *not* spam, so any limiting of the emails reaching the MTA would not help. > >So if 99% of your mail isn't spam, then why bother using >spamassassin? >I would dare to say that 65 - 75% of the mail that "attempts" delivery >here IS >spam. Some days it is over 90%, especially on the weekends when >we get very >little legit mail. The reason I wanted to catch the 1% that is spam is so the server doesn't get blacklisted. People are paying money for the service, hence I need to pay more attention to making sure it stays off blacklists than if I was just an ISP offering a free service. I'll try all the suggestions on Monday and provide an update then - thanks for all the assistance! From Robert.Meurlin at se.fujitsu.com Sat Jun 14 06:08:58 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 06:09:43 2008 Subject: mailscanner dont process email at all Message-ID: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> We had a stop yesterday lunchtime on one of our mailservers that the incoming increased and increased Incomming: Total requests: 6281 I have update to the latest MailScanner, Clamav, Spamassassin but every email I just "stat=queued" sendmail-in[13003]: m5DDRKrY013003: from=, size=2513, class=0, nrcpts=1, msgid=<20080615140124.C90014EF28A@wz.com>, proto=SMTP, daemon=MTA, relay=[61.149.129.36] Jun 13 15:27:28 sendmail-in[13003]: m5DDRKrY013003: to=, delay=00:00:02, mailer=esmtp, pri=32513, stat=queued I Have looked at almost every log and there is no anything really on that time yesterday when it happened. The only strange is this did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA from a new security system which sending out email trough this. I have no problem Telnet'ing to this mailserver and all MailScanner etc processes and ports are up. Do anyone have som ide's? Rob. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080614/297d5357/attachment.html From james at gray.net.au Sat Jun 14 07:59:02 2008 From: james at gray.net.au (James Gray) Date: Sat Jun 14 07:59:17 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Hi Jules, Good and bad news I guess :-/ It is my hope and prayer that you are called very soon for a new liver and can put this whole episode behind you. If it's any comfort, a good friend of mine had a heart transplant about 5 years ago and is going from strength to strength. His recovery (and prospects without a transplant) prompted my wife and I to go on the organ donor list here in Oz. On top I that, I regularly donate blood and am on the marrow donor and partial liver donor list as well! If you were in Oz, and could have half my liver, I'd gladly let you have it...if for no other reason than to see you keep sticking it to the spammers!! All the best Jules; I'll be praying for you on the other side of the globe. Cheers, James From hvdkooij at vanderkooij.org Sat Jun 14 08:14:28 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 14 08:14:37 2008 Subject: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> Message-ID: <48536FD4.4090300@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- From Robert.Meurlin at se.fujitsu.com Sat Jun 14 09:12:37 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 09:13:30 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <48536FD4.4090300@vanderkooij.org> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> <48536FD4.4090300@vanderkooij.org> Message-ID: <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> Yes have looked at that the only odd thing i see is "nagios_server did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" from a new server (nagios with postfix settings) we installed on Wednesday. I also fixed envelope_sender_header as it complained MailScanner --lint Trying to setlogsock(unix) Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.69.9) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor don't think pyzor and unrar is the problem as it just seems to skip that lines. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Hugo van der Kooij Skickat: den 14 juni 2008 09:14 Till: MailScanner discussion ?mne: Re: mailscanner dont process email at all -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 14 09:15:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 14 09:15:26 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48537E0C.1020903@ecs.soton.ac.uk> Rick Chadderdon wrote: > Best wishes, Julian. Did the vein spontaneously grow, or was there a > treatment that encouraged it? In any case, it's good news. :) The vein grew entirely on its own :-) Any I would like to offer my thanks to all of you for your wonderful comments and best wishes, it really helps! Thank you! Jules. > > Good luck! > > Rick > > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that >> means I will just need a new liver and not a small bowel as well, >> which significantly improves my survival chances. This is very good >> news :-) >> >> Wish me luck! >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at technologytiger.net Sat Jun 14 09:15:51 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sat Jun 14 09:16:11 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: On 13 Jun 2008, at 19:28, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... Let's hope that's not too long. > Fortunately, I have grown a new vein in the last few months that > means I will just need a new liver and not a small bowel as well, > which significantly improves my survival chances. This is very good > news :-) Excellent news. Isn't the human body quite remarkable some times? > Wish me luck! Naturally! I'm not sure I can say more than others already have, so I won't but take it as read I wish you 'what they said'. Good luck! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ben.tisdall at photobox.com Sat Jun 14 09:37:29 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Sat Jun 14 09:37:52 2008 Subject: Health Update In-Reply-To: <4852CD16.9030408@invictawiz.com> References: <4852CD16.9030408@invictawiz.com> Message-ID: <48538349.2030109@photobox.com> All the best Julian. -- Ben Tisdall Linux Systems Administrator | www.photobox.com From uxbod at splatnix.net Sat Jun 14 09:40:30 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Jun 14 09:40:46 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> All the best Jules ... Wish you a short wait and a very speedy recovery ... Make sure the nice nurse keeps your laptop well out of reach! Best Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news > :-) > > Wish me luck! > > Jules -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From x72m35 at gmail.com Sat Jun 14 10:24:33 2008 From: x72m35 at gmail.com (Lasantha Marian) Date: Sat Jun 14 10:23:55 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48538E51.9010001@gmail.com> Julian, It is a good news to hear that you are going to get patched. :-) I wish and pray for your speedy selection for the treatment and recovery thereafter. Cheers, Lasantha. *----- Original Message -----* *Subject:* Health update *Date:* Fri, 13/Jun/2008 11:58:13 PM +0550 *From:* Julian Field *To:* MailScanner discussion > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080614/77481971/attachment.html From telecaadmin at gmail.com Sat Jun 14 12:18:39 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Sat Jun 14 12:20:53 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4853A90F.30305@gmail.com> Cheers Julian, and all the best for your recreation afterwards! And for once don't constantly patch around in MailScanner, but take some time off for yourself :) From lszabo at ntlworld.com Sat Jun 14 12:57:09 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Sat Jun 14 12:57:32 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <1213444629.3713.20.camel@CentOS51.localdomain> Hi Julian! I know how you feel and what you think now because I had a bloody cancer 5 years ago. So I really can imagine your day to day life. I had two operation and chemo therapy(service pack/update, cut out parts) etc... :) I needed to recover about 2, 2.5 years. Unfortunately we can't get repair our bodies with update/patch as a computer. :( You will get through on all and you will be better! Best of luck to you! Laszlo IT CROWD: "Hello IT. Have you tried turning it off and on again?" On Fri, 2008-06-13 at 19:28 +0100, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From alex at nkpanama.com Sat Jun 14 14:01:22 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 14 14:02:04 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806141302.m5ED1r1h020271@safir.blacknight.ie> I'm already registered as an organ donor, but I'll recheck all the paperwork just in case anything else needs to be done. Good luck, Jules! If you miss any of your TV shows let me know so I can get them to you... From Robert.Meurlin at se.fujitsu.com Sat Jun 14 17:32:18 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 17:33:15 2008 Subject: SV: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <797363C57EE0884786F428AAABCD469201490DDA@sea0120sex2.nordic.x> Hope it gets well for you Julian, you are a terrific bloke. And not everything is computer things. Best wishes Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 13 juni 2008 20:28 Till: MailScanner discussion ?mne: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Sun Jun 15 00:04:44 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jun 15 00:04:55 2008 Subject: New address Message-ID: <95B80E3F-B0DD-4282-996B-83531805E621@rtpty.com> Hi guys, just a quick address change notification, that's all. Expect the same quality comments from time to time, as well as a helping hand whenever a question pops up that I might be able to help with. That and the occasional reminder that MailScanner causes swapping!!! Cheers, Alex Neuman From alex at rtpty.com Sun Jun 15 02:15:43 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jun 15 02:15:52 2008 Subject: Testing Message-ID: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> Hi... Please disregard ... Sent from my iPhone From ssilva at sgvwater.com Sun Jun 15 17:58:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Jun 15 17:59:28 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: on 6-13-2008 11:28 AM Julian Field spake the following: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > All the best to you Julian, we will all be pulling for you! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/955328aa/signature.bin From submit at zuka.net Sun Jun 15 22:03:47 2008 From: submit at zuka.net (Dave Filchak) Date: Sun Jun 15 22:04:06 2008 Subject: Upgrade problems Message-ID: <485583B3.5090801@zuka.net> I searched the archives but for some reason never got much that helped back. I have been getting the following error in my logs: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . I tried restarting but no love there. So I thought I would try to update clamd (which is configured properly in MailScanner.conf. I am still getting the error about and, when I run freshclam, I get the following: ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. WARNING: Clamd was NOT notified: Can't find or parse configuration file /usr/local/etc/clamd.conf The clamd.conf is where it is supposed to be and is owned by root. I did try to change the ownership to clamav but that did not help. I tried renaming the daily and mail cvd files and downloaded fresh copies but again ... no change. I apologize if this has been discussed earlier but I really did not get much back from my search of the archives ... or from Google either for that matter. Here is my config: [root@#### ~]# MailScanner -V Running on Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.63.8 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.77 Mail::Header 1.87 Math::BigInt 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.74 Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.58 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder missing ExtUtils::ParseXS 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country 0.17 Mail::ClamAV 3.002003 Mail::SpamAssassin missing Mail::SPF 1.997 Mail::SPF::Query 0.20 Math::BigRat 0.2808 Module::Build 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.65 YAML Any help would be appreciated. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/d837e3f2/attachment.html From rich at mail.wvnet.edu Sun Jun 15 22:15:29 2008 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun Jun 15 22:15:41 2008 Subject: Upgrade problems In-Reply-To: References: Message-ID: <48558671.4050503@mail.wvnet.edu> That option was discontinued in later versions of ClamAV (0.93+ I believe). Edit your clamd.conf file and remove it or comment it out. Mine is located at... /usr/local/etc/clamd.conf Richard Lynch WVNET Dave Filchak wrote: > I searched the archives but for some reason never got much that helped > back. I have been getting the following error in my logs: > > Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON > :: . > > I tried restarting but no love there. So I thought I would try to > update clamd (which is configured properly in MailScanner.conf. > > I am still getting the error about and, when I run freshclam, I get > the following: > > ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. > WARNING: Clamd was NOT notified: Can't find or parse configuration > file /usr/local/etc/clamd.conf > > The clamd.conf is where it is supposed to be and is owned by root. I > did try to change the ownership to clamav but that did not help. I > tried renaming the daily and mail cvd files and downloaded fresh > copies but again ... no change. > > I apologize if this has been discussed earlier but I really did not > get much back from my search of the archives ... or from Google either > for that matter. > > Here is my config: > > [root@#### ~]# MailScanner -V > Running on > Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 > i686 i686 i386 GNU/Linux > This is CentOS release 4.1 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.63.8 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.18 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.77 Mail::Header > 1.87 Math::BigInt > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.74 Business::ISBN > missing Business::ISBN::Data > 0.17 Convert::TNEF > missing Data::Dump > 1.809 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > missing Encode::Detect > missing Error > 0.19 ExtUtils::CBuilder > missing ExtUtils::ParseXS > 0.44 Inline > 1.06 IO::String > 1.04 IO::Zlib > 2.20 IP::Country > 0.17 Mail::ClamAV > 3.002003 Mail::SpamAssassin > missing Mail::SPF > 1.997 Mail::SPF::Query > 0.20 Math::BigRat > 0.2808 Module::Build > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::DNS::Resolver::Programmable > missing Net::LDAP > missing NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > missing version > 0.65 YAML > > Any help would be appreciated. > > Dave > > -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/e5546f9d/attachment.html From drew.marshall at technologytiger.net Sun Jun 15 22:52:53 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sun Jun 15 22:53:06 2008 Subject: Testing In-Reply-To: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> References: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> Message-ID: <4114004F-E289-438E-A0DA-BC56819A4D79@technologytiger.net> On 15 Jun 2008, at 02:15, Alex Neuman wrote: > Sent from my iPhone But not one of the 3G ones (Yet!) -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From rcooper at dwford.com Mon Jun 16 01:08:37 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 16 01:08:52 2008 Subject: Upgrade problems In-Reply-To: <485583B3.5090801@zuka.net> References: <485583B3.5090801@zuka.net> Message-ID: _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Filchak Sent: Sunday, June 15, 2008 5:04 PM To: mailscanner@lists.mailscanner.info Subject: Upgrade problems I searched the archives but for some reason never got much that helped back. I have been getting the following error in my logs: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . [Rick Cooper] Is clamd actually running? If so make sure the socket/port in MailScanner.conf is correct. There is a reason clamd cannot be reached. I tried restarting but no love there. So I thought I would try to update clamd (which is configured properly in MailScanner.conf. I am still getting the error about and, when I run freshclam, I get the following: ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. WARNING: Clamd was NOT notified: Can't find or parse configuration file /usr/local/etc/clamd.conf [Rick Cooper] Make sure your config only has the options of the latest clamd. There were several config options changed/replaced in the latest version. Also. make sure you haven't installed two versions side by side, which can and has happend (with diffrent install prefixes) The clamd.conf is where it is supposed to be and is owned by root. I did try to change the ownership to clamav but that did not help. I tried renaming the daily and mail cvd files and downloaded fresh copies but again ... no change. I apologize if this has been discussed earlier but I really did not get much back from my search of the archives ... or from Google either for that matter. Here is my config: [root@#### ~]# MailScanner -V Running on Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.63.8 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.77 Mail::Header 1.87 Math::BigInt 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.74 Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.58 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder missing ExtUtils::ParseXS 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country 0.17 Mail::ClamAV 3.002003 Mail::SpamAssassin missing Mail::SPF 1.997 Mail::SPF::Query 0.20 Math::BigRat 0.2808 Module::Build 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.65 YAML Any help would be appreciated. Dave -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/ae17e353/attachment.html From lists at designmedia.com Mon Jun 16 02:26:33 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 02:26:56 2008 Subject: What "Other Checks" problems? Message-ID: Hi, When I run --lint, MailScanner says that there is 1 problems (sic) found in "Other Checks". What might this be? Is it simply referring to the fact that it found something that the virus scanner tagged? Thanks. Below is the virus/content section from --lint: =========================================================================== Virus and Content Scanning: Starting /var/spool/MailScanner/incoming/11290/./1.message: Eicar-Test-Signature FOUND /var/spool/MailScanner/incoming/11290/./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1 came from 192.168.1.1 Infected message 1.message came from Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From edward at tdcs.com.au Mon Jun 16 02:37:20 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Mon Jun 16 02:38:43 2008 Subject: What "Other Checks" problems? In-Reply-To: References: Message-ID: > Hi, > > When I run --lint, MailScanner says that there is 1 problems (sic) > found in > "Other Checks". What might this be? Is it simply referring to the > fact that it > found something that the virus scanner tagged? > > Thanks. I believe that is completely expected behaviour. I think if you're NOT seeing that you have a problem. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mi6 at orcon.net.nz Mon Jun 16 04:41:03 2008 From: mi6 at orcon.net.nz (Charlie) Date: Mon Jun 16 04:41:17 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> By the way, my CPU is Pentium 4, 2.4GHz and there is 1GB of RAM. Emails are now taking 2-5 seconds to scan - is this normal for this configuration? We've disabled spam checking on emails larger than 40KB and that helped a great deal. Server's details: # free total used free shared buffers cached Mem: 1028576 835056 193520 0 117124 264136 -/+ buffers/cache: 453796 574780 Swap: 996020 21148 974872 # uptime 03:34:13 up 222 days, 45 min, 2 users, load average: 1.12, 0.71, 0.43 # cat /proc/meminfo MemTotal: 1028576 kB MemFree: 182964 kB Buffers: 116612 kB Cached: 263300 kB SwapCached: 3028 kB Active: 624508 kB Inactive: 175076 kB HighTotal: 122856 kB HighFree: 236 kB LowTotal: 905720 kB LowFree: 182728 kB SwapTotal: 996020 kB SwapFree: 974872 kB Dirty: 364 kB Writeback: 0 kB AnonPages: 419628 kB Mapped: 25792 kB Slab: 38296 kB PageTables: 2372 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 1510308 kB Committed_AS: 815640 kB VmallocTotal: 114680 kB VmallocUsed: 2676 kB VmallocChunk: 111648 kB # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Pentium(R) 4 CPU 2.40GHz stepping : 7 cpu MHz : 2405.624 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up cid bogomips : 4815.03 From Robert.Meurlin at se.fujitsu.com Mon Jun 16 06:43:55 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon Jun 16 06:45:05 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> Message-ID: <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> Does anyone have more ides? Have looked at everything I can think of. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Meurlin Robert Skickat: den 14 juni 2008 10:13 Till: MailScanner discussion ?mne: SV: mailscanner dont process email at all Yes have looked at that the only odd thing i see is "nagios_server did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" from a new server (nagios with postfix settings) we installed on Wednesday. I also fixed envelope_sender_header as it complained MailScanner --lint Trying to setlogsock(unix) Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.69.9) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor don't think pyzor and unrar is the problem as it just seems to skip that lines. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Hugo van der Kooij Skickat: den 14 juni 2008 09:14 Till: MailScanner discussion ?mne: Re: mailscanner dont process email at all -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailwatch.kp at gmail.com Mon Jun 16 07:32:42 2008 From: mailwatch.kp at gmail.com (vinayan KP) Date: Mon Jun 16 07:32:55 2008 Subject: Re Help with spamassassin+mailscanner Message-ID: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> Sir, I sent the following reply 12 days back and I was wondering why I was not getting any reply. Noticed the bounced messages saying my mail exceeded the limit and I guess it was because of the attachement to show how my existing mailscanner before my posftix server. Hope some one will have time to go through it and guide me... Regards Vinau ---------- Forwarded message ---------- From: vinayan KP Date: Thu, Jun 5, 2008 at 3:59 PM Subject: Re: Help with spamassassin+mailscanner To: MailScanner discussion Sir, Sorry for the delayed response. I could work on the issue only day before afte I received your suggestions and I did the fillowing as per your mails. But still Mails with low SA Score gets through as clean mail. (I get to knwo this because of the following : For us the mails are received by a system that runs mailscanner, which was installed more than 4 years back by a private party and they charge for configuring and maintaining it. Earlier we were using a qmail system and the private party could not configure mailscanner for qmail on the mail server (again managed by another private party on contract). So they installed it on a separate system which would receive all the mails for our domain and do the spam check, tag the subject line and then forward it to the mail server. This old mailscanner still works well and catches low and high scoring mails properly. About 18 months back the old qmail server had a problem and I installed a new mail server using postfix. Now the old mailscanner system is started showing problems which made me to install mailscanner, clamave and spamassassin on the new postfix server. My new mailscanner on the new postfix (for which i am asking my doubts) system catchs only those mails where SA score is > Required SpamAssassin Score (i set is as 3). But I can see the old mailscanner catches mails where SA score is < Required SpamAssassin Score = 3 and tags it as {Spam?} and when that mails reaches the new postfix server, the mailscanner on it lets the mail go as clean!!! I am attaching a screen shot of the mailwatch which shows this). I did the followign as per your mail: (1) Installed pysor ------------------------------------------------------------------------------------------------------------------------------------ (2) set the bays path and permissions: I set the bayes_pasth in /etc/MailScanner/spam.assassin.prefs.conf and restarted spamd and MailScanner: bayes_path /var/spool/MailScanner/spamassassin/bayes This created the bayes_* files in /var/spool/MailScanner/spamassassin/ and the permissions are ass follows, where spamassing is run by spamuser : mail:/var/spool/MailScanner # ls -l total 12 drwx------ 7 postfix postfix 4096 Jun 5 14:30 incoming drwx------ 113 postfix www 4096 Jun 5 06:14 quarantine drwxr-xr-x 2 postfix postfix 4096 Jun 4 15:49 spamassassin mail:/var/spool/MailScanner/spamassassin # ls -l total 11732 -rw------- 1 spamuser postfix 1134 Jun 5 14:30 bayes.mutex -rw-rw---- 1 spamuser postfix 104928 Jun 5 14:30 bayes_journal -rw------- 1 spamuser postfix 10416128 Jun 5 13:59 bayes_seen -rw-rw---- 1 spamuser postfix 5455872 Jun 5 14:30 bayes_toks ------------------------------------------------------------------------------------------------------------------------------------ (3) Trained spamassassin+mailscaner Ran the sa-learn as follows : mail:/ # sa-learn --no-sync --spam /home/user1/Maildir/.spam/cur/ Learned tokens from 1388 message(s) (1388 message(s) examined) mail:/ # sa-learn --no-sync --ham /home/user1/Maildir/cur/ Learned tokens from 438 message(s) (459 message(s) examined) ------------------------------------------------------------------------------------------------------------------------------------ Ran spamassassin -D - - lint and didnt show any error or warning : mail:/etc/MailScanner # spamassassin -D --lint [23477] dbg: logger: adding facilities: all [23477] dbg: logger: logging level is DBG [23477] dbg: generic: SpamAssassin version 3.1.6 [23477] dbg: config: score set 0 chosen. [23477] dbg: util: running in taint mode? yes [23477] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [23477] dbg: util: PATH included '/sbin', keeping [23477] dbg: util: PATH included '/usr/sbin', keeping [23477] dbg: util: PATH included '/usr/local/sbin', keeping [23477] dbg: util: PATH included '/opt/gnome/sbin', keeping [23477] dbg: util: PATH included '/root/bin', keeping [23477] dbg: util: PATH included '/usr/local/bin', keeping [23477] dbg: util: PATH included '/usr/bin', keeping [23477] dbg: util: PATH included '/usr/X11R6/bin', keeping [23477] dbg: util: PATH included '/bin', keeping [23477] dbg: util: PATH included '/usr/games', keeping [23477] dbg: util: PATH included '/opt/gnome/bin', keeping [23477] dbg: util: PATH included '/opt/kde3/bin', keeping [23477] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping [23477] dbg: util: PATH included '/usr/lib/mit/bin', keeping [23477] dbg: util: PATH included '/usr/lib/mit/sbin', keeping [23477] dbg: util: PATH included '/usr/lib/qt3/bin', keeping [23477] dbg: util: final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin [23477] dbg: message: ---- MIME PARSER START ---- [23477] dbg: message: main message type: text/plain [23477] dbg: message: parsing normal part [23477] dbg: message: added part, type: text/plain [23477] dbg: message: ---- MIME PARSER END ---- [23477] dbg: dns: is Net::DNS::Resolver available? yes [23477] dbg: dns: Net::DNS version: 0.59 [23477] dbg: diag: perl platform: 5.008008 linux [23477] dbg: diag: module installed: Digest::SHA1, version 2.11 [23477] dbg: diag: module installed: HTML::Parser, version 3.55 [23477] dbg: diag: module installed: MIME::Base64, version 3.07 [23477] dbg: diag: module installed: DB_File, version 1.814 [23477] dbg: diag: module installed: Net::DNS, version 0.59 [23477] dbg: diag: module installed: Net::SMTP, version 2.29 [23477] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) [23477] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [23477] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [23477] dbg: diag: module not installed: Net::Ident ('require' failed) [23477] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [23477] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [23477] dbg: diag: module installed: Time::HiRes, version 1.86 [23477] dbg: diag: module installed: DBI, version 1.52 [23477] dbg: diag: module installed: Getopt::Long, version 2.35 [23477] dbg: diag: module installed: LWP::UserAgent, version 2.033 [23477] dbg: diag: module installed: HTTP::Date, version 1.47 [23477] dbg: diag: module installed: Archive::Tar, version 1.30 [23477] dbg: diag: module installed: IO::Zlib, version 1.04 [23477] dbg: ignore: using a test message to lint rules [23477] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [23477] dbg: config: read file /etc/mail/spamassassin/init.pre [23477] dbg: config: read file /etc/mail/spamassassin/v310.pre [23477] dbg: config: read file /etc/mail/spamassassin/v312.pre [23477] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [23477] dbg: config: using "/usr/share/spamassassin" for default rules dir [23477] dbg: config: read file /usr/share/spamassassin/10_misc.cf [23477] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [23477] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [23477] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [23477] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [23477] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [23477] dbg: config: read file /usr/share/spamassassin/20_porn.cf [23477] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [23477] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [23477] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [23477] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [23477] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [23477] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [23477] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [23477] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [23477] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [23477] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [23477] dbg: config: read file /usr/share/spamassassin/25_replace.cf [23477] dbg: config: read file /usr/share/spamassassin/25_spf.cf [23477] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [23477] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [23477] dbg: config: read file /usr/share/spamassassin/50_scores.cf [23477] dbg: config: read file /usr/share/spamassassin/60_awl.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [23477] dbg: config: using "/etc/mail/spamassassin" for site rules dir [23477] dbg: config: read file /etc/mail/spamassassin/local.cf [23477] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d728c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa404) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [23477] dbg: pyzor: local tests only, disabling Pyzor [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9110c64) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [23477] dbg: razor2: local tests only, skipping Razor [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcecc) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [23477] dbg: reporter: local tests only, disabling SpamCop [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df794) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a478) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917971c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185ed4) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192b04) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) [23477] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [23477] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [23477] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [23477] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [23477] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) implements 'finish_parsing_end' [23477] dbg: replacetags: replacing tags [23477] dbg: replacetags: done replacing tags [23477] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks [23477] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen [23477] dbg: bayes: found bayes db version 3 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: config: score set 2 chosen. [23477] dbg: message: ---- MIME PARSER START ---- [23477] dbg: message: main message type: text/plain [23477] dbg: message: parsing normal part [23477] dbg: message: added part, type: text/plain [23477] dbg: message: ---- MIME PARSER END ---- [23477] dbg: dns: is DNS available? 0 [23477] dbg: metadata: X-Spam-Relays-Trusted: [23477] dbg: metadata: X-Spam-Relays-Untrusted: [23477] dbg: metadata: X-Spam-Relays-Internal: [23477] dbg: metadata: X-Spam-Relays-External: [23477] dbg: message: no encoding detected [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'parsed_metadata' [23477] dbg: rules: local tests only, ignoring RBL eval [23477] dbg: check: running tests for priority: 0 [23477] dbg: rules: running header regexp tests; score so far=0 [23477] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [23477] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1212657279" [23477] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1212657279@lint_rules> [23477] dbg: rules: " [23477] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [23477] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [23477] dbg: eval: all '*To' addrs: [23477] dbg: rules: ran eval rule NO_RELAYS ======> got hit [23477] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [23477] dbg: rules: running body-text per-line regexp tests; score so far=-0.001 [23477] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [23477] dbg: uri: running uri tests; score so far=-0.001 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: bayes: corpus size: nspam = 32262, nham = 41823 [23477] dbg: bayes: score = 0.155182683190695 [23477] dbg: bayes: DB expiry: tokens in DB: 145489, Expiry max size: 150000, Oldest atime: 1211879603, Newest atime: 1212656437, Last expire: 1212572821, Current time: 1212657280 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: bayes: untie-ing [23477] dbg: bayes: untie-ing db_toks [23477] dbg: bayes: untie-ing db_seen [23477] dbg: rules: ran eval rule BAYES_20 ======> got hit [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.741 [23477] dbg: rules: running full-text regexp tests; score so far=-0.741 [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'check_tick' [23477] dbg: check: running tests for priority: 500 [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'check_post_dnsbl' [23477] dbg: rules: running meta tests; score so far=-0.741 [23477] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [23477] dbg: rules: running header regexp tests; score so far=1.416 [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [23477] dbg: uri: running uri tests; score so far=1.416 [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [23477] dbg: rules: running full-text regexp tests; score so far=1.416 [23477] dbg: check: running tests for priority: 1000 [23477] dbg: rules: running meta tests; score so far=1.416 [23477] dbg: rules: running header regexp tests; score so far=1.416 [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [23477] dbg: uri: running uri tests; score so far=1.416 [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [23477] dbg: rules: running full-text regexp tests; score so far=1.416 [23477] dbg: check: is spam? score=1.416 required=3 [23477] dbg: check: tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [23477] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID --------------------------------------------------------------------------------------------------------------------------------- Then I set the following in /etc/MailScanner/MailScanner.conf and restarted MailScanner: Spam Checks = yes Spam List = spamhaus.org SBL+XBL Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 2 -------------------------------------------------------------------------------------------------------------------------------- My /etc/MailScanner/MailScanner.conf is as follows: %org-name% = < This i am not giving> %org-long-name% = < this i am not giving > %web-site% = www.your-organisation.com %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = postfix Run As Group = postfix Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = root Quarantine Group = www Quarantine Permissions = 0660 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 2 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Allowed Sophos Error Messages = Sophos IDE Dir = /usr/local/Sophos/ide Sophos Lib Dir = /usr/local/Sophos/lib Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 5 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = spamhaus.org SBL+XBL Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 2 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = yes Max SpamAssassin Size = 40k Required SpamAssassin Score = 3 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = &MailWatchLogging Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------------------------------------------------------------------------------------------------------------------------------- My /etc/MailScanner/spam.assassin.prefs.conf is as follows: dns_available yes bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0770 bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information lock_method flock use_auto_whitelist 0 ifplugin Mail::SpamAssassin::Plugin::Pyzor pyzor_path /usr/local/bin/pyzor endif ifplugin Mail::SpamAssassin::Plugin::DCC dcc_path /usr/local/bin/dccproc endif score RCVD_IN_BL_SPAMCOP_NET 4 envelope_sender_header X-MailScanner-From ------------------------------------------------------------------------------------------------------------------------------------- sa-learn --dump magic -D shows the follows: mail:/var/spool/MailScanner/spamassassin # sa-learn --dump magic -D [27360] dbg: logger: adding facilities: all [27360] dbg: logger: logging level is DBG [27360] dbg: generic: SpamAssassin version 3.1.6 [27360] dbg: config: score set 0 chosen. [27360] dbg: util: running in taint mode? yes [27360] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [27360] dbg: util: PATH included '/sbin', keeping [27360] dbg: util: PATH included '/usr/sbin', keeping [27360] dbg: util: PATH included '/usr/local/sbin', keeping [27360] dbg: util: PATH included '/opt/gnome/sbin', keeping [27360] dbg: util: PATH included '/root/bin', keeping [27360] dbg: util: PATH included '/usr/local/bin', keeping [27360] dbg: util: PATH included '/usr/bin', keeping [27360] dbg: util: PATH included '/usr/X11R6/bin', keeping [27360] dbg: util: PATH included '/bin', keeping [27360] dbg: util: PATH included '/usr/games', keeping [27360] dbg: util: PATH included '/opt/gnome/bin', keeping [27360] dbg: util: PATH included '/opt/kde3/bin', keeping [27360] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping [27360] dbg: util: PATH included '/usr/lib/mit/bin', keeping [27360] dbg: util: PATH included '/usr/lib/mit/sbin', keeping [27360] dbg: util: PATH included '/usr/lib/qt3/bin', keeping [27360] dbg: util: final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin [27360] dbg: message: ---- MIME PARSER START ---- [27360] dbg: message: main message type: text/plain [27360] dbg: message: parsing normal part [27360] dbg: message: added part, type: text/plain [27360] dbg: message: ---- MIME PARSER END ---- [27360] dbg: dns: is Net::DNS::Resolver available? yes [27360] dbg: dns: Net::DNS version: 0.59 [27360] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [27360] dbg: config: read file /etc/mail/spamassassin/init.pre [27360] dbg: config: read file /etc/mail/spamassassin/v310.pre [27360] dbg: config: read file /etc/mail/spamassassin/v312.pre [27360] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [27360] dbg: config: using "/usr/share/spamassassin" for default rules dir [27360] dbg: config: read file /usr/share/spamassassin/10_misc.cf [27360] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [27360] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [27360] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [27360] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [27360] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [27360] dbg: config: read file /usr/share/spamassassin/20_porn.cf [27360] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [27360] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [27360] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [27360] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [27360] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [27360] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [27360] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [27360] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [27360] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [27360] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [27360] dbg: config: read file /usr/share/spamassassin/25_replace.cf [27360] dbg: config: read file /usr/share/spamassassin/25_spf.cf [27360] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [27360] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [27360] dbg: config: read file /usr/share/spamassassin/50_scores.cf [27360] dbg: config: read file /usr/share/spamassassin/60_awl.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [27360] dbg: config: using "/etc/mail/spamassassin" for site rules dir [27360] dbg: config: read file /etc/mail/spamassassin/local.cf [27360] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f090) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e115ec) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e34804) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [27360] dbg: pyzor: network tests on, attempting Pyzor [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e3a0bc) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [27360] dbg: razor2: razor2 is not available [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13f68) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [27360] dbg: reporter: network tests on, attempting SpamCop [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3f54) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b2d4) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043ef8) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f50) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052c34) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) [27360] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [27360] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [27360] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [27360] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [27360] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) implements 'finish_parsing_end' [27360] dbg: replacetags: replacing tags [27360] dbg: replacetags: done replacing tags [27360] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks [27360] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen [27360] dbg: bayes: found bayes db version 3 [27360] dbg: bayes: DB journal sync: last sync: 1212657053 [27360] dbg: config: score set 3 chosen. 0.000 0 3 0 non-token data: bayes db version 0.000 0 32262 0 non-token data: nspam 0.000 0 41829 0 non-token data: nham 0.000 0 145597 0 non-token data: ntokens 0.000 0 1211879603 0 non-token data: oldest atime 0.000 0 1212660698 0 non-token data: newest atime 0.000 0 1212657053 0 non-token data: last journal sync atime 0.000 0 1212572821 0 non-token data: last expiry atime 0.000 0 691200 0 non-token data: last expire atime delta 0.000 0 59972 0 non-token data: last expire reduction count [27360] dbg: bayes: untie-ing [27360] dbg: bayes: untie-ing db_toks [27360] dbg: bayes: untie-ing db_seen ------------------------------------------------------------------------------------------------------------------------------------- Please help me so that i can fix my mailscanner to catch low scoring spams. Also please tell me how do i know whether mailscanner is using and checking the lists specified in SPAM LIST. I can not see any error in /var/log/mail. I can see spamd entries getting logged only when our users send mails, not when receiving mails from outside like the following: ----------------------------------------- Jun 5 15:32:39 mail spamd[23430]: spamd: result: . -3 - ALL_TRUSTED,BAYES_00 scantime=0.6,size=2036,user=spamuser,uid=3000,required_score=3.0, rhost=localhost,raddr=127.0.0.1,rport=27589,mid=<1675.122.163.77.164.1212660155. squirrel@mail.econdse.org>,bayes=5.55111512312578e-17,autolearn=ham -------------------------------------------------------------------------------- Hope you would be kind enough to go through my mail and help me out. Regards vinu On Tue, May 27, 2008 at 8:49 PM, Scott Silva wrote: > Comments are inline ... > >> Dear all, >> I am just a beginner to postfix,spamassassin,Mailscanner and >> mailwatch. I recently installed a mail server with the following and >> is working fine except for one problem that mailscanner+spamassassin >> combination is not detecting mails with SA Score lower than the >> Required Spamassassin score ( I use 3) as spam though they are >> definitely spam. The mailscanner+spamassassin combination tags mails >> with SA score greater than the Required Spamassassin score as spam. >> >> postfix.2.3.2-28 >> Spamassassin.3.1.6-15 >> MailScanner 4.58.9 > > All older versions of the software. It might be adding to your problems. >> >> I have been reading different posts on mailscanner and about >> spamassassin to understand why low scoring mails are not detected as >> spam by mailscanner+spamassassin. >> >> The following are the things I could find out . >> >> 1. The headers of mails does not contain "autolearn=spam" in the mail >> header and rest of the fields are there. (See below) >> >> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09, >> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00, >> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12, >> INFO_TLD 1.27) >> >> 2. the /root/.spamassassin folder does not contain any bayes related >> database. > > When running with postfix, MailScanner runs as postfix and cannot access the > /root directory. Maybe you missed some steps in the postfix howtos. > http://www.mailscanner.info/postfix.html and > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > You need the bayes directory somewhere that the postfix user can access. > > Maybe Glenn will chime in here. > > >> >> 3. I could not see anything in /var/log/mail which says mailscanner >> is checking the Spam Lists. >> >> *********************************************** >> When I tried to test the spamassassin configuration with "spamassassin >> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please >> rerun with debug enabled for more information" >> >> Please see the result below. : >> >> >> --------------------------------------------------------------------------------------------- >> mail:/etc/MailScanner # spamassassin -D --lint >> >> [4882] dbg: logger: adding facilities: all >> [4882] dbg: logger: logging level is DBG >> [4882] dbg: generic: SpamAssassin version 3.1.6 >> [4882] dbg: config: score set 0 chosen. >> [4882] dbg: util: running in taint mode? yes >> [4882] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [4882] dbg: util: PATH included '/sbin', keeping >> [4882] dbg: util: PATH included '/usr/sbin', keeping >> [4882] dbg: util: PATH included '/usr/local/sbin', keeping >> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping >> [4882] dbg: util: PATH included '/root/bin', keeping >> [4882] dbg: util: PATH included '/usr/local/bin', keeping >> [4882] dbg: util: PATH included '/usr/bin', keeping >> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping >> [4882] dbg: util: PATH included '/bin', keeping >> [4882] dbg: util: PATH included '/usr/games', keeping >> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping >> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >> [4882] dbg: util: final PATH set to: >> >> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >> [4882] dbg: message: ---- MIME PARSER START ---- >> [4882] dbg: message: main message type: text/plain >> [4882] dbg: message: parsing normal part >> [4882] dbg: message: added part, type: text/plain >> [4882] dbg: message: ---- MIME PARSER END ---- >> [4882] dbg: dns: is Net::DNS::Resolver available? yes >> [4882] dbg: dns: Net::DNS version: 0.59 >> [4882] dbg: diag: perl platform: 5.008008 linux >> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [4882] dbg: diag: module installed: HTML::Parser, version 3.55 >> [4882] dbg: diag: module installed: MIME::Base64, version 3.07 >> [4882] dbg: diag: module installed: DB_File, version 1.814 >> [4882] dbg: diag: module installed: Net::DNS, version 0.59 >> [4882] dbg: diag: module installed: Net::SMTP, version 2.29 >> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require' >> failed) >> [4882] dbg: diag: module not installed: IP::Country::Fast ('require' >> failed) >> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' >> failed) >> [4882] dbg: diag: module not installed: Net::Ident ('require' failed) >> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' >> failed) >> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >> [4882] dbg: diag: module installed: Time::HiRes, version 1.86 >> [4882] dbg: diag: module installed: DBI, version 1.52 >> [4882] dbg: diag: module installed: Getopt::Long, version 2.35 >> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [4882] dbg: diag: module installed: HTTP::Date, version 1.47 >> [4882] dbg: diag: module installed: Archive::Tar, version 1.30 >> [4882] dbg: diag: module installed: IO::Zlib, version 1.04 >> [4882] dbg: ignore: using a test message to lint rules >> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre >> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir >> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [4882] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >> [4882] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf >> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >> [4882] dbg: pyzor: local tests only, disabling Pyzor >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >> [4882] dbg: razor2: local tests only, skipping Razor >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >> [4882] dbg: reporter: local tests only, disabling SpamCop >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8) >> [4882] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c) >> [4882] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >> @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >> @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >> [4882] dbg: config: adding redirector regex: >> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >> [4882] dbg: config: adding redirector regex: >> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [4882] warn: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements >> 'finish_parsing_end' >> [4882] dbg: replacetags: replacing tags >> [4882] dbg: replacetags: done replacing tags >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks > > Here is your error. Mailscanner running as postfix cannot access /root > directory. You need to set a bayes path somewhere that postfix has access, > and then you will need to do some training. > >> [4882] dbg: config: score set 0 chosen. >> [4882] dbg: message: ---- MIME PARSER START ---- >> [4882] dbg: message: main message type: text/plain >> [4882] dbg: message: parsing normal part >> [4882] dbg: message: added part, type: text/plain >> [4882] dbg: message: ---- MIME PARSER END ---- >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [4882] dbg: dns: is DNS available? 0 >> [4882] dbg: metadata: X-Spam-Relays-Trusted: >> [4882] dbg: metadata: X-Spam-Relays-Untrusted: >> [4882] dbg: metadata: X-Spam-Relays-Internal: >> [4882] dbg: metadata: X-Spam-Relays-External: >> [4882] dbg: message: no encoding detected >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'parsed_metadata' >> [4882] dbg: rules: local tests only, ignoring RBL eval >> [4882] dbg: check: running tests for priority: 0 >> [4882] dbg: rules: running header regexp tests; score so far=0 >> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" >> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: >> "1211883990" >> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit: >> "<1211883990@lint_rules> >> [4882] dbg: rules: " >> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: >> "@lint_rules>" >> [4882] dbg: eval: all '*From' addrs: >> ignore@compiling.spamassassin.taint.org >> [4882] dbg: eval: all '*To' addrs: >> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit >> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=-0.001 >> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" >> [4882] dbg: uri: running uri tests; score so far=-0.001 >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [4882] dbg: bayes: not scoring message, returning undef >> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=-0.001 >> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001 >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'check_tick' >> [4882] dbg: check: running tests for priority: 500 >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'check_post_dnsbl' >> [4882] dbg: rules: running meta tests; score so far=-0.001 >> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency >> 'DCC_CHECK' >> [4882] dbg: rules: running header regexp tests; score so far=1.866 >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=1.866 >> [4882] dbg: uri: running uri tests; score so far=1.866 >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=1.866 >> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >> [4882] dbg: check: running tests for priority: 1000 >> [4882] dbg: rules: running meta tests; score so far=1.866 >> [4882] dbg: rules: running header regexp tests; score so far=1.866 >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=1.866 >> [4882] dbg: uri: running uri tests; score so far=1.866 >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=1.866 >> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >> [4882] dbg: check: is spam? score=1.866 required=5 >> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE >> [4882] dbg: check: >> >> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >> [4882] warn: lint: 1 issues detected, please rerun with debug enabled >> for more information >> >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------ >> >> Is the warning because of >> >> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [4882] warn: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> >> and can I ignore it?? ( I dont have pyzor installed. Is it a must to >> have pyzor installed??) > > Either install pyzor, or disable the plugin line that tries to load it. > Look in all your .pre files in /etc/mail/spamassassin >> >> >> ******************************************************************************************************************* >> >> >> When I tried sa-learn --dump magic -D, I got the following error : >> >> ERROR: Bayes dump returned an error, please re-run with -D for more >> information > > Again, no bayes db to dump. >> >> >> >> ----------------------------------------------------------------------------------------- >> mail:/etc/mail/spamassassin # sa-learn --dump magic -D >> [2675] dbg: logger: adding facilities: all >> [2675] dbg: logger: logging level is DBG >> [2675] dbg: generic: SpamAssassin version 3.1.6 >> [2675] dbg: config: score set 0 chosen. >> [2675] dbg: util: running in taint mode? yes >> [2675] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [2675] dbg: util: PATH included '/sbin', keeping >> [2675] dbg: util: PATH included '/usr/sbin', keeping >> [2675] dbg: util: PATH included '/usr/local/sbin', keeping >> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping >> [2675] dbg: util: PATH included '/root/bin', keeping >> [2675] dbg: util: PATH included '/usr/local/bin', keeping >> [2675] dbg: util: PATH included '/usr/bin', keeping >> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping >> [2675] dbg: util: PATH included '/bin', keeping >> [2675] dbg: util: PATH included '/usr/games', keeping >> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping >> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >> [2675] dbg: util: final PATH set to: >> >> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >> [2675] dbg: message: ---- MIME PARSER START ---- >> [2675] dbg: message: main message type: text/plain >> [2675] dbg: message: parsing normal part >> [2675] dbg: message: added part, type: text/plain >> [2675] dbg: message: ---- MIME PARSER END ---- >> [2675] dbg: dns: is Net::DNS::Resolver available? yes >> [2675] dbg: dns: Net::DNS version: 0.59 >> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre >> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir >> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [2675] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >> [2675] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf >> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >> [2675] dbg: pyzor: network tests on, attempting Pyzor >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >> [2675] dbg: razor2: razor2 is not available >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >> [2675] dbg: reporter: network tests on, attempting SpamCop >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0) >> [2675] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14) >> [2675] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >> @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >> @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >> [2675] dbg: config: adding redirector regex: >> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >> [2675] dbg: config: adding redirector regex: >> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [2675] info: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> [2675] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements >> 'finish_parsing_end' >> [2675] dbg: replacetags: replacing tags >> [2675] dbg: replacetags: done replacing tags >> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [2675] dbg: config: score set 1 chosen. >> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> ERROR: Bayes dump returned an error, please re-run with -D for more >> information >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> --> Am I getting this error because there are no bayes related files >> in the /root/.spamassassin directory?? (its empty now) >> >> --> If yes, should I use the following command to create them?? >> >> # sa-learn --showdots --spam >> /home//Maildir/cur (this is my inbox) >> >> >> # sa-learn --showdots --ham /home/Maildir/.spam/cur >> (this is where i filter all my {spam?} tagged mails) >> >> >> ---> After this if i restart spamassassin, will >> spamassassin+mailscanner start doing the bayes autolearn and check the >> lists specified in Spam Lists option of the mailscanner? If not, what >> should I do to get my spamassassin+mailscanner start doing the bayes >> autolearn and check the lists specified in Spam Lists option of the >> mailscanner? >> >> >> Hope someone would be kind enough to help me. >> >> Expecting an early reply >> >> sincerely yours > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From hvdkooij at vanderkooij.org Mon Jun 16 07:42:41 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 07:42:50 2008 Subject: What "Other Checks" problems? In-Reply-To: References: Message-ID: <48560B61.3070704@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Kwan wrote: | Virus and Content Scanning: Starting | /var/spool/MailScanner/incoming/11290/./1.message: Eicar-Test-Signature FOUND | | /var/spool/MailScanner/incoming/11290/./1/eicar.com: Eicar-Test-Signature FOUND | | Virus Scanning: ClamAV found 2 infections | Infected message 1 came from 192.168.1.1 | Infected message 1.message came from | Virus Scanning: Found 2 viruses | Filename Checks: (1 eicar.com) | Other Checks: Found 1 problems There are two instances of the EICAR string. 1 is identified in the file eicar.com and the other as part of the message itself. But without a filename to relate it to it is named as other check. So there is no problem. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVgtgBvzDRVjxmYERAiDRAJ4tVFRNyHSuKCGI9QlF7lQcrlM5vQCfVtxs E1rfhJzOszV07T1Tsu7Ob64= =rSzR -----END PGP SIGNATURE----- From john at tradoc.fr Mon Jun 16 08:08:03 2008 From: john at tradoc.fr (John Wilcock) Date: Mon Jun 16 08:08:29 2008 Subject: Health update In-Reply-To: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> Message-ID: <48561153.3080806@tradoc.fr> --[ UxBoD ]-- a ?crit : > All the best Jules ... Wish you a short wait and a very speedy > recovery ... Make sure the nice nurse keeps your laptop well out of > reach! I beg to differ ;-) Keeping Julian from his laptop would be terrible for his mental well-being! Julian, may the time that you're *not* straining to get at your laptop after the op be as short as possible! John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From martinh at solidstatelogic.com Mon Jun 16 08:59:15 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 16 08:59:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> Message-ID: <8fed8158a25ad74ba3e35a32377e9748@solidstatelogic.com> Charlie 2-5 seconds per batch is pretty fast. Anything under 1 minute is acceptable IMHO. Why the concern about scan times?? Email isn't IM :-). Seriously why the concern about scan times? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 16 June 2008 04:41 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > By the way, my CPU is Pentium 4, 2.4GHz and there is 1GB of RAM. > Emails are now taking 2-5 seconds to scan - is this normal > for this configuration? We've disabled spam checking on > emails larger than 40KB and that helped a great deal. > > Server's details: > > # free > total used free shared > buffers cached > Mem: 1028576 835056 193520 0 > 117124 264136 > -/+ buffers/cache: 453796 574780 > Swap: 996020 21148 974872 > > # uptime > 03:34:13 up 222 days, 45 min, 2 users, load average: 1.12, > 0.71, 0.43 > > # cat /proc/meminfo > MemTotal: 1028576 kB > MemFree: 182964 kB > Buffers: 116612 kB > Cached: 263300 kB > SwapCached: 3028 kB > Active: 624508 kB > Inactive: 175076 kB > HighTotal: 122856 kB > HighFree: 236 kB > LowTotal: 905720 kB > LowFree: 182728 kB > SwapTotal: 996020 kB > SwapFree: 974872 kB > Dirty: 364 kB > Writeback: 0 kB > AnonPages: 419628 kB > Mapped: 25792 kB > Slab: 38296 kB > PageTables: 2372 kB > NFS_Unstable: 0 kB > Bounce: 0 kB > CommitLimit: 1510308 kB > Committed_AS: 815640 kB > VmallocTotal: 114680 kB > VmallocUsed: 2676 kB > VmallocChunk: 111648 kB > > # cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 15 > model : 2 > model name : Intel(R) Pentium(R) 4 CPU 2.40GHz > stepping : 7 > cpu MHz : 2405.624 > cache size : 512 KB > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 2 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep > mtrr pge mca > cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up cid > bogomips : 4815.03 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.anderlini at database.it Mon Jun 16 09:06:20 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 09:06:41 2008 Subject: Problem while updating perl Message-ID: <00cc01c8cf87$dc554710$2e01a8c0@dbdomain.database.it> Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. Today I've tried to update my sistem but I get this error msg: ======================================= Transaction Check Error: file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm from install of perl-5.8.5-36.el4_6.3 conflicts with file from package perl-Sys-Syslog-0.18-1 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslog.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from package perl-Sys-Syslog-0.18-1 ======================================= Could someone help me ? Thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From MailScanner at ecs.soton.ac.uk Mon Jun 16 09:19:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 16 09:19:35 2008 Subject: Problem while updating perl In-Reply-To: References: Message-ID: <48562204.2000805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rpm -e perl-Sys-Syslog then up2date -u then re-install MailScanner. Marcello Anderlini Database Informatica wrote: > Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. > Today I've tried to update my sistem but I get this error msg: > ======================================= > Transaction Check Error: > file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm from > install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslog.so > from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > ======================================= > > Could someone help me ? > > Thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIViIFEfZZRxQVtlQRAkHdAKDAoFDns0nXfr1YClsZe4CVtu8RsgCg0Y4P kIgnehDrl4ySJF3afJ5SAi0= =aMsm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Mon Jun 16 09:30:54 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 09:31:13 2008 Subject: R: Problem while updating perl In-Reply-To: <48562204.2000805@ecs.soton.ac.uk> References: <48562204.2000805@ecs.soton.ac.uk> Message-ID: <00d101c8cf8b$4af0fbd0$2e01a8c0@dbdomain.database.it> Thanks but is there a way to avoid reinstall mailscanner ? It's a production server and I would prefer to not reinstall if it's possible. thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Julian Field Inviato: luned? 16 giugno 2008 10.19 A: MailScanner discussion Oggetto: Re: Problem while updating perl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rpm -e perl-Sys-Syslog then up2date -u then re-install MailScanner. Marcello Anderlini Database Informatica wrote: > Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. > Today I've tried to update my sistem but I get this error msg: > ======================================= > Transaction Check Error: > file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm > from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo > g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from > package > perl-Sys-Syslog-0.18-1 > ======================================= > > Could someone help me ? > > Thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIViIFEfZZRxQVtlQRAkHdAKDAoFDns0nXfr1YClsZe4CVtu8RsgCg0Y4P kIgnehDrl4ySJF3afJ5SAi0= =aMsm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From stef at aoc-uk.com Mon Jun 16 10:38:41 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Mon Jun 16 10:38:47 2008 Subject: X-MailScanner-ID header Message-ID: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Hi guys, Is there any way to customise the X-MailScanner-ID header? I've checked through MailScanner.conf, but can't seem to find a reference to it. Also, does this header need a bayes_ignore_header line in spam.assassin.prefs.conf? Thanks Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers LTD computer network solution providers putting the technology in place that makes your information work for you. Visit our website for more information about how Alpha Omega can enhance your business. IMPORTANT: This E-Mail is confidential and may also be privileged. If you are not the intended recipient, please notify us immediately by telephoning +44 (0) 845 345 2820. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Alpha Omega Computers LTD does not accept liability for any such changes. If you wish to confirm the origin or content of this communication, please contact the sender using an alternative means of communication. In messages of a non-business nature, the views and opinions of the author are their own and do not necessarily reflect the views and opinions of the organisation. Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From raymond at prolocation.net Mon Jun 16 10:40:57 2008 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Jun 16 10:41:10 2008 Subject: X-MailScanner-ID header In-Reply-To: <200806160938.m5G9cd9q027459@safir.blacknight.ie> References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: Hi! > Is there any way to customise the X-MailScanner-ID header? I've checked > through MailScanner.conf, but can't seem to find a reference to it. > > Also, does this header need a bayes_ignore_header line in > spam.assassin.prefs.conf? I had the same question, but as it looks its static defined in the MailScanner code. Julian, can we make this configurable too? Bye, Raymond. From donnieq at quindardonet.net Mon Jun 16 11:42:19 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Mon Jun 16 11:42:29 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <4856438B.3040900@quindardonet.net> I was able to comment out these lines in /usr/lib/MailScanner/MailScanner/Message.pm. The line with "X-MailScanner-ID" occurs three times. I did not see any issues when doing this, I could be wrong though! Don Q. Raymond Dijkxhoorn wrote: > Hi! > >> Is there any way to customise the X-MailScanner-ID header? I've checked >> through MailScanner.conf, but can't seem to find a reference to it. >> >> Also, does this header need a bayes_ignore_header line in >> spam.assassin.prefs.conf? > > I had the same question, but as it looks its static defined in the > MailScanner code. > > Julian, can we make this configurable too? > > Bye, > Raymond. From MailScanner at ecs.soton.ac.uk Mon Jun 16 11:45:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 16 11:45:42 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <48564442.30808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: > Hi! > >> Is there any way to customise the X-MailScanner-ID header? I've checked >> through MailScanner.conf, but can't seem to find a reference to it. >> >> Also, does this header need a bayes_ignore_header line in >> spam.assassin.prefs.conf? > > I had the same question, but as it looks its static defined in the > MailScanner code. > > Julian, can we make this configurable too? It will be in the next release. A new config option called "ID Header" will set it for you. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIVkRDEfZZRxQVtlQRAo0wAJ9sth9aDMq1v2p5zYI8PTM1GpTzEACg63qu P+bi/8ltunPS85mKRoJKajI= =3FjI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Mon Jun 16 12:01:45 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Jun 16 12:02:59 2008 Subject: X-MailScanner-ID header In-Reply-To: <200806160938.m5G9cd9q027459@safir.blacknight.ie> References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: On Mon, 16 Jun 2008, Stef Morrell wrote: > Is there any way to customise the X-MailScanner-ID header? I've checked > through MailScanner.conf, but can't seem to find a reference to it. Glad someone else has also spotted this. I raised the question (with some background info I dug out about MS versions and possible ways to tailor) on April 29, and I don't think it was followed up. The header seems to be a fixed string in the MS source code, so would need a code change to handle variability. There are other "X-MailScanner-blah" headers that are tailorable (often to "X-%org-name%-MailScanner-blah"). Julian: Could "X-MailScanner-ID" follow the same conventions? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From stef at aoc-uk.com Mon Jun 16 12:04:01 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Mon Jun 16 12:04:09 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <200806161104.m5GB3xG7030808@safir.blacknight.ie> Julian wrote: > Raymond Dijkxhoorn wrote: >> Hi! >> >>> Is there any way to customise the X-MailScanner-ID header? I've >>> checked through MailScanner.conf, but can't seem to find a >>> reference to it. >>> >>> Also, does this header need a bayes_ignore_header line in >>> spam.assassin.prefs.conf? >> >> I had the same question, but as it looks its static defined in the >> MailScanner code. >> >> Julian, can we make this configurable too? > It will be in the next release. A new config option called "ID Header" > will set it for you. Many thanks for this. Should we really be ignoring this for bayes? Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From jplorier at montecarlotv.com.uy Mon Jun 16 12:09:40 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Jun 16 12:16:58 2008 Subject: Health update In-Reply-To: <200806132133.m5DLX0HI006491@safir.blacknight.ie> Message-ID: Lots of luck to you Jules. You deserve the best. Best whishes Ing. Juan Pablo Lorier Monte Carlo TV SA Montevideo, Uruguay +(598)2 9244444 From davejones70 at gmail.com Mon Jun 16 13:27:40 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Jun 16 13:27:50 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> >Thanks but is there a way to avoid reinstall mailscanner ? It's a production >server and I would prefer to not reinstall if it's possible. >thanks >rpm -e perl-Sys-Syslog >then up2date -u >then re-install MailScanner. >Marcello Anderlini Database Informatica wrote: >> Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. >> Today I've tried to update my sistem but I get this error msg: >> ======================================= >> Transaction Check Error: >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package >> perl-Sys-Syslog-0.18-1 >> file >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from >> package >> perl-Sys-Syslog-0.18-1 >> ======================================= >> >> Could someone help me ? >> >> Thanks >> >> Dr. Marcello Anderlini >> m.anderlini@database.it >> --------------------------------------------- >> Database Informatica S.r.l. >> Microsoft Certified Partner >> Tel. +39059775070 >> Fax. +39059779545 >> http://www.database.it >> --------------------------------------------- >> >> >> You can reinstall MailScanner but you will still have the same perl conflicts next time a perl module gets updated on RPMforge (or whatever your repo is that has the conflicting package). I would simply force the install of the perl modules (I do it all the time) with the conflict from the MailScanner installation: # rpm -Uhv --force /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm Substitute "rpmforge" above with whatever your repository name is and the RPM file in question. Dave -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f9f4c5a8/attachment.html From derek at csolve.net Mon Jun 16 13:38:05 2008 From: derek at csolve.net (Derek Buttineau) Date: Mon Jun 16 13:38:21 2008 Subject: Health update In-Reply-To: References: Message-ID: <300E7F69-0B7F-4635-81B7-AA4E6BE84F11@csolve.net> On 2008-Jun-13, at 5:00 PM, Andrews Carl 455 wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that > means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules Good luck Jules, And a speedy recovery! -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 13:44:29 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 13:45:06 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4856602D.8000605@USherbrooke.ca> Julian Field a ?crit : > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Julian, I want to join the others in wishing you a fast operation and recovery! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From lists at gmnet.net Mon Jun 16 13:46:02 2008 From: lists at gmnet.net (Rick Bragg) Date: Mon Jun 16 13:46:49 2008 Subject: legitimate email getting marked as spam... Tuning advice Message-ID: <1213620362.13897.37.camel@thor> Hi, I am a bit of a newbe at all this, so any help will be very appreciated! I have a seemingly good working install of MailScanner, sendmail, spamassassin, squirrelmail, and clambAV. I am delivering and accepting mail for a dozen or so of my "clients" domains. It seems that most of my clients email that they send me gets marked as spam in my in-box. I did not do anything with the bayes database yet, and I'm not sure where to start. Is there a way that I can "tune" the system on a system-wide level? and/or do each of my clients have to tune their own? If so, how do they do that? I am personally using evolution, some of my clients use squirrelmail, some use thunderbird etc... Can my clients tune their spam database via their mailer software? I would basically like to know: Is there is a way to tune spamassassin on a system-wide level for all my domains at once? And: What is the best way for each of my clients to go about tuning their own settings? (or me doing if for them) Thanks Rick Bragg p.s. Take care Jules, take a nice holiday, maybe try lots of milk-thistle in the meantime, you will get through this! -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 13:46:56 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 13:47:31 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> Message-ID: <485660C0.1080803@USherbrooke.ca> Meurlin Robert a ?crit : > Does anyone have more ides? Have looked at everything I can think of. > Robert, Is MailScanner running? Any messages from MS in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From dave.list at pixelhammer.com Mon Jun 16 14:03:38 2008 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 16 14:03:56 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <485664AA.5090208@pixelhammer.com> Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > My son asks about you every few weeks since he saw me sending a get well card a few months ago. He was happy to hear you made the list. Best of luck. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From richard.frovarp at sendit.nodak.edu Mon Jun 16 14:16:28 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 16 14:16:39 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> References: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> Message-ID: <485667AC.5000308@sendit.nodak.edu> Charlie wrote: >> >If it is a load problem you should try to reduce the amount of mail >> >reaching SpamAssassin in the first place. RBLs come to mind. Or (since >> >you asked for a commercial solution) have a look at BarricadeMX from >> >FSL. BMX will greatly reduce the amount of mail reaching your MTA. >> Our userbase means that over 99% of emails sent through the server are >> *not* spam, so any limiting of the emails reaching the MTA would not help. >> >> So if 99% of your mail isn't spam, then why bother using >spamassassin? >> I would dare to say that 65 - 75% of the mail that "attempts" delivery >> here IS >> spam. Some days it is over 90%, especially on the weekends when >we get very >> little legit mail. >> > > The reason I wanted to catch the 1% that is spam is so the server doesn't > get blacklisted. People are paying money for the service, hence I need to > pay more attention to making sure it stays off blacklists than if I was > just an ISP offering a free service. > > I'll try all the suggestions on Monday and provide an update then - thanks > for all the assistance! > > > Why would you be blacklisted? Is this an incoming or out going server? Accepting spam won't get you blacklisted. Unless you are passing the mail onto other systems which may blame your server. Anything under a minute is good. Check if you are swapping when your queue starts to back up. You can see what is going on by using mailscanner-mrtg. Sometimes running smaller batches or fewer processes will actually make it faster. And of course make sure you only accept mail for legit addresses and reject everything else at SMTP. From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 14:27:29 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 14:28:06 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> References: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> Message-ID: <48566A41.2010809@USherbrooke.ca> Dave Jones a ?crit : > >Thanks but is there a way to avoid reinstall mailscanner ? It's a > production > >server and I would prefer to not reinstall if it's possible. > > >thanks > > > > >rpm -e perl-Sys-Syslog > >then up2date -u > >then re-install MailScanner. > > >Marcello Anderlini Database Informatica wrote: > >> Hello I've a mailscanner *Le Service des Technologies de > l'Information de l'UdeS veut vous mettre en garde contre "4.58.9.1" > qui semble ?tre une tentative de fraude envers* 4.58.9.1 > running on a Centos 4.6 x86_64. > >> Today I've tried to update my sistem but I get this error msg: > >> ======================================= > >> Transaction Check Error: > >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm > >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > >> perl-Sys-Syslog-0.18-1 > >> file > >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo > >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from > >> package > >> perl-Sys-Syslog-0.18-1 > >> ======================================= > >> > >> Could someone help me ? > >> > >> Thanks > >> > >> Dr. Marcello Anderlini > >> m.anderlini@database.it > >> --------------------------------------------- > >> Database Informatica S.r.l. > >> Microsoft Certified Partner > >> Tel. +39059775070 > >> Fax. +39059779545 > >> http://www.database.it > >> --------------------------------------------- > >> > >> > >> > You can reinstall MailScanner but you will still have the same perl > conflicts next time a perl module gets updated on RPMforge (or > whatever your repo is that has the conflicting package). > > I would simply force the install of the perl modules (I do it all the > time) with the conflict from the MailScanner installation: > > # rpm -Uhv --force > /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > > Substitute "rpmforge" above with whatever your repository name is and > the RPM file in question. > > Dave > > -- > Dave Jones Dave, It didn't work on my RHEL 5.2 server: [root@smtps ~]# rpm -Uvh --force /var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Preparing... ########################################### [100%] 1:perl ########################################### [100%] [root@smtps ~]# MailScanner --lint **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 14:28:37 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 14:28:49 2008 Subject: BAYES_00 is killing me Message-ID: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> I'm getting alot of spam coming through and it seems like the cause of this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 with SA 3.2.4. I've already trained hundreds of messages like these as spam and it doesn't seem to work. What else can I do? Thanks, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/b851f53d/attachment.html From hvdkooij at vanderkooij.org Mon Jun 16 14:40:13 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 14:40:22 2008 Subject: legitimate email getting marked as spam... Tuning advice In-Reply-To: <1213620362.13897.37.camel@thor> References: <1213620362.13897.37.camel@thor> Message-ID: <48566D3D.5010407@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Bragg wrote: | Hi, | | I am a bit of a newbe at all this, so any help will be very appreciated! | | I have a seemingly good working install of MailScanner, sendmail, | spamassassin, squirrelmail, and clambAV. I am delivering and accepting | mail for a dozen or so of my "clients" domains. It seems that most of | my clients email that they send me gets marked as spam in my in-box. I | did not do anything with the bayes database yet, and I'm not sure where | to start. Is there a way that I can "tune" the system on a system-wide | level? and/or do each of my clients have to tune their own? If so, how | do they do that? I am personally using evolution, some of my clients | use squirrelmail, some use thunderbird etc... Can my clients tune their | spam database via their mailer software? | | I would basically like to know: | Is there is a way to tune spamassassin on a system-wide level for all my | domains at once? | And: | What is the best way for each of my clients to go about tuning their own | settings? (or me doing if for them) Most, if not all, items have been named here in the past. I would try to setup SPAM and HAM boxes where the users can drop copies of SPAM and HAM messages. Then you can use sa-learn to set up your bayesian database. That way your nbayesian databsse will reflect the average of your customers. If your customers are rather diverse you may find that you loose some accuracy in the bayesian database. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVm04BvzDRVjxmYERAliXAKCDyXgX7XySk9s/h7seLDxVaeOmuwCdHjrm 84cG6ELpNKVo1GJzvG2Ozkk= =Sgcs -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Jun 16 14:43:03 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 14:43:12 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> Message-ID: <48566DE7.6000108@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | I'm getting alot of spam coming through and it seems like the cause of | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 | with SA 3.2.4. I've already trained hundreds of | messages like these as spam and it doesn't seem to work. What else can | I do? My guess is that you are training the wrong database. You train another database and not the one you are using with MailScanner. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVm3lBvzDRVjxmYERAljQAJ4nY+ik57vnYNzUHwTWc6gTpH6WLwCglQ6Z UYPyj2h33fcZAKZw8/k/vXA= =d3UL -----END PGP SIGNATURE----- From devonharding at gmail.com Mon Jun 16 15:03:31 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 15:03:39 2008 Subject: BAYES_00 is killing me In-Reply-To: <48566DE7.6000108@vanderkooij.org> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> Message-ID: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like the cause of > | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 > | with SA 3.2.4. I've already trained hundreds of > | messages like these as spam and it doesn't seem to work. What else can > | I do? > > My guess is that you are training the wrong database. You train another > database and not the one you are using with MailScanner. > > Hugo. > > For MS, where is the Bayes DB path specified? My DB is located here: /etc/MailScanner/.spamassassin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/c5e26358/attachment.html From jra at baylink.com Mon Jun 16 15:03:31 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jun 16 15:03:41 2008 Subject: Updating an adopted installation from 4.54 Message-ID: <20080616140331.GA27476@cgi.jachomes.com> I'm the new Network Guy at a company that's running MailScanner 4.54.6 as a smarthost in between an Exchange 5.5/Win2K server and the Internet. Partially because of the version number, and partially because one of the VPs commented on his upticked spam last week (:-), clearly it's time for me to upgrade. Is this just a "drop on top" upgrade, as the doco seems to suggest? Is there likely to be customization or training I need to take special note of? I'm an old time mail guy, but new to MailScanner; pointers welcome. Incidentally, love the Best Practices page; I've linked to it from my (semi-nascent) bestpractices.wikia.com. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From devonharding at gmail.com Mon Jun 16 15:55:43 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 15:55:52 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> Message-ID: <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding wrote: > >> Devon Harding wrote: >> | I'm getting alot of spam coming through and it seems like the cause of >> | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 >> | with SA 3.2.4. I've already trained hundreds of >> | messages like these as spam and it doesn't seem to work. What else can >> | I do? >> >> My guess is that you are training the wrong database. You train another >> database and not the one you are using with MailScanner. >> >> Hugo. >> >> > > For MS, where is the Bayes DB path specified? My DB is located here: > > /etc/MailScanner/.spamassassin > > I think my BAYES is all messed up. How do I rebuild it from scratch? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f3b28299/attachment.html From telecaadmin at gmail.com Mon Jun 16 15:55:39 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jun 16 15:58:02 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> References: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> Message-ID: <48567EEB.6010506@gmail.com> > # cat /proc/meminfo > MemTotal: 1028576 kB > MemFree: 182964 kB > Buffers: 116612 kB > Cached: 263300 kB > SwapCached: 3028 kB > Active: 624508 kB Your server details seem OK - you're not too short on mem, however you're running at 630 of 1024 MB constantly allocated which for my taste is a bit much; that doesn't leave to much room for filesystem/... caching etc. Also the 24MB on swap tell me that there was memory pressure at one time. Add some RAM. You forgot the output for nscd - as Julian said, DNS requests make a HUGE difference for spamassassin speedwise if they are cached or not. You won't get away without doing some work, though, if you want a speedup: 0) add RAM 1) run nscd and a caching name server 2) "mount -o noatime" your filesystems, esp. your spool directory 3) tune the # of MS children 4) lower batch sizes, this decreases individual mail delay, but may decrease overall thruput: MailScanner.conf: Max Unscanned Messages Per Scan = 10 Max Unsafe Messages Per Scan = 10 5) check if you use spamassassin cache! 6) use RBLs at SMTP level To put this into perspective: my AVERAGE overall processing time is at 2.4 seconds. No cheating allowed. Cheers, Ronny From m.anderlini at database.it Mon Jun 16 16:00:17 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 16:00:36 2008 Subject: R: BAYES_00 is killing me In-Reply-To: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com><48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> Message-ID: <014f01c8cfc1$b05aaf30$2e01a8c0@dbdomain.database.it> I've the same problem, My file it's this /root/.spamassassin/bayes_seen. it's correct ? how can set or check the right configuration ? Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- _____ Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Devon Harding Inviato: luned? 16 giugno 2008 16.04 A: MailScanner discussion Oggetto: Re: BAYES_00 is killing me Devon Harding wrote: | I'm getting alot of spam coming through and it seems like the cause of | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 | with SA 3.2.4. I've already trained hundreds of | messages like these as spam and it doesn't seem to work. What else can | I do? My guess is that you are training the wrong database. You train another database and not the one you are using with MailScanner. Hugo. For MS, where is the Bayes DB path specified? My DB is located here: /etc/MailScanner/.spamassassin -- Messaggio verificato dal servizio antivirus di Database Informatica. -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/ec548038/attachment.html From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 16:11:41 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 16:12:15 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> Message-ID: <485682AD.5030305@USherbrooke.ca> Devon Harding a ?crit : > > > On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > > wrote: > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like > the cause of > | this is BAYES_00 scoring messages with -2.60. I'm running > MS 4.68.8 > | with SA *Le Service des Technologies de l'Information de > l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > ?tre une tentative de fraude envers* 3.2.4. > <*Le Service des Technologies de l'Information de l'UdeS veut > vous mettre en garde contre "3.2.4" qui semble ?tre une > tentative de fraude envers* http://3.2.4.> I've already > trained hundreds of > > | messages like these as spam and it doesn't seem to work. > What else can > | I do? > > My guess is that you are training the wrong database. You > train another > database and not the one you are using with MailScanner. > > Hugo. > > > > For MS, where is the Bayes DB path specified? My DB is located here: > > /etc/MailScanner/.spamassassin > > > I think my BAYES is all messed up. How do I rebuild it from scratch? > Devon, Look here for a starter kit: http://www.fsl.com/resources.html Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 16:46:36 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 16:46:45 2008 Subject: BAYES_00 is killing me In-Reply-To: <485682AD.5030305@USherbrooke.ca> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> Message-ID: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> On Mon, Jun 16, 2008 at 11:11 AM, Denis Beauchemin < Denis.Beauchemin@usherbrooke.ca> wrote: > Devon Harding a ?crit : > >> >> >> On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > devonharding@gmail.com>> wrote: >> >> >> Devon Harding wrote: >> | I'm getting alot of spam coming through and it seems like >> the cause of >> | this is BAYES_00 scoring messages with -2.60. I'm running >> MS 4.68.8 >> | with SA *Le Service des Technologies de l'Information de >> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> ?tre une tentative de fraude envers* 3.2.4. >> <*Le Service des Technologies de l'Information de l'UdeS veut >> vous mettre en garde contre "3.2.4" qui semble ?tre une >> tentative de fraude envers* http://3.2.4.> I've already >> trained hundreds of >> >> | messages like these as spam and it doesn't seem to work. >> What else can >> | I do? >> >> My guess is that you are training the wrong database. You >> train another >> database and not the one you are using with MailScanner. >> >> Hugo. >> >> >> >> For MS, where is the Bayes DB path specified? My DB is located here: >> >> /etc/MailScanner/.spamassassin >> >> >> I think my BAYES is all messed up. How do I rebuild it from scratch? >> >> Devon, > > Look here for a starter kit: http://www.fsl.com/resources.html > > Denis > > -- I've restored the starter DB and I do see the new files in /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a lint from the Tools tab, i Get the following: [5637] dbg: bayes: no dbs present, cannot tie DB R/O: //.spamassassin/bayes_toks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/7d2d0a56/attachment.html From devonharding at gmail.com Mon Jun 16 16:54:52 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 16:55:06 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> Message-ID: <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> > > >>> >>> >>> Devon Harding wrote: >>> | I'm getting alot of spam coming through and it seems like >>> the cause of >>> | this is BAYES_00 scoring messages with -2.60. I'm running >>> MS 4.68.8 >>> | with SA *Le Service des Technologies de l'Information de >>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>> ?tre une tentative de fraude envers* 3.2.4. >>> <*Le Service des Technologies de l'Information de l'UdeS veut >>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>> tentative de fraude envers* http://3.2.4.> I've already >>> trained hundreds of >>> >>> | messages like these as spam and it doesn't seem to work. >>> What else can >>> | I do? >>> >>> My guess is that you are training the wrong database. You >>> train another >>> database and not the one you are using with MailScanner. >>> >>> Hugo. >>> >>> >>> >>> For MS, where is the Bayes DB path specified? My DB is located here: >>> >>> /etc/MailScanner/.spamassassin >>> >>> >>> I think my BAYES is all messed up. How do I rebuild it from scratch? >>> >>> Devon, >> >> Look here for a starter kit: http://www.fsl.com/resources.html >> >> Denis >> >> -- > > > > I've restored the starter DB and I do see the new files in > /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one > ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a > lint from the Tools tab, i Get the following: > > [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > //.spamassassin/bayes_toks > Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa after the restore and did see: 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen 11:52:13 [5879] dbg: bayes: found bayes db version 3 11:52:13 [5879] dbg: bayes: learned '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: 1213631520 11:52:13 [5879] dbg: bayes: untie-ing 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock It seems that MailWatch is the one thats not working right. Any way to relink this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/7650235c/attachment.html From steve at fsl.com Mon Jun 16 16:57:05 2008 From: steve at fsl.com (Stephen Swaney) Date: Mon Jun 16 16:57:16 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> Message-ID: <48568D51.2080800@fsl.com> Devon Harding wrote: > > > On Mon, Jun 16, 2008 at 11:11 AM, Denis Beauchemin > > wrote: > > Devon Harding a ?crit : > > > > On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > > >> wrote: > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like > the cause of > | this is BAYES_00 scoring messages with -2.60. I'm > running > MS 4.68.8 > | with SA *Le Service des Technologies de l'Information de > l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > ?tre une tentative de fraude envers* *MailScanner > warning: numerical links are often malicious:* 3.2.4. > <*MailScanner warning: numerical links are > often malicious:* http://3.2.4.> > <*Le Service des Technologies de l'Information de > l'UdeS veut > vous mettre en garde contre "3.2.4" qui semble ?tre une > tentative de fraude envers* *MailScanner warning: > numerical links are often malicious:* http://3.2.4.> I've > already > > trained hundreds of > > | messages like these as spam and it doesn't seem to work. > What else can > | I do? > > My guess is that you are training the wrong database. You > train another > database and not the one you are using with MailScanner. > > Hugo. > > > > For MS, where is the Bayes DB path specified? My DB is > located here: > > /etc/MailScanner/.spamassassin > > > I think my BAYES is all messed up. How do I rebuild it from > scratch? > > Devon, > > Look here for a starter kit: http://www.fsl.com/resources.html > > Denis > > -- > > > > I've restored the starter DB and I do see the new files in > /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > one ones first), but SA Bayes DB Info from Mailwatch shows nothing. > When I do a lint from the Tools tab, i Get the following: > > [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > //.spamassassin/bayes_toks Look in /etc/MailScanner/spam.assassin.prefs.conf for the location of the Bayes database. Note that this "file" may actually be a link to a file in another location. Best Regards, Steve Steve Swaney steve@fsl.com www.fsl.com From lists at tippingmar.com Mon Jun 16 18:26:33 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Mon Jun 16 18:26:54 2008 Subject: {Disarmed} BAYES_00 is killing me In-Reply-To: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> Message-ID: <4856A249.2090808@tippingmar.com> Devon Harding wrote: > I'm getting alot of spam coming through and it seems like the cause of > this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 > with SA *MailScanner has detected a possible fraud attempt from > "3.2.4" claiming to be* 3.2.4. I've already trained > hundreds of messages like these as spam and it doesn't seem to work. > What else can I do? > Personally, I like to let Bayes add points to messages, but I am reluctant to let it subtract, because for some new spam messages it has the effect you are seeing. I modify the scoring as follows: # only the last column matters to us score BAYES_00 0 0 0 -0.50 score BAYES_05 0 0 0 -0.25 score BAYES_20 0 score BAYES_40 0 score BAYES_60 0 0 0 2.00 score BAYES_80 0 0 0 2.50 score BAYES_95 0 0 0 4.00 score BAYES_99 0 0 0 6.00 Also, I keep a few fake spam trap addresses, and I have a spamassassin rule that adds 15 points to anything they receive. This forces bayes to autolearn from most messages sent to the trap addresses. Mark From lists at designmedia.com Mon Jun 16 18:49:28 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 18:49:46 2008 Subject: BAYES_00 is killing me References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> Message-ID: Devon Harding gmail.com> writes: >Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa >after >the restore and did see: > >11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >/root/.spamassassin/bayes_toks >11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >/root/.spamassassin/bayes_seen >11:52:13 [5879] dbg: bayes: found bayes db version 3 >11:52:13 [5879] dbg: bayes: learned >'88a47a16459989c19d47893de31fec608aa8f41e > sa_generated', atime: 1213631520 >11:52:13 [5879] dbg: bayes: untie-ing >11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >It seems that MailWatch is the one thats not working right. Any way to relink >this? Look in either /etc/MailScanner/spam.assassin.prefs.conf or /etc/mail/spamassassin/local.cf for the bayes_path variable. Mine is located at /var/spool/MailScanner/spamassassin/bayes so it's: bayes_path /var/spool/MailScanner/spamassassin/bayes So I have a bunch of bayes_* files in /var/spool/MailScanner/spamassassin and my MailScanner --debug --debug-sa outputs: 10:44:38 [6376] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks 10:44:38 [6376] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen 10:44:38 [6376] dbg: bayes: found bayes db version 3 10:44:38 [6376] dbg: bayes: DB journal sync: last sync: 1213636701 From lists at designmedia.com Mon Jun 16 18:51:55 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 18:55:12 2008 Subject: What "Other Checks" problems? References: <48560B61.3070704@vanderkooij.org> Message-ID: Hugo van der Kooij vanderkooij.org> writes: > There are two instances of the EICAR string. 1 is identified in the file > eicar.com and the other as part of the message itself. But without a > filename to relate it to it is named as other check. > > So there is no problem. Ah, It was a bit confusing since the --lint told me that there was a problem yet didn't specified what the problem was. Perhaps Julian could reword in the next version? Thanks for the tip. From glenn.steen at gmail.com Mon Jun 16 19:46:45 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 19:46:54 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> Message-ID: <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> 2008/6/16 Devon Harding : >>>> >>>> >>>> >>>> Devon Harding wrote: >>>> | I'm getting alot of spam coming through and it seems like >>>> the cause of >>>> | this is BAYES_00 scoring messages with -2.60. I'm running >>>> MS 4.68.8 >>>> | with SA *Le Service des Technologies de l'Information de >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>>> ?tre une tentative de fraude envers* 3.2.4. >>>> <*Le Service des Technologies de l'Information de l'UdeS veut >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>>> tentative de fraude envers* http://3.2.4.> I've already >>>> trained hundreds of >>>> >>>> | messages like these as spam and it doesn't seem to work. >>>> What else can >>>> | I do? >>>> >>>> My guess is that you are training the wrong database. You >>>> train another >>>> database and not the one you are using with MailScanner. >>>> >>>> Hugo. >>>> >>>> >>>> >>>> For MS, where is the Bayes DB path specified? My DB is located here: >>>> >>>> /etc/MailScanner/.spamassassin >>>> >>>> >>>> I think my BAYES is all messed up. How do I rebuild it from scratch? >>>> >>> Devon, >>> >>> Look here for a starter kit: http://www.fsl.com/resources.html >>> >>> Denis >>> >>> -- >> >> I've restored the starter DB and I do see the new files in >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a >> lint from the Tools tab, i Get the following: >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> //.spamassassin/bayes_toks > > > Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa > after the restore and did see: > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > /root/.spamassassin/bayes_toks > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > /root/.spamassassin/bayes_seen > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > 11:52:13 [5879] dbg: bayes: learned > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: 1213631520 > 11:52:13 [5879] dbg: bayes: untie-ing > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > > It seems that MailWatch is the one thats not working right. Any way to > relink this? > > -Devon > Make sure your apahce user (the one running your httpd processes... hence the one running MailWatch:-) can actually read the bayes files... "su" is your friend here... and if you want to be able to learn via MailWatch, make sure the same user can write them too. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Mon Jun 16 19:49:36 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jun 16 19:49:49 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080616140331.GA27476@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > I'm the new Network Guy at a company that's running MailScanner 4.54.6 > as a smarthost in between an Exchange 5.5/Win2K server and the > Internet. > > Partially because of the version number, and partially because one of > the VPs commented on his upticked spam last week (:-), clearly it's > time for me to upgrade. > > Is this just a "drop on top" upgrade, as the doco seems to suggest? > Is > there likely to be customization or training I need to take special > note of? I'm an old time mail guy, but new to MailScanner; pointers > welcome. > > Incidentally, love the Best Practices page; I've linked to it from my > (semi-nascent) bestpractices.wikia.com. Hi Jay, Welcome to MailScanner - almost as much fun as Rivendell! Upgrading is pretty easy, assuming the previous admin didn't do anything goofy. The nickle overview is essentially: 1) Stop running MailScanner daemons 2) Install the newest version of MailScanner. I use the ones for SUSE - not sure what distro you're running on. Pretty much just a matter of going to the directory where I unpacked the tarball and running install.sh (I think that's the name of the script - it's very obvious at any rate). 3) Follow the directions at the end of the process - a ton of stuff will scroll by during the install. The last thing it tells you is to run the Upgrade_MailScanner script. If you run it w/o args, it will print out several command lines. Just copy/paste each to the CLI a step at a time and you'll be golden. The upgrade script looks at the old MailScanner.conf compares it to the new one with shiney new options, and merges the two so that all your non-default settings and site specific entries are automatically merged. Julian makes life very easy for his users. 4) Restart MailScanner and 'tail -f' the mail log to make sure things are flowing as expected. Note that MailScanner isn't really catching spam - it's more a traffic cop to facilitate the coordidnated use of multiple other tools, such as spamassassin, antivirus scanners, RBLs, etc. As such, I'd look at your version of spamassassin and upgrade it too. It's probably out of date, given that your MailScanner is. I'll bet you're also running ClamAV. Julian makes a nice one stop shopping install of spamassassin and clamav that makes upgrading painless. It'll set up the MailScanner specifics in the approprite spamassassin conf files for you. FWIW, I run multiple MailScanner gateways on different subnets. That way mail keeps flowing even when one is being upgraded or otherwise off line. If you've got a spare box around it may be a good use for it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From davejones70 at gmail.com Mon Jun 16 19:57:42 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Jun 16 19:57:52 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> >> >Thanks but is there a way to avoid reinstall mailscanner ? It's a >> production >> >server and I would prefer to not reinstall if it's possible. >> >> >thanks >> >> >> >> >rpm -e perl-Sys-Syslog >> >then up2date -u >> >then re-install MailScanner. >> >> >Marcello Anderlini Database Informatica wrote: >> >> Hello I've a mailscanner *Le Service des Technologies de >> l'Information de l'UdeS veut vous mettre en garde contre "4.58.9.1" >> qui semble ?tre une tentative de fraude envers* 4.58.9.1 >> running on a Centos 4.6 x86_64. >> >> Today I've tried to update my sistem but I get this error msg: >> >> ======================================= >> >> Transaction Check Error: >> >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm >> >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package >> >> perl-Sys-Syslog-0.18-1 >> >> file >> >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo >> >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from >> >> package >> >> perl-Sys-Syslog-0.18-1 >> >> ======================================= >> >> >> >> Could someone help me ? >> >> >> >> Thanks >> >> >> >> Dr. Marcello Anderlini >> >> m.anderlini@database.it >> >> --------------------------------------------- >> >> Database Informatica S.r.l. >> >> Microsoft Certified Partner >> >> Tel. +39059775070 >> >> Fax. +39059779545 >> >> http://www.database.it >> >> --------------------------------------------- >> >> >> >> >> >> >> You can reinstall MailScanner but you will still have the same perl >> conflicts next time a perl module gets updated on RPMforge (or >> whatever your repo is that has the conflicting package). >> >> I would simply force the install of the perl modules (I do it all the >> time) with the conflict from the MailScanner installation: >> >> # rpm -Uhv --force >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> Substitute "rpmforge" above with whatever your repository name is and >> the RPM file in question. >> >> Dave >> >> -- >> Dave Jones >Dave, > >It didn't work on my RHEL 5.2 server: >[root@smtps ~]# rpm -Uvh --force >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/lost\+found/.*. >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/\.journal. >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/lost\+found. >Preparing... ########################################### >[100%] >1:perl ########################################### >[100%] >[root@smtps ~]# MailScanner --lint > > >**** ERROR: You must upgrade your perl IO module to at least >**** ERROR: version 1.2301 or MailScanner will not work! > >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >perl-Math-BigInt perl-Math-BigRat perl-bignum > >Denis Sounds like you might have SELinux active. Run "getenforce" and if it is "Enforcing" then run "setenforce 0" to make it "Permissive". Then run your command again. If permissive mode allows the package install command to work with --force, then disable SELinux or try your hand at updating the SELinux policy that is preventing it from installing. RHEL 5 is supposed to be much easier to customize SELinux policies but I haven't played with it yet. I still just disable it during the install and go... -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f41d5bea/attachment.html From devonharding at gmail.com Mon Jun 16 20:24:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 20:24:59 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> Message-ID: <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen wrote: > 2008/6/16 Devon Harding : > >>>> > >>>> > >>>> > >>>> Devon Harding wrote: > >>>> | I'm getting alot of spam coming through and it seems like > >>>> the cause of > >>>> | this is BAYES_00 scoring messages with -2.60. I'm running > >>>> MS 4.68.8 > >>>> | with SA *Le Service des Technologies de l'Information de > >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > >>>> ?tre une tentative de fraude envers* 3.2.4. > >>>> <*Le Service des Technologies de l'Information de l'UdeS veut > >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >>>> tentative de fraude envers* http://3.2.4.> I've already > >>>> trained hundreds of > >>>> > >>>> | messages like these as spam and it doesn't seem to work. > >>>> What else can > >>>> | I do? > >>>> > >>>> My guess is that you are training the wrong database. You > >>>> train another > >>>> database and not the one you are using with MailScanner. > >>>> > >>>> Hugo. > >>>> > >>>> > >>>> > >>>> For MS, where is the Bayes DB path specified? My DB is located > here: > >>>> > >>>> /etc/MailScanner/.spamassassin > >>>> > >>>> > >>>> I think my BAYES is all messed up. How do I rebuild it from scratch? > >>>> > >>> Devon, > >>> > >>> Look here for a starter kit: http://www.fsl.com/resources.html > >>> > >>> Denis > >>> > >>> -- > >> > >> I've restored the starter DB and I do see the new files in > >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > one > >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I > do a > >> lint from the Tools tab, i Get the following: > >> > >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> //.spamassassin/bayes_toks > > > > > > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > --debug-sa > > after the restore and did see: > > > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > > /root/.spamassassin/bayes_toks > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > > /root/.spamassassin/bayes_seen > > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > > 11:52:13 [5879] dbg: bayes: learned > > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > 1213631520 > > 11:52:13 [5879] dbg: bayes: untie-ing > > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > > > > It seems that MailWatch is the one thats not working right. Any way to > > relink this? > > > > -Devon > > > Make sure your apahce user (the one running your httpd processes... > hence the one running MailWatch:-) can actually read the bayes > files... "su" is your friend here... and if you want to be able to > learn via MailWatch, make sure the same user can write them too. > > Cheers > -- I have the right permissions set, the thing is MailWatch is not showing any data for 'Bayes Database Information'. What is the tie in for MailWatch? -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/623d8bbc/attachment.html From jra at baylink.com Mon Jun 16 20:25:08 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jun 16 20:25:19 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> Message-ID: <20080616192508.GC28498@cgi.jachomes.com> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: > Welcome to MailScanner - almost as much fun as Rivendell! Everyone's Following Me!!! :-) > Upgrading is pretty easy, assuming the previous admin didn't do anything > goofy. The nickle overview is essentially: > 1) Stop running MailScanner daemons > 2) Install the newest version of MailScanner. I use the ones for > SUSE - not sure what distro you're running on. Pretty much just a > matter of going to the directory where I unpacked the tarball and > running install.sh (I think that's the name of the script - it's very > obvious at any rate). I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a symlink to it from /opt/MailScanner. > 3) Follow the directions at the end of the process - a ton of stuff > will scroll by during the install. The last thing it tells you is to > run the Upgrade_MailScanner script. If you run it w/o args, it will > print out several command lines. Just copy/paste each to the CLI a step > at a time and you'll be golden. The upgrade script looks at the old > MailScanner.conf compares it to the new one with shiney new options, and > merges the two so that all your non-default settings and site specific > entries are automatically merged. Julian makes life very easy for his > users. Bless him. > 4) Restart MailScanner and 'tail -f' the mail log to make sure > things are flowing as expected. Wow, there's a lot of stuff in my maillogs... > Note that MailScanner isn't really catching spam - it's more a traffic > cop to facilitate the coordidnated use of multiple other tools, such as > spamassassin, antivirus scanners, RBLs, etc. As such, I'd look at your > version of spamassassin and upgrade it too. It's probably out of date, > given that your MailScanner is. I'll bet you're also running ClamAV. > Julian makes a nice one stop shopping install of spamassassin and clamav > that makes upgrading painless. It'll set up the MailScanner specifics > in the approprite spamassassin conf files for you. I saw something about that. I'm strongly considering just building a new dedicated machine (this one is shared) and forklift-upgrading... would I need to bring training databases along for that? > FWIW, I run multiple MailScanner gateways on different subnets. That > way mail keeps flowing even when one is being upgraded or otherwise off > line. If you've got a spare box around it may be a good use for it... It's a thought... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From Kevin_Miller at ci.juneau.ak.us Mon Jun 16 20:49:59 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jun 16 20:50:14 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080616192508.GC28498@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >> Welcome to MailScanner - almost as much fun as Rivendell! > > Everyone's Following Me!!! :-) Great minds think alike? > I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a > symlink to it from /opt/MailScanner. Hmmm - I'm not sure but it sounds like they did a source compile installation. My stuff lands in /usr/lib/MailScanner (and /etc/MailScanner of course) by default which I think is SOP for the rpm installs. Could be wrong on that - never had to look too closely. Not sure what the best practice is for that. I'm sure someone will chime in on it. This is a great group. > Wow, there's a lot of stuff in my maillogs... Yeah. Email gateways are busier than a one legged man in a butt kicking contest. > I saw something about that. I'm strongly considering just building a > new dedicated machine (this one is shared) and forklift-upgrading... > would I need to bring training databases along for that? If you have a box or two to put it on, that would be the best way to go. It's saved my bacon more than once. And yes, you definitely want to migrate the bayes databases over. It's a wealth of data customized to your site. Whenever I've had to build a box from scratch I just copy over /etc/MailScanner/MailScanner.conf and the bayes database to the new machine. There's a few minor edits in the .conf file (hostname and the like) but just drop the bayes files in place and you'll hit the ground running... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Mon Jun 16 21:12:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 21:12:30 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> Message-ID: <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> 2008/6/16 Devon Harding : > > > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen wrote: >> >> 2008/6/16 Devon Harding : >> >>>> >> >>>> >> >>>> >> >>>> Devon Harding wrote: >> >>>> | I'm getting alot of spam coming through and it seems like >> >>>> the cause of >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm running >> >>>> MS 4.68.8 >> >>>> | with SA *Le Service des Technologies de l'Information de >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >>>> <*Le Service des Technologies de l'Information de l'UdeS veut >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >>>> tentative de fraude envers* http://3.2.4.> I've already >> >>>> trained hundreds of >> >>>> >> >>>> | messages like these as spam and it doesn't seem to work. >> >>>> What else can >> >>>> | I do? >> >>>> >> >>>> My guess is that you are training the wrong database. You >> >>>> train another >> >>>> database and not the one you are using with MailScanner. >> >>>> >> >>>> Hugo. >> >>>> >> >>>> >> >>>> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >> >>>> here: >> >>>> >> >>>> /etc/MailScanner/.spamassassin >> >>>> >> >>>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >>>> scratch? >> >>>> >> >>> Devon, >> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >>> >> >>> Denis >> >>> >> >>> -- >> >> >> >> I've restored the starter DB and I do see the new files in >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the >> >> one >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I >> >> do a >> >> lint from the Tools tab, i Get the following: >> >> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> //.spamassassin/bayes_toks >> > >> > >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> > --debug-sa >> > after the restore and did see: >> > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> > /root/.spamassassin/bayes_toks >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> > /root/.spamassassin/bayes_seen >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> > 11:52:13 [5879] dbg: bayes: learned >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> > 1213631520 >> > 11:52:13 [5879] dbg: bayes: untie-ing >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> > >> > It seems that MailWatch is the one thats not working right. Any way to >> > relink this? >> > >> > -Devon >> > >> Make sure your apahce user (the one running your httpd processes... >> hence the one running MailWatch:-) can actually read the bayes >> files... "su" is your friend here... and if you want to be able to >> learn via MailWatch, make sure the same user can write them too. >> >> Cheers >> -- > > I have the right permissions set, the thing is MailWatch is not showing any > data for 'Bayes Database Information'. What is the tie in for MailWatch? > > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > > -Devon > But can the apache user access the directory? MailWatch isn't particularly "magical" here, it uses the same info as all else... Try something like "su - apache -s /bin/bash" and then "cd /path/to/where/you/have/the/bayes/files"... Might give a clue:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 21:25:54 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 21:26:29 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> References: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> Message-ID: <4856CC52.6020609@USherbrooke.ca> Dave Jones a ?crit : > > >> You can reinstall MailScanner but you will still have the same perl > >> conflicts next time a perl module gets updated on RPMforge (or > >> whatever your repo is that has the conflicting package). > >> > >> I would simply force the install of the perl modules (I do it all the > >> time) with the conflict from the MailScanner installation: > >> > >> # rpm -Uhv --force > >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > >> > >> Substitute "rpmforge" above with whatever your repository name is and > >> the RPM file in question. > >> > >> Dave > >> > >> -- > >> Dave Jones > >Dave, > > > >It didn't work on my RHEL 5.2 server: > >[root@smtps ~]# rpm -Uvh --force > >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/lost\+found/.*. > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/\.journal. > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/lost\+found. > >Preparing... ########################################### > >[100%] > >1:perl ########################################### > >[100%] > >[root@smtps ~]# MailScanner --lint > > > > > >**** ERROR: You must upgrade your perl IO module to at least > >**** ERROR: version 1.2301 or MailScanner will not work! > > > >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp > >perl-Math-BigInt perl-Math-BigRat perl-bignum > > > >Denis > > Sounds like you might have SELinux active. Run "getenforce" and if it > is "Enforcing" then run "setenforce 0" to make it "Permissive". Then > run your command again. > > If permissive mode allows the package install command to work with > --force, then disable SELinux or try your hand at updating the SELinux > policy that is preventing it from installing. RHEL 5 is supposed to > be much easier to customize SELinux policies but I haven't played with > it yet. I still just disable it during the install and go... > > -- > Dave Jones Dave, It is disabled on all my servers (I just checked and getenforce returns Disabled)... I see the "selinux" messages all the time whenever I install or upgrade an RPM... to the point where I don't even pay any attention to them... could have been the reason I had problem, though! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 22:03:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 22:03:46 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> Message-ID: <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: > 2008/6/16 Devon Harding : > > > > > > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > wrote: > >> > >> 2008/6/16 Devon Harding : > >> >>>> > >> >>>> > >> >>>> > >> >>>> Devon Harding wrote: > >> >>>> | I'm getting alot of spam coming through and it seems like > >> >>>> the cause of > >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm running > >> >>>> MS 4.68.8 > >> >>>> | with SA *Le Service des Technologies de l'Information de > >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >>>> <*Le Service des Technologies de l'Information de l'UdeS > veut > >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >> >>>> tentative de fraude envers* http://3.2.4.> I've already > >> >>>> trained hundreds of > >> >>>> > >> >>>> | messages like these as spam and it doesn't seem to work. > >> >>>> What else can > >> >>>> | I do? > >> >>>> > >> >>>> My guess is that you are training the wrong database. You > >> >>>> train another > >> >>>> database and not the one you are using with MailScanner. > >> >>>> > >> >>>> Hugo. > >> >>>> > >> >>>> > >> >>>> > >> >>>> For MS, where is the Bayes DB path specified? My DB is located > >> >>>> here: > >> >>>> > >> >>>> /etc/MailScanner/.spamassassin > >> >>>> > >> >>>> > >> >>>> I think my BAYES is all messed up. How do I rebuild it from > >> >>>> scratch? > >> >>>> > >> >>> Devon, > >> >>> > >> >>> Look here for a starter kit: http://www.fsl.com/resources.html > >> >>> > >> >>> Denis > >> >>> > >> >>> -- > >> >> > >> >> I've restored the starter DB and I do see the new files in > >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > >> >> one > >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When > I > >> >> do a > >> >> lint from the Tools tab, i Get the following: > >> >> > >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >> //.spamassassin/bayes_toks > >> > > >> > > >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > >> > --debug-sa > >> > after the restore and did see: > >> > > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> > /root/.spamassassin/bayes_toks > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> > /root/.spamassassin/bayes_seen > >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> > 11:52:13 [5879] dbg: bayes: learned > >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > >> > 1213631520 > >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> > > >> > It seems that MailWatch is the one thats not working right. Any way > to > >> > relink this? > >> > > >> > -Devon > >> > > >> Make sure your apahce user (the one running your httpd processes... > >> hence the one running MailWatch:-) can actually read the bayes > >> files... "su" is your friend here... and if you want to be able to > >> learn via MailWatch, make sure the same user can write them too. > >> > >> Cheers > >> -- > > > > I have the right permissions set, the thing is MailWatch is not showing > any > > data for 'Bayes Database Information'. What is the tie in for MailWatch? > > > > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > > > > -Devon > > > But can the apache user access the directory? > MailWatch isn't particularly "magical" here, it uses the same info as > all else... > > Try something like "su - apache -s /bin/bash" and then "cd > /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > > Cheers > -- > -- Glenn > User apache can access this fine. I didn't see anything in the MailWatch .conf file on Bayes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/5e73db17/attachment.html From glenn.steen at gmail.com Mon Jun 16 23:16:14 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 23:16:24 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> Message-ID: <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> 2008/6/16 Devon Harding : > > > On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: >> >> 2008/6/16 Devon Harding : >> > >> > >> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> > wrote: >> >> >> >> 2008/6/16 Devon Harding : >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> Devon Harding wrote: >> >> >>>> | I'm getting alot of spam coming through and it seems like >> >> >>>> the cause of >> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >> >>>> running >> >> >>>> MS 4.68.8 >> >> >>>> | with SA *Le Service des Technologies de l'Information de >> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS >> >> >>>> veut >> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >> >>>> tentative de fraude envers* http://3.2.4.> I've already >> >> >>>> trained hundreds of >> >> >>>> >> >> >>>> | messages like these as spam and it doesn't seem to work. >> >> >>>> What else can >> >> >>>> | I do? >> >> >>>> >> >> >>>> My guess is that you are training the wrong database. You >> >> >>>> train another >> >> >>>> database and not the one you are using with MailScanner. >> >> >>>> >> >> >>>> Hugo. >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >> >> >>>> here: >> >> >>>> >> >> >>>> /etc/MailScanner/.spamassassin >> >> >>>> >> >> >>>> >> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >> >>>> scratch? >> >> >>>> >> >> >>> Devon, >> >> >>> >> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >> >>> >> >> >>> Denis >> >> >>> >> >> >>> -- >> >> >> >> >> >> I've restored the starter DB and I do see the new files in >> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed >> >> >> the >> >> >> one >> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >> >> >> When I >> >> >> do a >> >> >> lint from the Tools tab, i Get the following: >> >> >> >> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> >> //.spamassassin/bayes_toks >> >> > >> >> > >> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> >> > --debug-sa >> >> > after the restore and did see: >> >> > >> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> > /root/.spamassassin/bayes_toks >> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> > /root/.spamassassin/bayes_seen >> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >> > 11:52:13 [5879] dbg: bayes: learned >> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> >> > 1213631520 >> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >> > >> >> > It seems that MailWatch is the one thats not working right. Any way >> >> > to >> >> > relink this? >> >> > >> >> > -Devon >> >> > >> >> Make sure your apahce user (the one running your httpd processes... >> >> hence the one running MailWatch:-) can actually read the bayes >> >> files... "su" is your friend here... and if you want to be able to >> >> learn via MailWatch, make sure the same user can write them too. >> >> >> >> Cheers >> >> -- >> > >> > I have the right permissions set, the thing is MailWatch is not showing >> > any >> > data for 'Bayes Database Information'. What is the tie in for >> > MailWatch? >> > >> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> > >> > -Devon >> > >> But can the apache user access the directory? >> MailWatch isn't particularly "magical" here, it uses the same info as >> all else... >> >> Try something like "su - apache -s /bin/bash" and then "cd >> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >> Cheers >> -- >> -- Glenn > > User apache can access this fine. I didn't see anything in the MailWatch > .conf file on Bayes > That's because there is nothing there....:-). It uses the same info all else do (through the normal SA method... The .cf files). Unless this is something hardcoded into the scriptlet handling the SA db dump... Haven't checked that (and will not be anwhere I can check it until tomorrow... You have a look:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lists at designmedia.com Tue Jun 17 00:17:59 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 00:18:16 2008 Subject: BAYES_00 is killing me References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> Message-ID: Devon Harding gmail.com> writes: > User apache can access this fine. I didn't see anything in the > MailWatch .conf file on Bayes Have you tried explicitly calling out the path in either local.cf or /etc/MailScanner/spam.assassin.prefs.conf? Something like: bayes_path /root/.spamassassin/bayes From Robert.Meurlin at se.fujitsu.com Tue Jun 17 07:51:44 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Tue Jun 17 07:52:31 2008 Subject: SV: SV: mailscanner dont process email at all In-Reply-To: <485660C0.1080803@USherbrooke.ca> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> Message-ID: <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Its running as a process but in the log it just says MailScanner[21338]: MailScanner E-Mail Virus Scanner version 4.69.9 starting... It doesn't seem that it starts up. MailScanner[3242]: Config: calling custom init function MailWatchLogging Jun 17 08:44:33 MailScanner[3242]: Started SQL Logging child Jun 17 08:44:33 MailScanner[3242]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 17 08:44:34 MailScanner[3242]: Using SpamAssassin results cache Jun 17 08:44:34 MailScanner[3242]: Connected to SpamAssassin cache database And after that it doesn't process any incoming mail. I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any parameters, tried to restart the server. I have made any changes in MailScanner.conf either, iam confused :( Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Denis Beauchemin Skickat: den 16 juni 2008 14:47 Till: MailScanner discussion ?mne: Re: SV: mailscanner dont process email at all Meurlin Robert a ?crit : > Does anyone have more ides? Have looked at everything I can think of. > Robert, Is MailScanner running? Any messages from MS in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at designmedia.com Tue Jun 17 08:11:31 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 08:11:53 2008 Subject: SV: SV: mailscanner dont process email at all References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Message-ID: Meurlin Robert se.fujitsu.com> writes: > And after that it doesn't process any incoming mail. > > I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any > parameters, tried to restart the server. > > I have made any changes in MailScanner.conf either, iam confused :( Does flushing the sendmail queue manually do anything? From Robert.Meurlin at se.fujitsu.com Tue Jun 17 09:52:47 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Tue Jun 17 09:57:41 2008 Subject: SV: SV: SV: mailscanner dont process email at all In-Reply-To: References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x><485660C0.1080803@USherbrooke.ca><797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Message-ID: <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. Is the last option to reinstall mailscanner? All points to that is the problem. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Henry Kwan Skickat: den 17 juni 2008 09:12 Till: mailscanner@lists.mailscanner.info ?mne: Re: SV: SV: mailscanner dont process email at all Meurlin Robert se.fujitsu.com> writes: > And after that it doesn't process any incoming mail. > > I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any > parameters, tried to restart the server. > > I have made any changes in MailScanner.conf either, iam confused :( Does flushing the sendmail queue manually do anything? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 17 10:11:05 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:11:16 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> Message-ID: <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> 2008/6/17 Glenn Steen : > 2008/6/16 Devon Harding : >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: >>> >>> 2008/6/16 Devon Harding : >>> > >>> > >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >>> > wrote: >>> >> >>> >> 2008/6/16 Devon Harding : >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> Devon Harding wrote: >>> >> >>>> | I'm getting alot of spam coming through and it seems like >>> >> >>>> the cause of >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >>> >> >>>> running >>> >> >>>> MS 4.68.8 >>> >> >>>> | with SA *Le Service des Technologies de l'Information de >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >>> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS >>> >> >>>> veut >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've already >>> >> >>>> trained hundreds of >>> >> >>>> >>> >> >>>> | messages like these as spam and it doesn't seem to work. >>> >> >>>> What else can >>> >> >>>> | I do? >>> >> >>>> >>> >> >>>> My guess is that you are training the wrong database. You >>> >> >>>> train another >>> >> >>>> database and not the one you are using with MailScanner. >>> >> >>>> >>> >> >>>> Hugo. >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >>> >> >>>> here: >>> >> >>>> >>> >> >>>> /etc/MailScanner/.spamassassin >>> >> >>>> >>> >> >>>> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >>> >> >>>> scratch? >>> >> >>>> >>> >> >>> Devon, >>> >> >>> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >>> >> >>> >>> >> >>> Denis >>> >> >>> >>> >> >>> -- >>> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed >>> >> >> the >>> >> >> one >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >>> >> >> When I >>> >> >> do a >>> >> >> lint from the Tools tab, i Get the following: >>> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >>> >> >> //.spamassassin/bayes_toks >>> >> > >>> >> > >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >>> >> > --debug-sa >>> >> > after the restore and did see: >>> >> > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >>> >> > /root/.spamassassin/bayes_toks >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >>> >> > /root/.spamassassin/bayes_seen >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >>> >> > 11:52:13 [5879] dbg: bayes: learned >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >>> >> > 1213631520 >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >>> >> > >>> >> > It seems that MailWatch is the one thats not working right. Any way >>> >> > to >>> >> > relink this? >>> >> > >>> >> > -Devon >>> >> > >>> >> Make sure your apahce user (the one running your httpd processes... >>> >> hence the one running MailWatch:-) can actually read the bayes >>> >> files... "su" is your friend here... and if you want to be able to >>> >> learn via MailWatch, make sure the same user can write them too. >>> >> >>> >> Cheers >>> >> -- >>> > >>> > I have the right permissions set, the thing is MailWatch is not showing >>> > any >>> > data for 'Bayes Database Information'. What is the tie in for >>> > MailWatch? >>> > >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >>> > >>> > -Devon >>> > >>> But can the apache user access the directory? >>> MailWatch isn't particularly "magical" here, it uses the same info as >>> all else... >>> >>> Try something like "su - apache -s /bin/bash" and then "cd >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >>> >>> Cheers >>> -- >>> -- Glenn >> >> User apache can access this fine. I didn't see anything in the MailWatch >> .conf file on Bayes >> > That's because there is nothing there....:-). > It uses the same info all else do (through the normal SA method... The > .cf files). > > Unless this is something hardcoded into the scriptlet handling the SA > db dump... Haven't checked that (and will not be anwhere I can check > it until tomorrow... You have a look:-). > > Cheers Nope, nothing strange here, the call is to sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic in bayes_info.php ... Where /path/to/MailScanner likely expands as /etc/MailScanner or similar (this is from the SA_PREFS setting in conf.php). As the apache user, can you run the above command? What do you get? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kte at nexis.be Tue Jun 17 10:23:15 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 10:23:26 2008 Subject: Milter-ahead configuration problem Message-ID: Hallo How do I configure the milter-ahead on sendmail, because I always go looks like a local recipient, skipping Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 4 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 3 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 euid=501 egid =501 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright 2004, 200 5 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, 2005 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB 4.2.52: (January 7, 2007) Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like a local recipient, skipping [root@mail ~]# more /etc/mail/mailertable nexis.be esmtp:[mailserver.nexis.be] [root@mail ~]# more /etc/mail/access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY nexis.be RELAY mx record refers to our real mailserver where can I disable that he says it looks like a local recipient?? Koen Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/fc813756/attachment.html From glenn.steen at gmail.com Tue Jun 17 10:27:47 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:27:58 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> 2008/6/16 Kevin Miller : > Jay R. Ashworth wrote: >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >>> Welcome to MailScanner - almost as much fun as Rivendell! >> >> Everyone's Following Me!!! :-) > > Great minds think alike? > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the rpm > installs. Could be wrong on that - never had to look too closely. Not > sure what the best practice is for that. I'm sure someone will chime in > on it. This is a great group. > > >> Wow, there's a lot of stuff in my maillogs... > > Yeah. Email gateways are busier than a one legged man in a butt kicking > contest. > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the new > machine. There's a few minor edits in the .conf file (hostname and the > like) but just drop the bayes files in place and you'll hit the ground > running... > That's pretty much how you upgrade the source dist too:-). Install the new one to its own directory in /opt, use upgrade_MailScanner_conf on the old file, copy over any modified ruleset files... stop MS, relink to the new install, star MailScanner... Did I miss anything? Don't think so:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 17 10:38:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:39:01 2008 Subject: SV: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> <48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> Message-ID: <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> 2008/6/17 Meurlin Robert : > Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. > > Is the last option to reinstall mailscanner? All points to that is the problem. > Hej Robert, You mention configtest ... Is this a command? What is it supposed to do for you? Is this running on cPanel or similar? How did you do the install? What version of OS/distro are you using? The more details the better answers:-). Tjena -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Jun 17 10:43:45 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 17 10:44:28 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> References: <20080616140331.GA27476@cgi.jachomes.com><20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03F0307A@HC-MBX02.herefordshire.gov.uk> And make sure all listed RBLS are still current and working. Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 17 June 2008 10:28 To: MailScanner discussion Subject: Re: Updating an adopted installation from 4.54 2008/6/16 Kevin Miller : > Jay R. Ashworth wrote: >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >>> Welcome to MailScanner - almost as much fun as Rivendell! >> >> Everyone's Following Me!!! :-) > > Great minds think alike? > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the > rpm installs. Could be wrong on that - never had to look too closely. > Not sure what the best practice is for that. I'm sure someone will > chime in on it. This is a great group. > > >> Wow, there's a lot of stuff in my maillogs... > > Yeah. Email gateways are busier than a one legged man in a butt > kicking contest. > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the > new machine. There's a few minor edits in the .conf file (hostname > and the > like) but just drop the bayes files in place and you'll hit the ground > running... > That's pretty much how you upgrade the source dist too:-). Install the new one to its own directory in /opt, use upgrade_MailScanner_conf on the old file, copy over any modified ruleset files... stop MS, relink to the new install, star MailScanner... Did I miss anything? Don't think so:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Jun 17 11:05:18 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jun 17 11:05:33 2008 Subject: Milter-ahead configuration problem In-Reply-To: References: Message-ID: <48578C5E.4050601@alexb.ch> On 6/17/2008 11:23 AM, kte@nexis.be wrote: > Hallo > > How do I configure the milter-ahead on sendmail, because I always go looks > like a local recipient, skipping > > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 4 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 3 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 > euid=501 egid > =501 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright > 2004, 200 > 5 by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, > 2005 > by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) > Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB > 4.2.52: > (January 7, 2007) > Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like > a local recipient, skipping > > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? in milter-ahead.cf what did you enter for: access-db= From martyn at invictawiz.com Tue Jun 17 11:20:39 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Tue Jun 17 11:22:43 2008 Subject: MailScanner website Message-ID: <48578FF7.4060606@invictawiz.com> Hmmm I have just been looking for some information on the MailScanner website and I noticed this snippet: "Black shirts, embroidered shirts and other items with an updated design , ships from Germany" Blackshirts, coming from Germany? Is there something secret about MailScanner that we all need to know about? :-) -- Martyn Routley ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/479e4286/attachment.html From steve.freegard at fsl.com Tue Jun 17 11:31:49 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jun 17 11:32:00 2008 Subject: Milter-ahead configuration problem In-Reply-To: References: Message-ID: <48579295.9030605@fsl.com> kte@nexis.be wrote: > *Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks > like a local recipient, skipping* > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? > If you have 'access-db=/etc/mail/access.db' then the 'nexis.be RELAY' entry will act like a whitelist entry on earlier versions of libsnert. Add the entry: 'milter-ahead-To:nexis.be SKIP' To your access-map and then rebuild it and you should find that milter-ahead starts doing the call-aheads correctly. Kind regards, Steve. From kte at nexis.be Tue Jun 17 11:33:59 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 11:34:09 2008 Subject: Milter-ahead configuration problem In-Reply-To: <48578C5E.4050601@alexb.ch> Message-ID: @ the moment I don't have that parameter in my milter-ahead.cf Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be Alex Broens Sent by: mailscanner-bounces@lists.mailscanner.info 17/06/2008 12:05 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Milter-ahead configuration problem On 6/17/2008 11:23 AM, kte@nexis.be wrote: > Hallo > > How do I configure the milter-ahead on sendmail, because I always go looks > like a local recipient, skipping > > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 4 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 3 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 > euid=501 egid > =501 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright > 2004, 200 > 5 by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, > 2005 > by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) > Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB > 4.2.52: > (January 7, 2007) > Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like > a local recipient, skipping > > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? in milter-ahead.cf what did you enter for: access-db= -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/4cec8eb0/attachment.html From jodedor at gmail.com Tue Jun 17 11:35:20 2008 From: jodedor at gmail.com (David Guillermo) Date: Tue Jun 17 11:35:30 2008 Subject: Syntax error(s) in configuration file Message-ID: Hi. my problem is: Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner E-Mail Virus Scanner version 4.69.9 starting... Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) in configuration file: Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 servidor1 MailScanner[26675]: Warning: syntax errors in /etc/MailScanner/MailScanner.conf. in my /etc/MailScanner/MailScanner.conf. is SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf my version... MailScanner -V This is Fedora Core release 6 (Zod) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.69.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 0.21 bignum 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 0.19 Math::BigRat 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long missing Inline missing IO::String 1.04 IO::Zlib missing IP::Country missing Mail::ClamAV 3.001009 Mail::SpamAssassin missing Mail::SPF missing Mail::SPF::Query missing Module::Build missing Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable 0.34 Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.56 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI missing version missing YAML -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From martinh at solidstatelogic.com Tue Jun 17 11:57:05 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 17 11:57:15 2008 Subject: Syntax error(s) in configuration file In-Reply-To: Message-ID: David Kinda what it says really....you no longer need a spamassassisinprefs setting in MailScanner.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of David Guillermo > Sent: 17 June 2008 11:35 > To: MailScanner discussion > Subject: Syntax error(s) in configuration file > > Hi. > > my problem is: > > Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner > E-Mail Virus Scanner version 4.69.9 starting... > Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) > in configuration file: > Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised > keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 > servidor1 MailScanner[26675]: Warning: syntax errors in > /etc/MailScanner/MailScanner.conf. > > in my /etc/MailScanner/MailScanner.conf. > is > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > my version... MailScanner -V > > This is Fedora Core release 6 (Zod) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.69.9 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 0.21 bignum > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 0.19 Math::BigRat > 3.07 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.07 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 2.15 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.14 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Encode::Detect > missing Error > missing ExtUtils::CBuilder > missing ExtUtils::ParseXS > 2.36 Getopt::Long > missing Inline > missing IO::String > 1.04 IO::Zlib > missing IP::Country > missing Mail::ClamAV > 3.001009 Mail::SpamAssassin > missing Mail::SPF > missing Mail::SPF::Query > missing Module::Build > missing Net::CIDR::Lite > 0.63 Net::DNS > missing Net::DNS::Resolver::Programmable > 0.34 Net::LDAP > missing NetAddr::IP > missing Parse::RecDescent > missing SAVI > 2.56 Test::Harness > missing Test::Manifest > 1.95 Text::Balanced > 1.35 URI > missing version > missing YAML > > -- > -:- j0d3 > David Guillermo Rodriguez > Debian Unstable/Sid GNU/Linux > e-mail: davocasc98@gmail.com > http://j0d3.blogspot.com > Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ > Kernel: 2.6.24.2 > Linux user #408522 > -:- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From kte at nexis.be Tue Jun 17 12:55:05 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 12:55:15 2008 Subject: Milter-ahead configuration problem In-Reply-To: <48579295.9030605@fsl.com> Message-ID: Hello Steve, So i just add milter-ahead-To:nexis.be SKIP after nexis.be RELAY in the access file?? and force acces.db in sendmail.cf Koen Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be Steve Freegard Sent by: mailscanner-bounces@lists.mailscanner.info 17/06/2008 12:31 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Milter-ahead configuration problem kte@nexis.be wrote: > *Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks > like a local recipient, skipping* > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? > If you have 'access-db=/etc/mail/access.db' then the 'nexis.be RELAY' entry will act like a whitelist entry on earlier versions of libsnert. Add the entry: 'milter-ahead-To:nexis.be SKIP' To your access-map and then rebuild it and you should find that milter-ahead starts doing the call-aheads correctly. Kind regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/ff3e25d7/attachment.html From devonharding at gmail.com Tue Jun 17 13:19:03 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 13:19:11 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> Message-ID: <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen wrote: > 2008/6/17 Glenn Steen : > > 2008/6/16 Devon Harding : > >> > >> > >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen > wrote: > >>> > >>> 2008/6/16 Devon Harding : > >>> > > >>> > > >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > >>> > wrote: > >>> >> > >>> >> 2008/6/16 Devon Harding : > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> Devon Harding wrote: > >>> >> >>>> | I'm getting alot of spam coming through and it seems > like > >>> >> >>>> the cause of > >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm > >>> >> >>>> running > >>> >> >>>> MS 4.68.8 > >>> >> >>>> | with SA *Le Service des Technologies de l'Information > de > >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui > semble > >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. < > http://3.2.4.> > >>> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS > >>> >> >>>> veut > >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > already > >>> >> >>>> trained hundreds of > >>> >> >>>> > >>> >> >>>> | messages like these as spam and it doesn't seem to > work. > >>> >> >>>> What else can > >>> >> >>>> | I do? > >>> >> >>>> > >>> >> >>>> My guess is that you are training the wrong database. > You > >>> >> >>>> train another > >>> >> >>>> database and not the one you are using with MailScanner. > >>> >> >>>> > >>> >> >>>> Hugo. > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is > located > >>> >> >>>> here: > >>> >> >>>> > >>> >> >>>> /etc/MailScanner/.spamassassin > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from > >>> >> >>>> scratch? > >>> >> >>>> > >>> >> >>> Devon, > >>> >> >>> > >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html > >>> >> >>> > >>> >> >>> Denis > >>> >> >>> > >>> >> >>> -- > >>> >> >> > >>> >> >> I've restored the starter DB and I do see the new files in > >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed > >>> >> >> the > >>> >> >> one > >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. > >>> >> >> When I > >>> >> >> do a > >>> >> >> lint from the Tools tab, i Get the following: > >>> >> >> > >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >>> >> >> //.spamassassin/bayes_toks > >>> >> > > >>> >> > > >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > >>> >> > --debug-sa > >>> >> > after the restore and did see: > >>> >> > > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >>> >> > /root/.spamassassin/bayes_toks > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >>> >> > /root/.spamassassin/bayes_seen > >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >>> >> > 11:52:13 [5879] dbg: bayes: learned > >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > >>> >> > 1213631520 > >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >>> >> > > >>> >> > It seems that MailWatch is the one thats not working right. Any > way > >>> >> > to > >>> >> > relink this? > >>> >> > > >>> >> > -Devon > >>> >> > > >>> >> Make sure your apahce user (the one running your httpd processes... > >>> >> hence the one running MailWatch:-) can actually read the bayes > >>> >> files... "su" is your friend here... and if you want to be able to > >>> >> learn via MailWatch, make sure the same user can write them too. > >>> >> > >>> >> Cheers > >>> >> -- > >>> > > >>> > I have the right permissions set, the thing is MailWatch is not > showing > >>> > any > >>> > data for 'Bayes Database Information'. What is the tie in for > >>> > MailWatch? > >>> > > >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >>> > > >>> > -Devon > >>> > > >>> But can the apache user access the directory? > >>> MailWatch isn't particularly "magical" here, it uses the same info as > >>> all else... > >>> > >>> Try something like "su - apache -s /bin/bash" and then "cd > >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >>> > >>> Cheers > >>> -- > >>> -- Glenn > >> > >> User apache can access this fine. I didn't see anything in the > MailWatch > >> .conf file on Bayes > >> > > That's because there is nothing there....:-). > > It uses the same info all else do (through the normal SA method... The > > .cf files). > > > > Unless this is something hardcoded into the scriptlet handling the SA > > db dump... Haven't checked that (and will not be anwhere I can check > > it until tomorrow... You have a look:-). > > > > Cheers > > Nope, nothing strange here, the call is to > sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > in bayes_info.php ... Where /path/to/MailScanner likely expands as > /etc/MailScanner or similar (this is from the SA_PREFS setting in > conf.php). > > As the apache user, can you run the above command? What do you get? > > Cheers > -- > -- Glenn > This was run as apache: bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 448 0 non-token data: nspam 0.000 0 1287 0 non-token data: nham 0.000 0 170860 0 non-token data: ntokens 0.000 0 1171294928 0 non-token data: oldest atime 0.000 0 1213703845 0 non-token data: newest atime 0.000 0 1213700281 0 non-token data: last journal sync atime 0.000 0 1213671060 0 non-token data: last expiry atime 0.000 0 11059200 0 non-token data: last expire atime delta 0.000 0 24264 0 non-token data: last expire reduction count bash-3.1$ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/7c16ac99/attachment.html From davejones70 at gmail.com Tue Jun 17 13:55:10 2008 From: davejones70 at gmail.com (Dave Jones) Date: Tue Jun 17 13:55:20 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> >Dave Jones a ?crit : >> >> >> You can reinstall MailScanner but you will still have the same perl >> >> conflicts next time a perl module gets updated on RPMforge (or >> >> whatever your repo is that has the conflicting package). >> >> >> >> I would simply force the install of the perl modules (I do it all the >> >> time) with the conflict from the MailScanner installation: >> >> >> >> # rpm -Uhv --force >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> >> >> Substitute "rpmforge" above with whatever your repository name is and >> >> the RPM file in question. >> >> >> >> Dave >> >> >> >> -- >> >> Dave Jones >> >Dave, >> > >> >It didn't work on my RHEL 5.2 server: >> >[root@smtps ~]# rpm -Uvh --force >> >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found/.*. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/\.journal. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found. >> >Preparing... ########################################### >> >[100%] >> >1:perl ########################################### >> >[100%] >> >[root@smtps ~]# MailScanner --lint >> > >> > >> >**** ERROR: You must upgrade your perl IO module to at least >> >**** ERROR: version 1.2301 or MailScanner will not work! >> > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >> >perl-Math-BigInt perl-Math-BigRat perl-bignum >> > >> >Denis >> >> Sounds like you might have SELinux active. Run "getenforce" and if it >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then >> run your command again. >> >> If permissive mode allows the package install command to work with >> --force, then disable SELinux or try your hand at updating the SELinux >> policy that is preventing it from installing. RHEL 5 is supposed to >> be much easier to customize SELinux policies but I haven't played with >> it yet. I still just disable it during the install and go... >> >> -- >> Dave Jones > >Dave, > >It is disabled on all my servers (I just checked and getenforce returns >Disabled)... I see the "selinux" messages all the time whenever I >install or upgrade an RPM... to the point where I don't even pay any >attention to them... could have been the reason I had problem, though! > >Denis Now that I see your repo is "rhel-i386-server-5" then there could be a few other things it could be. What repos do you have installed and active? If you have RPMforge installed (which every CentOS box should have), it may overlap some packages with with the RHEL repo. We install RPMforge on our RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we only enable it for specific packages from the command line with the "--enable-repo=rpmforge" option. On a RHEL server like yours, the perl packages should come from the RHEL repo to keep everything clean. Is it possible that perl was updated or installed from another source? You might try removing and reinstalling perl after making sure that the only active repo is "rhel-i386-server-5." -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/307a0c4b/attachment.html From glenn.steen at gmail.com Tue Jun 17 14:51:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 14:51:36 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> Message-ID: <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> 2008/6/17 Devon Harding : > > > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen wrote: >> >> 2008/6/17 Glenn Steen : >> > 2008/6/16 Devon Harding : >> >> >> >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen >> >> wrote: >> >>> >> >>> 2008/6/16 Devon Harding : >> >>> > >> >>> > >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> >>> > wrote: >> >>> >> >> >>> >> 2008/6/16 Devon Harding : >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> Devon Harding wrote: >> >>> >> >>>> | I'm getting alot of spam coming through and it seems >> >>> >> >>>> like >> >>> >> >>>> the cause of >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >>> >> >>>> running >> >>> >> >>>> MS 4.68.8 >> >>> >> >>>> | with SA *Le Service des Technologies de l'Information >> >>> >> >>>> de >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui >> >>> >> >>>> semble >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >>> >> >>>> >> >>> >> >>>> <*Le Service des Technologies de l'Information de >> >>> >> >>>> l'UdeS >> >>> >> >>>> veut >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've >> >>> >> >>>> already >> >>> >> >>>> trained hundreds of >> >>> >> >>>> >> >>> >> >>>> | messages like these as spam and it doesn't seem to >> >>> >> >>>> work. >> >>> >> >>>> What else can >> >>> >> >>>> | I do? >> >>> >> >>>> >> >>> >> >>>> My guess is that you are training the wrong database. >> >>> >> >>>> You >> >>> >> >>>> train another >> >>> >> >>>> database and not the one you are using with >> >>> >> >>>> MailScanner. >> >>> >> >>>> >> >>> >> >>>> Hugo. >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is >> >>> >> >>>> located >> >>> >> >>>> here: >> >>> >> >>>> >> >>> >> >>>> /etc/MailScanner/.spamassassin >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >>> >> >>>> scratch? >> >>> >> >>>> >> >>> >> >>> Devon, >> >>> >> >>> >> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >>> >> >>> >> >>> >> >>> Denis >> >>> >> >>> >> >>> >> >>> -- >> >>> >> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and >> >>> >> >> removed >> >>> >> >> the >> >>> >> >> one >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >> >>> >> >> When I >> >>> >> >> do a >> >>> >> >> lint from the Tools tab, i Get the following: >> >>> >> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >>> >> >> //.spamassassin/bayes_toks >> >>> >> > >> >>> >> > >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> >>> >> > --debug-sa >> >>> >> > after the restore and did see: >> >>> >> > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >>> >> > /root/.spamassassin/bayes_toks >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >>> >> > /root/.spamassassin/bayes_seen >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >>> >> > 11:52:13 [5879] dbg: bayes: learned >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> >>> >> > 1213631520 >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >>> >> > >> >>> >> > It seems that MailWatch is the one thats not working right. Any >> >>> >> > way >> >>> >> > to >> >>> >> > relink this? >> >>> >> > >> >>> >> > -Devon >> >>> >> > >> >>> >> Make sure your apahce user (the one running your httpd processes... >> >>> >> hence the one running MailWatch:-) can actually read the bayes >> >>> >> files... "su" is your friend here... and if you want to be able to >> >>> >> learn via MailWatch, make sure the same user can write them too. >> >>> >> >> >>> >> Cheers >> >>> >> -- >> >>> > >> >>> > I have the right permissions set, the thing is MailWatch is not >> >>> > showing >> >>> > any >> >>> > data for 'Bayes Database Information'. What is the tie in for >> >>> > MailWatch? >> >>> > >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> >>> > >> >>> > -Devon >> >>> > >> >>> But can the apache user access the directory? >> >>> MailWatch isn't particularly "magical" here, it uses the same info as >> >>> all else... >> >>> >> >>> Try something like "su - apache -s /bin/bash" and then "cd >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >>> >> >>> Cheers >> >>> -- >> >>> -- Glenn >> >> >> >> User apache can access this fine. I didn't see anything in the >> >> MailWatch >> >> .conf file on Bayes >> >> >> > That's because there is nothing there....:-). >> > It uses the same info all else do (through the normal SA method... The >> > .cf files). >> > >> > Unless this is something hardcoded into the scriptlet handling the SA >> > db dump... Haven't checked that (and will not be anwhere I can check >> > it until tomorrow... You have a look:-). >> > >> > Cheers >> >> Nope, nothing strange here, the call is to >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic >> in bayes_info.php ... Where /path/to/MailScanner likely expands as >> /etc/MailScanner or similar (this is from the SA_PREFS setting in >> conf.php). >> >> As the apache user, can you run the above command? What do you get? >> >> Cheers >> -- >> -- Glenn > > This was run as apache: > > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 448 0 non-token data: nspam > 0.000 0 1287 0 non-token data: nham > 0.000 0 170860 0 non-token data: ntokens > 0.000 0 1171294928 0 non-token data: oldest atime > 0.000 0 1213703845 0 non-token data: newest atime > 0.000 0 1213700281 0 non-token data: last journal sync > atime > 0.000 0 1213671060 0 non-token data: last expiry atime > 0.000 0 11059200 0 non-token data: last expire atime > delta > 0.000 0 24264 0 non-token data: last expire > reduction count > bash-3.1$ > Ok, and if you do (as the apache user) spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf (in reality, one should change MW to not use the -p preference file, since this is included as a .cf already... Don't do much harm though:-) Do you get the db error then? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Tue Jun 17 14:52:11 2008 From: ram at netcore.co.in (ram) Date: Tue Jun 17 14:52:28 2008 Subject: Disabling sare updates via sa-update Message-ID: <1213710731.10602.34.camel@localhost.localdomain> The http://www.rulesemporium.com/ site recommends disabling auto updates of SARE rules In MailScanner I dont see any way How this can be done. Can I turn off auto sa-update in in MailScanner , Or should I just remove sare rules from sa-update Thanks Ram From devonharding at gmail.com Tue Jun 17 15:11:51 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 15:11:59 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> Message-ID: <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen wrote: > 2008/6/17 Devon Harding : > > > > > > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen > wrote: > >> > >> 2008/6/17 Glenn Steen : > >> > 2008/6/16 Devon Harding : > >> >> > >> >> > >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen > >> >> wrote: > >> >>> > >> >>> 2008/6/16 Devon Harding : > >> >>> > > >> >>> > > >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen < > glenn.steen@gmail.com> > >> >>> > wrote: > >> >>> >> > >> >>> >> 2008/6/16 Devon Harding : > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> Devon Harding wrote: > >> >>> >> >>>> | I'm getting alot of spam coming through and it > seems > >> >>> >> >>>> like > >> >>> >> >>>> the cause of > >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm > >> >>> >> >>>> running > >> >>> >> >>>> MS 4.68.8 > >> >>> >> >>>> | with SA *Le Service des Technologies de > l'Information > >> >>> >> >>>> de > >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui > >> >>> >> >>>> semble > >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >>> >> >>>> > >> >>> >> >>>> <*Le Service des Technologies de l'Information de > >> >>> >> >>>> l'UdeS > >> >>> >> >>>> veut > >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre > une > >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > >> >>> >> >>>> already > >> >>> >> >>>> trained hundreds of > >> >>> >> >>>> > >> >>> >> >>>> | messages like these as spam and it doesn't seem to > >> >>> >> >>>> work. > >> >>> >> >>>> What else can > >> >>> >> >>>> | I do? > >> >>> >> >>>> > >> >>> >> >>>> My guess is that you are training the wrong database. > >> >>> >> >>>> You > >> >>> >> >>>> train another > >> >>> >> >>>> database and not the one you are using with > >> >>> >> >>>> MailScanner. > >> >>> >> >>>> > >> >>> >> >>>> Hugo. > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is > >> >>> >> >>>> located > >> >>> >> >>>> here: > >> >>> >> >>>> > >> >>> >> >>>> /etc/MailScanner/.spamassassin > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it > from > >> >>> >> >>>> scratch? > >> >>> >> >>>> > >> >>> >> >>> Devon, > >> >>> >> >>> > >> >>> >> >>> Look here for a starter kit: > http://www.fsl.com/resources.html > >> >>> >> >>> > >> >>> >> >>> Denis > >> >>> >> >>> > >> >>> >> >>> -- > >> >>> >> >> > >> >>> >> >> I've restored the starter DB and I do see the new files in > >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and > >> >>> >> >> removed > >> >>> >> >> the > >> >>> >> >> one > >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows > nothing. > >> >>> >> >> When I > >> >>> >> >> do a > >> >>> >> >> lint from the Tools tab, i Get the following: > >> >>> >> >> > >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >>> >> >> //.spamassassin/bayes_toks > >> >>> >> > > >> >>> >> > > >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner > --debug > >> >>> >> > --debug-sa > >> >>> >> > after the restore and did see: > >> >>> >> > > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >>> >> > /root/.spamassassin/bayes_toks > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >>> >> > /root/.spamassassin/bayes_seen > >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> >>> >> > 11:52:13 [5879] dbg: bayes: learned > >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', > atime: > >> >>> >> > 1213631520 > >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> >>> >> > > >> >>> >> > It seems that MailWatch is the one thats not working right. > Any > >> >>> >> > way > >> >>> >> > to > >> >>> >> > relink this? > >> >>> >> > > >> >>> >> > -Devon > >> >>> >> > > >> >>> >> Make sure your apahce user (the one running your httpd > processes... > >> >>> >> hence the one running MailWatch:-) can actually read the bayes > >> >>> >> files... "su" is your friend here... and if you want to be able > to > >> >>> >> learn via MailWatch, make sure the same user can write them too. > >> >>> >> > >> >>> >> Cheers > >> >>> >> -- > >> >>> > > >> >>> > I have the right permissions set, the thing is MailWatch is not > >> >>> > showing > >> >>> > any > >> >>> > data for 'Bayes Database Information'. What is the tie in for > >> >>> > MailWatch? > >> >>> > > >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >> >>> > > >> >>> > -Devon > >> >>> > > >> >>> But can the apache user access the directory? > >> >>> MailWatch isn't particularly "magical" here, it uses the same info > as > >> >>> all else... > >> >>> > >> >>> Try something like "su - apache -s /bin/bash" and then "cd > >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >> >>> > >> >>> Cheers > >> >>> -- > >> >>> -- Glenn > >> >> > >> >> User apache can access this fine. I didn't see anything in the > >> >> MailWatch > >> >> .conf file on Bayes > >> >> > >> > That's because there is nothing there....:-). > >> > It uses the same info all else do (through the normal SA method... The > >> > .cf files). > >> > > >> > Unless this is something hardcoded into the scriptlet handling the SA > >> > db dump... Haven't checked that (and will not be anwhere I can check > >> > it until tomorrow... You have a look:-). > >> > > >> > Cheers > >> > >> Nope, nothing strange here, the call is to > >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > >> in bayes_info.php ... Where /path/to/MailScanner likely expands as > >> /etc/MailScanner or similar (this is from the SA_PREFS setting in > >> conf.php). > >> > >> As the apache user, can you run the above command? What do you get? > >> > >> Cheers > >> -- > >> -- Glenn > > > > This was run as apache: > > > > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump > magic > > 0.000 0 3 0 non-token data: bayes db version > > 0.000 0 448 0 non-token data: nspam > > 0.000 0 1287 0 non-token data: nham > > 0.000 0 170860 0 non-token data: ntokens > > 0.000 0 1171294928 0 non-token data: oldest atime > > 0.000 0 1213703845 0 non-token data: newest atime > > 0.000 0 1213700281 0 non-token data: last journal sync > > atime > > 0.000 0 1213671060 0 non-token data: last expiry atime > > 0.000 0 11059200 0 non-token data: last expire atime > > delta > > 0.000 0 24264 0 non-token data: last expire > > reduction count > > bash-3.1$ > > > Ok, and if you do (as the apache user) > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > (in reality, one should change MW to not use the -p preference file, > since this is included as a .cf already... Don't do much harm > though:-) Do you get the db error then? > > Cheers > -- > -- Glenn > No error and it even finds bayes installed. I think its something with MW. [26297] dbg: replacetags: done replacing tags [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_toks [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_seen [26297] dbg: bayes: found bayes db version 3 [26297] dbg: bayes: DB journal sync: last sync: 1213700281 [26297] dbg: config: score set 2 chosen. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/d34ea140/attachment.html From martinh at solidstatelogic.com Tue Jun 17 15:11:48 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 17 15:12:03 2008 Subject: Disabling sare updates via sa-update In-Reply-To: <1213710731.10602.34.camel@localhost.localdomain> Message-ID: Ram This is a sa-update issue nothing to do with mailscanner.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 17 June 2008 14:52 > To: MailScanner discussion > Subject: Disabling sare updates via sa-update > > The http://www.rulesemporium.com/ site recommends disabling > auto updates of SARE rules > > In MailScanner I dont see any way How this can be done. > > Can I turn off auto sa-update in in MailScanner , Or should I > just remove sare rules from sa-update > > > Thanks > Ram > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jra at baylink.com Tue Jun 17 15:19:47 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 15:19:56 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <20080617141947.GC639@cgi.jachomes.com> On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: > That's pretty much how you upgrade the source dist too:-). > Install the new one to its own directory in /opt, use > upgrade_MailScanner_conf on the old file, copy over any modified > ruleset files... stop MS, relink to the new install, star > MailScanner... Did I miss anything? Don't think so:-) You missed that I don't know it as well as you do. :-) > Install the new one to its own directory in /opt Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be damned. :-) > use upgrade_MailScanner_conf on the old file "On the old install"? It sounds like you mean "run the upgrade script supplied with the new install against the old one". Do you? > copy over any modified ruleset files... from the old install to the new one...? > stop MS, relink to the new install, start MailScanner... This part I *think* I get, but I'm not 100% certain how the Sendmail 8.13 -> MailScanner link works. Is it in fact enough if I make sure that /opt/MailScanner points to the new install's home directory once I'm done? Is the only interface through the filesystem? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From glenn.steen at gmail.com Tue Jun 17 15:39:07 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 15:39:18 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> Message-ID: <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> 2008/6/17 Devon Harding : > > > On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen wrote: >> >> 2008/6/17 Devon Harding : >> > >> > >> > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen >> > wrote: >> >> >> >> 2008/6/17 Glenn Steen : >> >> > 2008/6/16 Devon Harding : >> >> >> >> >> >> >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen >> >> >> wrote: >> >> >>> >> >> >>> 2008/6/16 Devon Harding : >> >> >>> > >> >> >>> > >> >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> >> >>> > >> >> >>> > wrote: >> >> >>> >> >> >> >>> >> 2008/6/16 Devon Harding : >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> Devon Harding wrote: >> >> >>> >> >>>> | I'm getting alot of spam coming through and it >> >> >>> >> >>>> seems >> >> >>> >> >>>> like >> >> >>> >> >>>> the cause of >> >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >> >>> >> >>>> running >> >> >>> >> >>>> MS 4.68.8 >> >> >>> >> >>>> | with SA *Le Service des Technologies de >> >> >>> >> >>>> l'Information >> >> >>> >> >>>> de >> >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui >> >> >>> >> >>>> semble >> >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >> >>> >> >>>> >> >> >>> >> >>>> <*Le Service des Technologies de l'Information de >> >> >>> >> >>>> l'UdeS >> >> >>> >> >>>> veut >> >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre >> >> >>> >> >>>> une >> >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've >> >> >>> >> >>>> already >> >> >>> >> >>>> trained hundreds of >> >> >>> >> >>>> >> >> >>> >> >>>> | messages like these as spam and it doesn't seem to >> >> >>> >> >>>> work. >> >> >>> >> >>>> What else can >> >> >>> >> >>>> | I do? >> >> >>> >> >>>> >> >> >>> >> >>>> My guess is that you are training the wrong >> >> >>> >> >>>> database. >> >> >>> >> >>>> You >> >> >>> >> >>>> train another >> >> >>> >> >>>> database and not the one you are using with >> >> >>> >> >>>> MailScanner. >> >> >>> >> >>>> >> >> >>> >> >>>> Hugo. >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is >> >> >>> >> >>>> located >> >> >>> >> >>>> here: >> >> >>> >> >>>> >> >> >>> >> >>>> /etc/MailScanner/.spamassassin >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it >> >> >>> >> >>>> from >> >> >>> >> >>>> scratch? >> >> >>> >> >>>> >> >> >>> >> >>> Devon, >> >> >>> >> >>> >> >> >>> >> >>> Look here for a starter kit: >> >> >>> >> >>> http://www.fsl.com/resources.html >> >> >>> >> >>> >> >> >>> >> >>> Denis >> >> >>> >> >>> >> >> >>> >> >>> -- >> >> >>> >> >> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >> >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and >> >> >>> >> >> removed >> >> >>> >> >> the >> >> >>> >> >> one >> >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows >> >> >>> >> >> nothing. >> >> >>> >> >> When I >> >> >>> >> >> do a >> >> >>> >> >> lint from the Tools tab, i Get the following: >> >> >>> >> >> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> >>> >> >> //.spamassassin/bayes_toks >> >> >>> >> > >> >> >>> >> > >> >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner >> >> >>> >> > --debug >> >> >>> >> > --debug-sa >> >> >>> >> > after the restore and did see: >> >> >>> >> > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> >>> >> > /root/.spamassassin/bayes_toks >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> >>> >> > /root/.spamassassin/bayes_seen >> >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >> >>> >> > 11:52:13 [5879] dbg: bayes: learned >> >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', >> >> >>> >> > atime: >> >> >>> >> > 1213631520 >> >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >> >>> >> > >> >> >>> >> > It seems that MailWatch is the one thats not working right. >> >> >>> >> > Any >> >> >>> >> > way >> >> >>> >> > to >> >> >>> >> > relink this? >> >> >>> >> > >> >> >>> >> > -Devon >> >> >>> >> > >> >> >>> >> Make sure your apahce user (the one running your httpd >> >> >>> >> processes... >> >> >>> >> hence the one running MailWatch:-) can actually read the bayes >> >> >>> >> files... "su" is your friend here... and if you want to be able >> >> >>> >> to >> >> >>> >> learn via MailWatch, make sure the same user can write them too. >> >> >>> >> >> >> >>> >> Cheers >> >> >>> >> -- >> >> >>> > >> >> >>> > I have the right permissions set, the thing is MailWatch is not >> >> >>> > showing >> >> >>> > any >> >> >>> > data for 'Bayes Database Information'. What is the tie in for >> >> >>> > MailWatch? >> >> >>> > >> >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> >> >>> > >> >> >>> > -Devon >> >> >>> > >> >> >>> But can the apache user access the directory? >> >> >>> MailWatch isn't particularly "magical" here, it uses the same info >> >> >>> as >> >> >>> all else... >> >> >>> >> >> >>> Try something like "su - apache -s /bin/bash" and then "cd >> >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >> >>> >> >> >>> Cheers >> >> >>> -- >> >> >>> -- Glenn >> >> >> >> >> >> User apache can access this fine. I didn't see anything in the >> >> >> MailWatch >> >> >> .conf file on Bayes >> >> >> >> >> > That's because there is nothing there....:-). >> >> > It uses the same info all else do (through the normal SA method... >> >> > The >> >> > .cf files). >> >> > >> >> > Unless this is something hardcoded into the scriptlet handling the SA >> >> > db dump... Haven't checked that (and will not be anwhere I can check >> >> > it until tomorrow... You have a look:-). >> >> > >> >> > Cheers >> >> >> >> Nope, nothing strange here, the call is to >> >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic >> >> in bayes_info.php ... Where /path/to/MailScanner likely expands as >> >> /etc/MailScanner or similar (this is from the SA_PREFS setting in >> >> conf.php). >> >> >> >> As the apache user, can you run the above command? What do you get? >> >> >> >> Cheers >> >> -- >> >> -- Glenn >> > >> > This was run as apache: >> > >> > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump >> > magic >> > 0.000 0 3 0 non-token data: bayes db version >> > 0.000 0 448 0 non-token data: nspam >> > 0.000 0 1287 0 non-token data: nham >> > 0.000 0 170860 0 non-token data: ntokens >> > 0.000 0 1171294928 0 non-token data: oldest atime >> > 0.000 0 1213703845 0 non-token data: newest atime >> > 0.000 0 1213700281 0 non-token data: last journal >> > sync >> > atime >> > 0.000 0 1213671060 0 non-token data: last expiry >> > atime >> > 0.000 0 11059200 0 non-token data: last expire >> > atime >> > delta >> > 0.000 0 24264 0 non-token data: last expire >> > reduction count >> > bash-3.1$ >> > >> Ok, and if you do (as the apache user) >> spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf >> (in reality, one should change MW to not use the -p preference file, >> since this is included as a .cf already... Don't do much harm >> though:-) Do you get the db error then? >> >> Cheers >> -- >> -- Glenn > > No error and it even finds bayes installed. I think its something with MW. > > [26297] dbg: replacetags: done replacing tags > [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_toks > [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_seen > [26297] dbg: bayes: found bayes db version 3 > [26297] dbg: bayes: DB journal sync: last sync: 1213700281 > [26297] dbg: config: score set 2 chosen. > Ok, what is your MS_CONFIG setting and your SA_PREFS in conf.php (sorry all you others, this should be on the MW list, I know)? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arthur.sherman at gmail.com Tue Jun 17 15:46:59 2008 From: arthur.sherman at gmail.com (Arthur Sherman) Date: Tue Jun 17 15:47:17 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> Message-ID: <022f01c8d089$00f348e0$0201a8c0@dell> i used to update from DAG's repo on CentOS, in addition to main repos, it always worked fine. this time i had to remove the perl-IO and reinstall MS, as per advice - all forced. i didn't like forcing, seems unclean to me, but up to now it works well. thanks! Best, -- Arthur Sherman _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Jones Sent: Tuesday, June 17, 2008 3:55 PM To: mailscanner Subject: Re: Problem while updating perl >Dave Jones a ?crit : >> >> >> You can reinstall MailScanner but you will still have the same perl >> >> conflicts next time a perl module gets updated on RPMforge (or >> >> whatever your repo is that has the conflicting package). >> >> >> >> I would simply force the install of the perl modules (I do it all the >> >> time) with the conflict from the MailScanner installation: >> >> >> >> # rpm -Uhv --force >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> >> >> Substitute "rpmforge" above with whatever your repository name is and >> >> the RPM file in question. >> >> >> >> Dave >> >> >> >> -- >> >> Dave Jones >> >Dave, >> > >> >It didn't work on my RHEL 5.2 server: >> >[root@smtps ~]# rpm -Uvh --force >> >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found/.*. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/\.journal. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found. >> >Preparing... ########################################### >> >[100%] >> >1:perl ########################################### >> >[100%] >> >[root@smtps ~]# MailScanner --lint >> > >> > >> >**** ERROR: You must upgrade your perl IO module to at least >> >**** ERROR: version 1.2301 or MailScanner will not work! >> > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >> >perl-Math-BigInt perl-Math-BigRat perl-bignum >> > >> >Denis >> >> Sounds like you might have SELinux active. Run "getenforce" and if it >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then >> run your command again. >> >> If permissive mode allows the package install command to work with >> --force, then disable SELinux or try your hand at updating the SELinux >> policy that is preventing it from installing. RHEL 5 is supposed to >> be much easier to customize SELinux policies but I haven't played with >> it yet. I still just disable it during the install and go... >> >> -- >> Dave Jones > >Dave, > >It is disabled on all my servers (I just checked and getenforce returns >Disabled)... I see the "selinux" messages all the time whenever I >install or upgrade an RPM... to the point where I don't even pay any >attention to them... could have been the reason I had problem, though! > >Denis Now that I see your repo is "rhel-i386-server-5" then there could be a few other things it could be. What repos do you have installed and active? If you have RPMforge installed (which every CentOS box should have), it may overlap some packages with with the RHEL repo. We install RPMforge on our RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we only enable it for specific packages from the command line with the "--enable-repo=rpmforge" option. On a RHEL server like yours, the perl packages should come from the RHEL repo to keep everything clean. Is it possible that perl was updated or installed from another source? You might try removing and reinstalling perl after making sure that the only active repo is "rhel-i386-server-5." -- Dave Jones -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/71c5ce5a/attachment.html From glenn.steen at gmail.com Tue Jun 17 15:49:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 15:49:57 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080617141947.GC639@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> Message-ID: <223f97700806170749x6272f4cfl53381d5ed127009a@mail.gmail.com> 2008/6/17 Jay R. Ashworth : > On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: >> That's pretty much how you upgrade the source dist too:-). >> Install the new one to its own directory in /opt, use >> upgrade_MailScanner_conf on the old file, copy over any modified >> ruleset files... stop MS, relink to the new install, star >> MailScanner... Did I miss anything? Don't think so:-) > > You missed that I don't know it as well as you do. :-) :-) >> Install the new one to its own directory in /opt > > Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be > damned. :-) Doesn't matter as lon as the link is where it should:-). >> use upgrade_MailScanner_conf on the old file > > "On the old install"? It sounds like you mean "run the upgrade script > supplied with the new install against the old one". Do you? Sort of. You should run the upgrade script from the new install, supplying the old MailScanner.conf as the old file, and the new MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade script will instruct you correctly if you run it without an argument. It needs the new "default" file so that it can tell what options to remove/add from the old one. It will print the new and improved version on standard output, so just redirect that to a file MailScanner.new, look through that one, so that it looks OK, then move it into place on the new install. >> copy over any modified ruleset files... > > from the old install to the new one...? Yep. >> stop MS, relink to the new install, start MailScanner... > > This part I *think* I get, but I'm not 100% certain how the Sendmail > 8.13 -> MailScanner link works. Is it in fact enough if I make sure > that /opt/MailScanner points to the new install's home directory once > I'm done? Is the only interface through the filesystem? Eh, all it means is that you need use whatever startup script to stop MailScanner, do "rm /opt/MailScanner" to remove the symbolic link to the old install, "ln -s /appl/ms4.69.3 /opt/MailScanner" to create the symbolic link to the new install... and then use the same startup script to actually start it running again. Hope that clears any confusion:-) > Cheers, > -- jra Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Tue Jun 17 17:00:27 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 17 17:00:54 2008 Subject: Oh great Oracle that is the MS list Message-ID: <4857DF9B.9040904@pixelhammer.com> I cannot seen to reach the milter.info website, or the snertsoft.com website. I need to post to the list and to do so I need to sign up a freemail account. For some odd reason I am getting the following error now where I did not when posting to the milters list before. : 82.97.10.34 failed after I sent the message. Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: header #459 (k5GHfI268250091300) Can anyone else reach SnertSoft? Anyone ever see that error before? Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From uxbod at splatnix.net Tue Jun 17 17:08:14 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jun 17 17:08:44 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> Message-ID: <20836166.19491213718894369.JavaMail.root@office.splatnix.net> Cannot get to it from the UK. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "DAve" wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did > not > when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, > > DAve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Tue Jun 17 17:09:05 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 17:09:15 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> Message-ID: <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> On Tue, Jun 17, 2008 at 10:39 AM, Glenn Steen wrote: > 2008/6/17 Devon Harding : > > > > > > On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen > wrote: > >> > >> 2008/6/17 Devon Harding : > >> > > >> > > >> > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen > >> > wrote: > >> >> > >> >> 2008/6/17 Glenn Steen : > >> >> > 2008/6/16 Devon Harding : > >> >> >> > >> >> >> > >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen < > glenn.steen@gmail.com> > >> >> >> wrote: > >> >> >>> > >> >> >>> 2008/6/16 Devon Harding : > >> >> >>> > > >> >> >>> > > >> >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > >> >> >>> > > >> >> >>> > wrote: > >> >> >>> >> > >> >> >>> >> 2008/6/16 Devon Harding : > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> Devon Harding wrote: > >> >> >>> >> >>>> | I'm getting alot of spam coming through and it > >> >> >>> >> >>>> seems > >> >> >>> >> >>>> like > >> >> >>> >> >>>> the cause of > >> >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. > I'm > >> >> >>> >> >>>> running > >> >> >>> >> >>>> MS 4.68.8 > >> >> >>> >> >>>> | with SA *Le Service des Technologies de > >> >> >>> >> >>>> l'Information > >> >> >>> >> >>>> de > >> >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" > qui > >> >> >>> >> >>>> semble > >> >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >> >>> >> >>>> > >> >> >>> >> >>>> <*Le Service des Technologies de l'Information de > >> >> >>> >> >>>> l'UdeS > >> >> >>> >> >>>> veut > >> >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble > ?tre > >> >> >>> >> >>>> une > >> >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > >> >> >>> >> >>>> already > >> >> >>> >> >>>> trained hundreds of > >> >> >>> >> >>>> > >> >> >>> >> >>>> | messages like these as spam and it doesn't seem > to > >> >> >>> >> >>>> work. > >> >> >>> >> >>>> What else can > >> >> >>> >> >>>> | I do? > >> >> >>> >> >>>> > >> >> >>> >> >>>> My guess is that you are training the wrong > >> >> >>> >> >>>> database. > >> >> >>> >> >>>> You > >> >> >>> >> >>>> train another > >> >> >>> >> >>>> database and not the one you are using with > >> >> >>> >> >>>> MailScanner. > >> >> >>> >> >>>> > >> >> >>> >> >>>> Hugo. > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB > is > >> >> >>> >> >>>> located > >> >> >>> >> >>>> here: > >> >> >>> >> >>>> > >> >> >>> >> >>>> /etc/MailScanner/.spamassassin > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it > >> >> >>> >> >>>> from > >> >> >>> >> >>>> scratch? > >> >> >>> >> >>>> > >> >> >>> >> >>> Devon, > >> >> >>> >> >>> > >> >> >>> >> >>> Look here for a starter kit: > >> >> >>> >> >>> http://www.fsl.com/resources.html > >> >> >>> >> >>> > >> >> >>> >> >>> Denis > >> >> >>> >> >>> > >> >> >>> >> >>> -- > >> >> >>> >> >> > >> >> >>> >> >> I've restored the starter DB and I do see the new files in > >> >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and > >> >> >>> >> >> removed > >> >> >>> >> >> the > >> >> >>> >> >> one > >> >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows > >> >> >>> >> >> nothing. > >> >> >>> >> >> When I > >> >> >>> >> >> do a > >> >> >>> >> >> lint from the Tools tab, i Get the following: > >> >> >>> >> >> > >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >> >>> >> >> //.spamassassin/bayes_toks > >> >> >>> >> > > >> >> >>> >> > > >> >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner > >> >> >>> >> > --debug > >> >> >>> >> > --debug-sa > >> >> >>> >> > after the restore and did see: > >> >> >>> >> > > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >> >>> >> > /root/.spamassassin/bayes_toks > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >> >>> >> > /root/.spamassassin/bayes_seen > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: learned > >> >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', > >> >> >>> >> > atime: > >> >> >>> >> > 1213631520 > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> >> >>> >> > > >> >> >>> >> > It seems that MailWatch is the one thats not working right. > >> >> >>> >> > Any > >> >> >>> >> > way > >> >> >>> >> > to > >> >> >>> >> > relink this? > >> >> >>> >> > > >> >> >>> >> > -Devon > >> >> >>> >> > > >> >> >>> >> Make sure your apahce user (the one running your httpd > >> >> >>> >> processes... > >> >> >>> >> hence the one running MailWatch:-) can actually read the bayes > >> >> >>> >> files... "su" is your friend here... and if you want to be > able > >> >> >>> >> to > >> >> >>> >> learn via MailWatch, make sure the same user can write them > too. > >> >> >>> >> > >> >> >>> >> Cheers > >> >> >>> >> -- > >> >> >>> > > >> >> >>> > I have the right permissions set, the thing is MailWatch is not > >> >> >>> > showing > >> >> >>> > any > >> >> >>> > data for 'Bayes Database Information'. What is the tie in for > >> >> >>> > MailWatch? > >> >> >>> > > >> >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >> >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >> >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >> >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >> >> >>> > > >> >> >>> > -Devon > >> >> >>> > > >> >> >>> But can the apache user access the directory? > >> >> >>> MailWatch isn't particularly "magical" here, it uses the same > info > >> >> >>> as > >> >> >>> all else... > >> >> >>> > >> >> >>> Try something like "su - apache -s /bin/bash" and then "cd > >> >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >> >> >>> > >> >> >>> Cheers > >> >> >>> -- > >> >> >>> -- Glenn > >> >> >> > >> >> >> User apache can access this fine. I didn't see anything in the > >> >> >> MailWatch > >> >> >> .conf file on Bayes > >> >> >> > >> >> > That's because there is nothing there....:-). > >> >> > It uses the same info all else do (through the normal SA method... > >> >> > The > >> >> > .cf files). > >> >> > > >> >> > Unless this is something hardcoded into the scriptlet handling the > SA > >> >> > db dump... Haven't checked that (and will not be anwhere I can > check > >> >> > it until tomorrow... You have a look:-). > >> >> > > >> >> > Cheers > >> >> > >> >> Nope, nothing strange here, the call is to > >> >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > >> >> in bayes_info.php ... Where /path/to/MailScanner likely expands as > >> >> /etc/MailScanner or similar (this is from the SA_PREFS setting in > >> >> conf.php). > >> >> > >> >> As the apache user, can you run the above command? What do you get? > >> >> > >> >> Cheers > >> >> -- > >> >> -- Glenn > >> > > >> > This was run as apache: > >> > > >> > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump > >> > magic > >> > 0.000 0 3 0 non-token data: bayes db > version > >> > 0.000 0 448 0 non-token data: nspam > >> > 0.000 0 1287 0 non-token data: nham > >> > 0.000 0 170860 0 non-token data: ntokens > >> > 0.000 0 1171294928 0 non-token data: oldest atime > >> > 0.000 0 1213703845 0 non-token data: newest atime > >> > 0.000 0 1213700281 0 non-token data: last journal > >> > sync > >> > atime > >> > 0.000 0 1213671060 0 non-token data: last expiry > >> > atime > >> > 0.000 0 11059200 0 non-token data: last expire > >> > atime > >> > delta > >> > 0.000 0 24264 0 non-token data: last expire > >> > reduction count > >> > bash-3.1$ > >> > > >> Ok, and if you do (as the apache user) > >> spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > >> (in reality, one should change MW to not use the -p preference file, > >> since this is included as a .cf already... Don't do much harm > >> though:-) Do you get the db error then? > >> > >> Cheers > >> -- > >> -- Glenn > > > > No error and it even finds bayes installed. I think its something with > MW. > > > > [26297] dbg: replacetags: done replacing tags > > [26297] dbg: bayes: tie-ing to DB file R/O > /var/www/.spamassassin/bayes_toks > > [26297] dbg: bayes: tie-ing to DB file R/O > /var/www/.spamassassin/bayes_seen > > [26297] dbg: bayes: found bayes db version 3 > > [26297] dbg: bayes: DB journal sync: last sync: 1213700281 > > [26297] dbg: config: score set 2 chosen. > > > Ok, what is your MS_CONFIG setting and your SA_PREFS in conf.php > (sorry all you others, this should be on the MW list, I know)? > -- > -- Glenn > Here are paths: // Paths define(MAILWATCH_HOME, '/var/www/html/mailscanner'); define(MS_CONFIG_DIR, '/etc/MailScanner/'); define(MS_LIB_DIR, '/usr/lib/MailScanner/'); define(CACHE_DIR, './images/cache/'); // JpGraph cache define(TTF_DIR,'./jpgraph/fonts/'); // JpGraph fonts define(SA_DIR,'/usr/bin/'); define(SA_RULES_DIR, '/usr/share/spamassassin/'); define(SA_PREFS, MS_CONFIG_DIR.'spam.assassin.prefs.conf'); define(FPDF_FONTPATH,'./fpdf/font/'); -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/627ee090/attachment.html From steve at fsl.com Tue Jun 17 17:12:36 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Jun 17 17:12:47 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> References: <4857DF9B.9040904@pixelhammer.com> Message-ID: <4857E274.3070008@fsl.com> DAve wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did > not when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, > > DAve > > DAve I've forwarded to Anthony. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From mikea at mikea.ath.cx Tue Jun 17 17:25:08 2008 From: mikea at mikea.ath.cx (Mike Andrews W5EGO) Date: Tue Jun 17 17:25:22 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> References: <4857DF9B.9040904@pixelhammer.com> Message-ID: <20080617162508.GB9074@mikea.ath.cx> On Tue, Jun 17, 2008 at 12:00:27PM -0400, DAve wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did not > when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, At least you were able to get to the SMTP port at mx.snert.net; I'm not getting there, or to anyplace else at milter.info or snert.(com,net), and think there's something strange going on in the routing: 14 xe-10-3-0-0.ams-koo-score-1.interoute.net (84.233.190.5) 138.909 ms e1-0.par-gar-score-1.interoute.net (212.23.42.21) 127.439 ms 6-0-0.par-gar-access-1.interoute.net (212.23.42.6) 121.890 ms -------------------------------------------------------------------------- 15 ae2-0.par-gar-score-2.interoute.net (84.233.190.62) 133.322 ms 89.202.192.90 (89.202.192.90) 142.866 ms ae2-0.par-gar-score-2.interoute.net (84.233.190.62) 144.415 ms -------------------------------------------------------------------------- 16 Gi7-0-0.par-gar-access-1.interoute.net (212.23.42.14) 132.863 ms 89.202.192.90 (89.202.192.90) 140.444 ms Gi7-0-0.par-gar-access-1.interoute.net (212.23.42.14) 135.421 ms -------------------------------------------------------------------------- 17 Vl5-swr-3-sop.tasfrance.net (82.97.0.13) 139.817 ms * 89.202.192.90 (89.202.192.90) 152.109 ms -------------------------------------------------------------------------- 18 * Vl5-swr-3-sop.tasfrance.net (82.97.0.13) 157.719 ms * It appears that there may be a (lossy) routing loop between hop 17 and hop 18, as the same IP address and routername (Vl5-swr-3-sop.tasfrance.net (82.97.0.13)) appear in both -- or I'm misreading the traceroute output or am much mistaken. Comments, corrections, and additional information are invited. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:26:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:26:25 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: <4857E5A3.9080406@ecs.soton.ac.uk> Kevin Miller wrote: > Jay R. Ashworth wrote: > >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >> >>> Welcome to MailScanner - almost as much fun as Rivendell! >>> >> Everyone's Following Me!!! :-) >> > > Great minds think alike? > > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. >> > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. There's no such thing. MailScanner is written in Perl so it's compiled when you run it. There is no "compiled" version of MailScanner. The RPM installations use /usr/lib/MailScanner and /etc/MailScanner so as to follow the Linux standards. The "Other Unix" installation uses /opt by default as that is usually the best place to put self-contained packages. > My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the rpm > installs. Could be wrong on that - never had to look too closely. Not > sure what the best practice is for that. I'm sure someone will chime in > on it. This is a great group. > > > >> Wow, there's a lot of stuff in my maillogs... >> > > Yeah. Email gateways are busier than a one legged man in a butt kicking > contest. > > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? >> > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the new > machine. There's a few minor edits in the .conf file (hostname and the > like) but just drop the bayes files in place and you'll hit the ground > running... > > > ...Kevin > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:34:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:34:52 2008 Subject: MailScanner website In-Reply-To: References: Message-ID: <4857E79C.70902@ecs.soton.ac.uk> Martyn Routley wrote: > Hmmm > > I have just been looking for some information on the MailScanner > website and I noticed this snippet: > > > "Black shirts, embroidered shirts and other items with an updated > design , ships from Germany" > > Blackshirts, coming from Germany? > Is there something secret about MailScanner that we all need to know > about? :-) LOL! Unintentional, honestly. At that point CafePress weren't selling anything other than white T-shirts I think, so the only way to get black ones was via Germany (spreadshirt.de). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:36:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:36:35 2008 Subject: Syntax error(s) in configuration file In-Reply-To: References: Message-ID: <4857E802.5060907@ecs.soton.ac.uk> Run "upgrade_MailScanner_conf" and it will tell you how to use this command, which will fix this problem for you. Whenever you change your MailScanner version (upgrade or downgrade, it handles both) you should re-run upgrade_MailScanner_conf to fix up your MailScanner.conf file. Martin.Hepworth wrote: > David > > Kinda what it says really....you no longer need a spamassassisinprefs setting in MailScanner.conf. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of David Guillermo >> Sent: 17 June 2008 11:35 >> To: MailScanner discussion >> Subject: Syntax error(s) in configuration file >> >> Hi. >> >> my problem is: >> >> Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner >> E-Mail Virus Scanner version 4.69.9 starting... >> Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) >> in configuration file: >> Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised >> keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 >> servidor1 MailScanner[26675]: Warning: syntax errors in >> /etc/MailScanner/MailScanner.conf. >> >> in my /etc/MailScanner/MailScanner.conf. >> is >> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >> >> my version... MailScanner -V >> >> This is Fedora Core release 6 (Zod) >> This is Perl version 5.008008 (5.8.8) >> >> This is MailScanner version 4.69.9 >> Module versions are: >> 1.00 AnyDBM_File >> 1.16 Archive::Zip >> 0.21 bignum >> 1.04 Carp >> 1.42 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121_08 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.74 File::Basename >> 2.09 File::Copy >> 2.01 FileHandle >> 1.08 File::Path >> 0.19 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.86 Math::BigInt >> 0.19 Math::BigRat >> 3.07 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.07 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.09 POSIX >> 1.18 Scalar::Util >> 1.78 Socket >> 2.15 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.86 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.30 Archive::Tar >> 0.21 bignum >> missing Business::ISBN >> missing Business::ISBN::Data >> missing Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.56 DBI >> 1.14 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> missing Encode::Detect >> missing Error >> missing ExtUtils::CBuilder >> missing ExtUtils::ParseXS >> 2.36 Getopt::Long >> missing Inline >> missing IO::String >> 1.04 IO::Zlib >> missing IP::Country >> missing Mail::ClamAV >> 3.001009 Mail::SpamAssassin >> missing Mail::SPF >> missing Mail::SPF::Query >> missing Module::Build >> missing Net::CIDR::Lite >> 0.63 Net::DNS >> missing Net::DNS::Resolver::Programmable >> 0.34 Net::LDAP >> missing NetAddr::IP >> missing Parse::RecDescent >> missing SAVI >> 2.56 Test::Harness >> missing Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> missing version >> missing YAML >> >> -- >> -:- j0d3 >> David Guillermo Rodriguez >> Debian Unstable/Sid GNU/Linux >> e-mail: davocasc98@gmail.com >> http://j0d3.blogspot.com >> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >> Kernel: 2.6.24.2 >> Linux user #408522 >> -:- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:44:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:44:41 2008 Subject: Disabling sare updates via sa-update In-Reply-To: References: Message-ID: <4857E9E7.1070300@ecs.soton.ac.uk> ram wrote: > The http://www.rulesemporium.com/ site recommends disabling auto updates > of SARE rules > > In MailScanner I dont see any way How this can be done. > > Can I turn off auto sa-update in in MailScanner , Or should I just > remove sare rules from sa-update > The call to sa-update is done by the update_spamassassin cron job in /etc/cron.daily/update_spamassassin. To disable it, just run this command: chmod a-x /etc/cron.daily/update_spamassassin If you later want to re-enable it, change "a-x" to "a+x". To just disable particular sets of rules from your auto-update, you need to look in /etc/sysconfig/MailScanner and find the value of SAUPDATEARGS. That list of options should point to a channel-list file. Edit that file and remove the rules you don't want to auto-update. Hopefully that is enough to get you started. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:48:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:49:18 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <4857EAFB.5020509@ecs.soton.ac.uk> Jay R. Ashworth wrote: > On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: > >> That's pretty much how you upgrade the source dist too:-). >> Install the new one to its own directory in /opt, use >> upgrade_MailScanner_conf on the old file, copy over any modified >> ruleset files... stop MS, relink to the new install, star >> MailScanner... Did I miss anything? Don't think so:-) >> > > You missed that I don't know it as well as you do. :-) > > >> Install the new one to its own directory in /opt >> > > Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be > damned. :-) > > >> use upgrade_MailScanner_conf on the old file >> > > "On the old install"? It sounds like you mean "run the upgrade script > supplied with the new install against the old one". Do you? > All versions of upgrade_MailScanner_conf are pretty much the same. It's what you pass to it on the command-line that tells it what to do. Diff the two scripts and you will find they are identical, pretty much. I occasionally add a new test, but the differences don't basically affect its operation. > >> copy over any modified ruleset files... >> > > from the old install to the new one...? > Yes. If you have modified any of the report files you might want to copy the old ones to the new one as well. If you have edited languages.conf then there is an upgrade_languages_conf script as well (which is actually a soft-linked copy of upgrade_MailScanner_conf :-) > >> stop MS, relink to the new install, start MailScanner... >> > > This part I *think* I get, but I'm not 100% certain how the Sendmail > 8.13 -> MailScanner link works. Is it in fact enough if I make sure > that /opt/MailScanner points to the new install's home directory once > I'm done? Is the only interface through the filesystem? > The only interface from sendmail to MailScanner is through the filesystem. The only sendmail call that MailScanner makes is to kick it into doing a delivery attempt of each new message as soon as it has been processed. It does that by running "Sendmail2" as defined in MailScanner.conf. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jra at baylink.com Tue Jun 17 17:50:33 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 17:50:46 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857E5A3.9080406@ecs.soton.ac.uk> References: <20080616192508.GC28498@cgi.jachomes.com> <4857E5A3.9080406@ecs.soton.ac.uk> Message-ID: <20080617165033.GL840@cgi.jachomes.com> On Tue, Jun 17, 2008 at 05:26:11PM +0100, Julian Field wrote: > There's no such thing. MailScanner is written in Perl so it's compiled > when you run it. There is no "compiled" version of MailScanner. The RPM > installations use /usr/lib/MailScanner and /etc/MailScanner so as to > follow the Linux standards. The "Other Unix" installation uses /opt by > default as that is usually the best place to put self-contained packages. By habit, I tend to put large application systems not delivered with the OS in /appl, where my first major DBMS liked to live (which was mostly a mount-point/free-space issue originally). (On OSs without package managers, that is.) FWIW, though, my personal opinion is that such packages ought to live in monolithic directories, possible with one additional subdir of /etc for config (if that doesn't live in $PACKDIR/etc), because it makes easier precisely the task I'm on now: installing and testing a new version manually before rolling it out. SA on this machine, for instance, is all over creation, which means I can't practically upgrade it without a tape backup of the whole machine which I can't make right now, because I won't have a backout procedure. It's not the packagers responsibility to save me from myself, there, certainly, but they *could* have chosen an approach -- as you have -- that makes that less painful. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:50:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:51:14 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> Message-ID: <4857EB6F.60800@ecs.soton.ac.uk> Glenn Steen wrote: > 2008/6/17 Jay R. Ashworth : > >> On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: >> >>> That's pretty much how you upgrade the source dist too:-). >>> Install the new one to its own directory in /opt, use >>> upgrade_MailScanner_conf on the old file, copy over any modified >>> ruleset files... stop MS, relink to the new install, star >>> MailScanner... Did I miss anything? Don't think so:-) >>> >> You missed that I don't know it as well as you do. :-) >> > :-) > > >>> Install the new one to its own directory in /opt >>> >> Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be >> damned. :-) >> > Doesn't matter as lon as the link is where it should:-). > > >>> use upgrade_MailScanner_conf on the old file >>> >> "On the old install"? It sounds like you mean "run the upgrade script >> supplied with the new install against the old one". Do you? >> > Sort of. You should run the upgrade script from the new install, > supplying the old MailScanner.conf as the old file, and the new > MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade > script will instruct you correctly if you run it without an argument. > It needs the new "default" file so that it can tell what options to > remove/add from the old one. It will print the new and improved > version on standard output, so just redirect that to a file > MailScanner.new, look through that one, so that it looks OK, then move > it into place on the new install. > It explains all this in pretty straightforward terms when you run it without any command-line parameters at all. > >>> copy over any modified ruleset files... >>> >> from the old install to the new one...? >> > Yep. > > >>> stop MS, relink to the new install, start MailScanner... >>> >> This part I *think* I get, but I'm not 100% certain how the Sendmail >> 8.13 -> MailScanner link works. Is it in fact enough if I make sure >> that /opt/MailScanner points to the new install's home directory once >> I'm done? Is the only interface through the filesystem? >> > Eh, all it means is that you need use whatever startup script to stop > MailScanner, do "rm /opt/MailScanner" to remove the symbolic link to > the old install, "ln -s /appl/ms4.69.3 /opt/MailScanner" to create the > symbolic link to the new install... and then use the same startup > script to actually start it running again. > > Hope that clears any confusion:-) > > >> Cheers, >> -- jra >> > > Cheers > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From submit at zuka.net Tue Jun 17 18:05:40 2008 From: submit at zuka.net (Dave Filchak) Date: Tue Jun 17 18:05:58 2008 Subject: bayes expire questions Message-ID: <4857EEE4.1040208@zuka.net> I have been trying to figure out the best way to handle bayes_toks.expire files. I have a large number of them in my bayes directory (about 1.8 Gb worth) and was trying to understand if it was OK to delete them. Turns out that it appears as though it is ok but their presence in my bayes directory could indicate another issue with my MailScanner set-up (this is on my secondary mail server so it sees most of the spam). This 'issue' appears to be that it is taking too long to expire the old records so MailScanner thinks it is hung and restarts??? So, based on some of the reading I did in the archives, I turned of auto_expire in my spam.assassin.prefs file and upped the expire value in my MailScanner.conf file to one day (86400). However, upon further investigation, I noted that many simply turn this feature off in both places and run sa-learn --rebuild --force-expire from a cron job. J Just curious what most of you do? Which is better? We do not have overly busy mail servers ... about 10K per day average. thanks Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/6da85bd4/attachment-0001.html From jra at baylink.com Tue Jun 17 18:20:14 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 18:20:24 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857EB6F.60800@ecs.soton.ac.uk> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> <4857EB6F.60800@ecs.soton.ac.uk> Message-ID: <20080617172014.GQ840@cgi.jachomes.com> On Tue, Jun 17, 2008 at 05:50:55PM +0100, Julian Field wrote: > >Sort of. You should run the upgrade script from the new install, > >supplying the old MailScanner.conf as the old file, and the new > >MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade > >script will instruct you correctly if you run it without an argument. > >It needs the new "default" file so that it can tell what options to > >remove/add from the old one. It will print the new and improved > >version on standard output, so just redirect that to a file > >MailScanner.new, look through that one, so that it looks OK, then move > >it into place on the new install. > It explains all this in pretty straightforward terms when you run it > without any command-line parameters at all. Yes, I'm sure it does. But the instructions only tell you to *run* it if you're doing an in-place upgrade. I wasn't. I was trying to do a parallel install, so I could test it and be able to back out if I screwed something up, as I noted. So I was using the "fresh install" instructions, and they don't mention it, for oblivious raisins. ;-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From Kevin_Miller at ci.juneau.ak.us Tue Jun 17 18:26:34 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 17 18:26:47 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857E5A3.9080406@ecs.soton.ac.uk> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <4857E5A3.9080406@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Kevin Miller wrote: >> Hmmm - I'm not sure but it sounds like they did a source compile >> installation. > There's no such thing. MailScanner is written in Perl so it's compiled > when you run it. There is no "compiled" version of MailScanner. The > RPM installations use /usr/lib/MailScanner and /etc/MailScanner so as > to follow the Linux standards. The "Other Unix" installation uses > /opt by default as that is usually the best place to put > self-contained packages. You're right (of course!) Poor choice of words on my part - I was trying to distinguish between the tarball flavor vs. a distro specific package but wasn't very clear. Must have been a Monday... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Tue Jun 17 18:34:10 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 17 18:34:20 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080617172014.GQ840@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com><20080616192508.GC28498@cgi.jachomes.com><223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com><20080617141947.GC639@cgi.jachomes.com><4857EB6F.60800@ecs.soton.ac.uk> <20080617172014.GQ840@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: >> It explains all this in pretty straightforward terms when you run it >> without any command-line parameters at all. > > Yes, I'm sure it does. But the instructions only tell you to *run* it > if you're doing an in-place upgrade. > > I wasn't. I was trying to do a parallel install, so I could test it > and be able to back out if I screwed something up, as I noted. So I > was using the "fresh install" instructions, and they don't mention it, > for oblivious raisins. ;-) What I usually do in that situation is to tar up the /etc/MailScanner tree and copy it to the new host, then do the install. The installer will see the old conf & rule files, and create .rpmnew flavors. It won't care that it isn't really already installed. You can then run the upgrade_MailScanner script with expected results. BTY, Julian's published a book on MailScanner - it's worth the price of admission. Especially if you boss is picking up the tab... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Denis.Beauchemin at USherbrooke.ca Tue Jun 17 19:17:08 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 17 19:17:43 2008 Subject: bayes expire questions In-Reply-To: <4857EEE4.1040208@zuka.net> References: <4857EEE4.1040208@zuka.net> Message-ID: <4857FFA4.2090900@USherbrooke.ca> Dave Filchak a ?crit : > I have been trying to figure out the best way to handle > bayes_toks.expire files. I have a large number of them in my bayes > directory (about 1.8 Gb worth) and was trying to understand if it was > OK to delete them. Turns out that it appears as though it is ok but > their presence in my bayes directory could indicate another issue with > my MailScanner set-up (this is on my secondary mail server so it sees > most of the spam). This 'issue' appears to be that it is taking too > long to expire the old records so MailScanner thinks it is hung and > restarts??? So, based on some of the reading I did in the archives, I > turned of auto_expire in my spam.assassin.prefs file and upped the > expire value in my MailScanner.conf file to one day (86400). However, > upon further investigation, I noted that many simply turn this feature > off in both places and run sa-learn --rebuild --force-expire from a > cron job. J > > Just curious what most of you do? Which is better? We do not have > overly busy mail servers ... about 10K per day average. > > thanks > > Dave Dave, I run the following on all my MS boxes: 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn --force-expire;/sbin/service MailScanner start) 2>&1 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From bpirie at rma.edu Tue Jun 17 19:51:21 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jun 17 19:47:40 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <485807A9.3070608@rma.edu> That's fantastic, Jules! I hope a match is found soon, and your recovery goes well. Best wishes for a long life! Brendan Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > From MailScanner at ecs.soton.ac.uk Tue Jun 17 20:01:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 20:01:55 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48580A11.8020906@ecs.soton.ac.uk> I would just like to take this opportunity to say a very big thank you to all of you for your kind words of encouragement and wishes. It's very much appreciated! I'll try to get my boss to mail the list when I go in for the op, to let you know how I'm doing. I'll get back online briefly once I'm well enough, and say Hi to you all, with liver version 2 inside me :-) Many thanks to all of you! Best regards, Jules. Brendan Pirie wrote: > That's fantastic, Jules! I hope a match is found soon, and your > recovery goes well. Best wishes for a long life! > > Brendan > > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that >> means I will just need a new liver and not a small bowel as well, >> which significantly improves my survival chances. This is very good >> news :-) >> >> Wish me luck! >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jra at baylink.com Tue Jun 17 20:02:45 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 20:02:57 2008 Subject: Health update In-Reply-To: <485807A9.3070608@rma.edu> References: <4852BC3D.3050802@ecs.soton.ac.uk> <485807A9.3070608@rma.edu> Message-ID: <20080617190245.GC1556@cgi.jachomes.com> On Tue, Jun 17, 2008 at 02:51:21PM -0400, Brendan Pirie wrote: > That's fantastic, Jules! I hope a match is found soon, and your > recovery goes well. Best wishes for a long life! Indeed. Is UNOS, or your national analogue, interested in any testimonial letters? :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From alex at rtpty.com Tue Jun 17 20:10:21 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jun 17 20:10:35 2008 Subject: Health update In-Reply-To: <48580A11.8020906@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> <48580A11.8020906@ecs.soton.ac.uk> Message-ID: Hope it's not "Liver Vista"... I hear it's already bloated by the time they install it, and paralyzes your body every time you need to do something unless you fart in approval. On Jun 17, 2008, at 2:01 PM, Julian Field wrote: > I'll try to get my boss to mail the list when I go in for the op, to > let you know how I'm doing. I'll get back online briefly once I'm > well enough, and say Hi to you all, with liver version 2 inside me :-) From richard.frovarp at sendit.nodak.edu Tue Jun 17 20:19:36 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 17 20:19:46 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <48580E48.8020601@sendit.nodak.edu> Julian Field wrote: > > >> >> > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? > I've been holding off from a stable release waiting for F-Secure 7.0.1 > keys, but they haven't appeared so I think I'll just put out a stable > release now unless anyone has any strong objections. Speak now or > forever hold thy pieces. > > Jules > Any update on 4.70.5 going stable? From MailScanner at ecs.soton.ac.uk Tue Jun 17 20:29:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 20:30:02 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <485810AA.5070508@ecs.soton.ac.uk> Richard Frovarp wrote: > Julian Field wrote: >> >> >>> >>> >> 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? >> I've been holding off from a stable release waiting for F-Secure >> 7.0.1 keys, but they haven't appeared so I think I'll just put out a >> stable release now unless anyone has any strong objections. Speak now >> or forever hold thy pieces. >> >> Jules >> > Any update on 4.70.5 going stable? No-one else seems to have said anything, and I've fixed a couple of other things, so how about I put out a stable release (probably 4.70.6) tomorrow morning (GMT)? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 21:05:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 21:06:07 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released Message-ID: <4858191B.4010103@ecs.soton.ac.uk> I have just released the latest stable version of MailScanner, version 4.70.6. The main new features this time are: - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. - New setting "Dont Sign HTML If Headers Exist" to provide finer control over placement of HTML signatures. - All known problems with Watermarks fixed. - Improvements to filename and filetype checks to allow for common mistakes in filename patterns. - Added "ID Header" setting to allow the X-MailScanner-ID: header to be customised or removed. - Minor improvements to the phishing net. - Improvement to checking of "Sophos Allowed Error Messages". Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Improvement to OLE document unpacking code, more likely to extract embedded files correctly. 1 Added new setting "Dont Sign HTML If Headers Exist" to provide finer control over placement of HTML signatures. If any of the named headers exist in the message, the message is deemed to be a "reply", and so the HTML signature is not attached. By default this functionality is switched off by not specifying any header names. 2 Improvement to Filename and Filetype checks to catch mistakenly starting a regular expression with a "*" on its own, as in "*.pdf" or just "*". 2 Improved message reporting when Sophos finds password-protected zip archives. 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to upgrade your ClamAV+SpamAssassin installation, using the download package I provide. 3 Improved update_bad_phishing_sites to support proxy_* environment variables. Thanks to Heinz.Knutzen@dataport.de for this. 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV 0.22. 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in SpamAssassin by default now. 3 Improvements to handling of Watermarks to resolve various problems with them. 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install package. 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. Thanks to Anthony Cartmell for this idea. 6 Changed Watermarking, so it only checks if there was a SMTP client IP address as we don't want to block messages we generated on the MailScanner server. 6 Added "ID Header" setting so that you can choose whether or not you want the header showing the MailScanner message id value. If you don't want the header then set this to be blank. 6 Minor improvement to link detection in the phishing net. * Fixes * 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. 2 Fixed output text error in upgrade_MailScanner_conf. 3 Bugfixes to Watermark handling and logging. 4 More fixes to Watermark handling. 5 More fixes to Watermark handling, and a minor header change. 6 Made check for Sophos Allowed Error Messages case-insensitive. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Jun 17 21:20:40 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 17 21:21:05 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> Message-ID: <> > -- Glenn > > > Here are paths: > > // Paths > define(MAILWATCH_HOME, '/var/www/html/mailscanner'); > define(MS_CONFIG_DIR, '/etc/MailScanner/'); > define(MS_LIB_DIR, '/usr/lib/MailScanner/'); > define(CACHE_DIR, './images/cache/'); // JpGraph cache > define(TTF_DIR,'./jpgraph/fonts/'); // JpGraph fonts > define(SA_DIR,'/usr/bin/'); > define(SA_RULES_DIR, '/usr/share/spamassassin/'); > define(SA_PREFS, MS_CONFIG_DIR.'spam.assassin.prefs.conf'); > define(FPDF_FONTPATH,'./fpdf/font/'); > Hey guys! How about a little message grooming? ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/520a1465/signature.bin From donnieq at quindardonet.net Tue Jun 17 22:55:40 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Tue Jun 17 22:57:53 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: <4858191B.4010103@ecs.soton.ac.uk> References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <485832DC.4020802@quindardonet.net> Hi Jules, Best of luck with the operation and future health. Thank you for your help on my previous questions. One other thing that I've been pondering: - I currently use CentOS and was wondering if extracting the mailscanner*.rpm from the stable download tar.gz file and running rpm -Uvh mailscanner*.rpm would be okay? Thanks, Don Q. Julian Field wrote: > I have just released the latest stable version of MailScanner, version > 4.70.6. > > The main new features this time are: > - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. > - New setting "Dont Sign HTML If Headers Exist" to provide finer control > over placement of HTML signatures. > - All known problems with Watermarks fixed. > - Improvements to filename and filetype checks to allow for common > mistakes in filename patterns. > - Added "ID Header" setting to allow the X-MailScanner-ID: header to be > customised or removed. > - Minor improvements to the phishing net. > - Improvement to checking of "Sophos Allowed Error Messages". > > Download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > 1 Improvement to OLE document unpacking code, more likely to extract > embedded > files correctly. > 1 Added new setting "Dont Sign HTML If Headers Exist" to provide finer > control > over placement of HTML signatures. If any of the named headers exist in > the message, the message is deemed to be a "reply", and so the HTML > signature is not attached. By default this functionality is switched off > by not specifying any header names. > 2 Improvement to Filename and Filetype checks to catch mistakenly > starting a > regular expression with a "*" on its own, as in "*.pdf" or just "*". > 2 Improved message reporting when Sophos finds password-protected zip > archives. > 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to > upgrade your > ClamAV+SpamAssassin installation, using the download package I provide. > 3 Improved update_bad_phishing_sites to support proxy_* environment > variables. > Thanks to Heinz.Knutzen@dataport.de for this. > 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV 0.22. > 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in > SpamAssassin by default now. > 3 Improvements to handling of Watermarks to resolve various problems > with them. > 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install package. > 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. > Thanks > to Anthony Cartmell for this idea. > 6 Changed Watermarking, so it only checks if there was a SMTP client IP > address > as we don't want to block messages we generated on the MailScanner server. > 6 Added "ID Header" setting so that you can choose whether or not you want > the header showing the MailScanner message id value. If you don't want the > header then set this to be blank. > 6 Minor improvement to link detection in the phishing net. > > * Fixes * > 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. > 2 Fixed output text error in upgrade_MailScanner_conf. > 3 Bugfixes to Watermark handling and logging. > 4 More fixes to Watermark handling. > 5 More fixes to Watermark handling, and a minor header change. > 6 Made check for Sophos Allowed Error Messages case-insensitive. > > Jules > From lists at designmedia.com Tue Jun 17 23:59:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 23:59:48 2008 Subject: What is the best way to collect SPAM from users? References: <48469ABC.6010208@gmail.com> Message-ID: Yashodhan Barve gmail.com> writes: > I was thinking of having a common mailbox in exchange to which users > would move SPAM & HAM and then I would POP it and feed it to sa-learn. > > So what is a good approach that works? and how do I automate it? Hi, What did you end up doing? I'm trying to figure out how to do the same thing on my Exchange 2007 setup. I've setup a public folder that my users can dump ham/spam into but I'm not sure what the next step is. How do I enable that public folder for IMAP so I can run some of the scripts that everyone mentions whenever I google? Or alternative, how I convert all of the .msg's into a format that sa-learn can use? Thanks. From ram at netcore.co.in Wed Jun 18 06:31:01 2008 From: ram at netcore.co.in (ram) Date: Wed Jun 18 06:31:16 2008 Subject: Disabling sare updates via sa-update In-Reply-To: References: Message-ID: <1213767061.14722.37.camel@localhost.localdomain> On Tue, 2008-06-17 at 15:11 +0100, Martin.Hepworth wrote: > Ram > > This is a sa-update issue nothing to do with mailscanner.. > > -- But sa-update is run automatically by Mailscanner From lists at designmedia.com Wed Jun 18 06:43:41 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 18 06:44:03 2008 Subject: Moving spam/ham from public folders into MailScanner for learning? Message-ID: Hi, Am in the final stages of tweaking the MailScanner/Exchange2K7 config. Have set up public folders ("spam" & "ham") so users can move their messages for learning. Not sure how to move them from the public folder into the MailScanner box so I can run sa-learn. Have seen references to several perl/python scripts that will do the job but don't know where they reside or if they will work with Exchange 2007 public folders. I think I have to mail-enable the public folders and also add a normal IMAP connector (since it's Secure IMAP only by default). Any links or tips would be appreciated. Thanks. From mailwatch.kp at gmail.com Wed Jun 18 08:27:44 2008 From: mailwatch.kp at gmail.com (vinayan KP) Date: Wed Jun 18 08:27:54 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> Message-ID: <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> Sir, I am trying to fix the problem of mailscanner+spamassassin installed on my new postfix server not detecting mails with low SA score as spam. But I can see my old mailscanner which receives mails and forwards it to new postfix server detects them as spam and tags them {Spam?}. I am saying a sorry in advance that I won't be able to try your suggestions the same day and respond with results. I will be able to do whatever you suggest when I get enough time. I have been suggested by Mr.Scott to install pyzor, set the bayes file path, permission for the beyes files, then do sa-learn etc and I have done all of them. Still my new mailscanner+spamassassin dont detect low scoring spams which my older mailscanner+spamassassing sytem detects. Please see the mails below this, which contains the outputs of: spamassassin -D --ling spamassasin --dump magic . Now I am getting [15396] dbg: rules: local tests only, ignoring RBL eval When I run a # spamassassin -D --lint or # spamassassin -D --ling < ..messages I use the following postfix.2.3.2-28 Spamassassin.3.1.6-15 MailScanner 4.58.9 on SUSE 10.2 >From various posting I learnd that the -L option for spamd has to be removed for spamassassin to do netword tests. I removed the -L option the and ps aux shows as follows: (On another system with SUSE 10.1 with spamassassin.3.1.1, it does network checks and I can see that in spamassassin -D --lint but not with spamassassin.3.1.6-15) mail:/usr/lib # ps aux | grep spamd root 13965 0.0 1.2 27832 25164 ? Ss 11:32 0:00 /usr/sbin/spamd -d -c -r /var/run/spamd.pid root 13967 0.0 1.2 29472 26712 ? S 11:32 0:00 spamd child root 13968 0.0 1.1 27832 23512 ? S 11:32 0:00 spamd child root 15642 0.0 0.0 1960 672 pts/1 S+ 12:14 0:00 grep spamd Could someone please help me so that I can get rid of the old MailScanner computer which is almost 7 years old and is giving problems. regards Vinu On Mon, Jun 16, 2008 at 12:02 PM, vinayan KP wrote: > Sir, > I sent the following reply 12 days back and I was wondering why I was > not getting any reply. Noticed the bounced messages saying my mail > exceeded the limit and I guess it was because of the attachement to > show how my existing mailscanner before my posftix server. > > Hope some one will have time to go through it and guide me... > > Regards > Vinau > > > ---------- Forwarded message ---------- > From: vinayan KP > Date: Thu, Jun 5, 2008 at 3:59 PM > Subject: Re: Help with spamassassin+mailscanner > To: MailScanner discussion > > > Sir, > Sorry for the delayed response. I could work on the issue only day > before afte I received your suggestions and I did the fillowing as per > your mails. But still Mails with low SA Score gets through as clean > mail. > > (I get to knwo this because of the following : For us the mails are > received by a system that runs mailscanner, which was installed more > than 4 years back by a private party and they charge for configuring > and maintaining it. Earlier we were using a qmail system and the > private party could not configure mailscanner for qmail on the mail > server (again managed by another private party on contract). So they > installed it on a separate system which would receive all the mails > for our domain and do the spam check, tag the subject line and then > forward it to the mail server. This old mailscanner still works well > and catches low and high scoring mails properly. About 18 months back > the old qmail server had a problem and I installed a new mail server > using postfix. Now the old mailscanner system is started showing > problems which made me to install mailscanner, clamave and > spamassassin on the new postfix server. My new mailscanner on the new > postfix (for which i am asking my doubts) system catchs only those > mails where SA score is > Required SpamAssassin Score (i set is as > 3). But I can see the old mailscanner catches mails where SA score is > < Required SpamAssassin Score = 3 > and tags it as {Spam?} and when that mails reaches the new postfix > server, the mailscanner on it lets the mail go as clean!!! I am > attaching a screen shot of the mailwatch which shows this). > > I did the followign as per your mail: > > (1) > Installed pysor > ------------------------------------------------------------------------------------------------------------------------------------ > (2) set the bays path and permissions: > > I set the bayes_pasth in /etc/MailScanner/spam.assassin.prefs.conf > and restarted spamd and MailScanner: > > bayes_path /var/spool/MailScanner/spamassassin/bayes > > This created the bayes_* files in > /var/spool/MailScanner/spamassassin/ and the permissions are ass > follows, where spamassing is run by spamuser : > > mail:/var/spool/MailScanner # ls -l > total 12 > drwx------ 7 postfix postfix 4096 Jun 5 14:30 incoming > drwx------ 113 postfix www 4096 Jun 5 06:14 quarantine > drwxr-xr-x 2 postfix postfix 4096 Jun 4 15:49 spamassassin > > mail:/var/spool/MailScanner/spamassassin # ls -l > total 11732 > -rw------- 1 spamuser postfix 1134 Jun 5 14:30 bayes.mutex > -rw-rw---- 1 spamuser postfix 104928 Jun 5 14:30 bayes_journal > -rw------- 1 spamuser postfix 10416128 Jun 5 13:59 bayes_seen > -rw-rw---- 1 spamuser postfix 5455872 Jun 5 14:30 bayes_toks > > ------------------------------------------------------------------------------------------------------------------------------------ > (3) Trained spamassassin+mailscaner > > Ran the sa-learn as follows : > > mail:/ # sa-learn --no-sync --spam /home/user1/Maildir/.spam/cur/ > Learned tokens from 1388 message(s) (1388 message(s) examined) > > > mail:/ # sa-learn --no-sync --ham /home/user1/Maildir/cur/ > Learned tokens from 438 message(s) (459 message(s) examined) > > > ------------------------------------------------------------------------------------------------------------------------------------ > > > Ran spamassassin -D - - lint and didnt show any error or warning : > > mail:/etc/MailScanner # spamassassin -D --lint > > [23477] dbg: logger: adding facilities: all > [23477] dbg: logger: logging level is DBG > [23477] dbg: generic: SpamAssassin version 3.1.6 > [23477] dbg: config: score set 0 chosen. > [23477] dbg: util: running in taint mode? yes > [23477] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [23477] dbg: util: PATH included '/sbin', keeping > [23477] dbg: util: PATH included '/usr/sbin', keeping > [23477] dbg: util: PATH included '/usr/local/sbin', keeping > [23477] dbg: util: PATH included '/opt/gnome/sbin', keeping > [23477] dbg: util: PATH included '/root/bin', keeping > [23477] dbg: util: PATH included '/usr/local/bin', keeping > [23477] dbg: util: PATH included '/usr/bin', keeping > [23477] dbg: util: PATH included '/usr/X11R6/bin', keeping > [23477] dbg: util: PATH included '/bin', keeping > [23477] dbg: util: PATH included '/usr/games', keeping > [23477] dbg: util: PATH included '/opt/gnome/bin', keeping > [23477] dbg: util: PATH included '/opt/kde3/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/mit/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/mit/sbin', keeping > [23477] dbg: util: PATH included '/usr/lib/qt3/bin', keeping > [23477] dbg: util: final PATH set to: > /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin > [23477] dbg: message: ---- MIME PARSER START ---- > [23477] dbg: message: main message type: text/plain > [23477] dbg: message: parsing normal part > [23477] dbg: message: added part, type: text/plain > [23477] dbg: message: ---- MIME PARSER END ---- > [23477] dbg: dns: is Net::DNS::Resolver available? yes > [23477] dbg: dns: Net::DNS version: 0.59 > [23477] dbg: diag: perl platform: 5.008008 linux > [23477] dbg: diag: module installed: Digest::SHA1, version 2.11 > [23477] dbg: diag: module installed: HTML::Parser, version 3.55 > [23477] dbg: diag: module installed: MIME::Base64, version 3.07 > [23477] dbg: diag: module installed: DB_File, version 1.814 > [23477] dbg: diag: module installed: Net::DNS, version 0.59 > [23477] dbg: diag: module installed: Net::SMTP, version 2.29 > [23477] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) > [23477] dbg: diag: module not installed: IP::Country::Fast ('require' failed) > [23477] dbg: diag: module not installed: Razor2::Client::Agent > ('require' failed) > [23477] dbg: diag: module not installed: Net::Ident ('require' failed) > [23477] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) > [23477] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) > [23477] dbg: diag: module installed: Time::HiRes, version 1.86 > [23477] dbg: diag: module installed: DBI, version 1.52 > [23477] dbg: diag: module installed: Getopt::Long, version 2.35 > [23477] dbg: diag: module installed: LWP::UserAgent, version 2.033 > [23477] dbg: diag: module installed: HTTP::Date, version 1.47 > [23477] dbg: diag: module installed: Archive::Tar, version 1.30 > [23477] dbg: diag: module installed: IO::Zlib, version 1.04 > [23477] dbg: ignore: using a test message to lint rules > [23477] dbg: config: using "/etc/mail/spamassassin" for site rules pre files > [23477] dbg: config: read file /etc/mail/spamassassin/init.pre > [23477] dbg: config: read file /etc/mail/spamassassin/v310.pre > [23477] dbg: config: read file /etc/mail/spamassassin/v312.pre > [23477] dbg: config: using "/usr/share/spamassassin" for sys rules pre files > [23477] dbg: config: using "/usr/share/spamassassin" for default rules dir > [23477] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [23477] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf > [23477] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [23477] dbg: config: read file /etc/mail/spamassassin/local.cf > [23477] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d728c) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa404) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [23477] dbg: pyzor: local tests only, disabling Pyzor > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9110c64) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [23477] dbg: razor2: local tests only, skipping Razor > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcecc) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [23477] dbg: reporter: local tests only, disabling SpamCop > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df794) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a478) > [23477] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917971c) > [23477] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185ed4) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192b04) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) > [23477] dbg: config: adding redirector regex: > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [23477] dbg: config: adding redirector regex: > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [23477] dbg: config: adding redirector regex: > m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) implements > 'finish_parsing_end' > [23477] dbg: replacetags: replacing tags > [23477] dbg: replacetags: done replacing tags > [23477] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_toks > [23477] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_seen > [23477] dbg: bayes: found bayes db version 3 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: config: score set 2 chosen. > [23477] dbg: message: ---- MIME PARSER START ---- > [23477] dbg: message: main message type: text/plain > [23477] dbg: message: parsing normal part > [23477] dbg: message: added part, type: text/plain > [23477] dbg: message: ---- MIME PARSER END ---- > [23477] dbg: dns: is DNS available? 0 > [23477] dbg: metadata: X-Spam-Relays-Trusted: > [23477] dbg: metadata: X-Spam-Relays-Untrusted: > [23477] dbg: metadata: X-Spam-Relays-Internal: > [23477] dbg: metadata: X-Spam-Relays-External: > [23477] dbg: message: no encoding detected > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'parsed_metadata' > [23477] dbg: rules: local tests only, ignoring RBL eval > [23477] dbg: check: running tests for priority: 0 > [23477] dbg: rules: running header regexp tests; score so far=0 > [23477] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > [23477] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: > "1212657279" > [23477] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > "<1212657279@lint_rules> > [23477] dbg: rules: " > [23477] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: > "@lint_rules>" > [23477] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org > [23477] dbg: eval: all '*To' addrs: > [23477] dbg: rules: ran eval rule NO_RELAYS ======> got hit > [23477] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit > [23477] dbg: rules: running body-text per-line regexp tests; score so far=-0.001 > [23477] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > [23477] dbg: uri: running uri tests; score so far=-0.001 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: bayes: corpus size: nspam = 32262, nham = 41823 > [23477] dbg: bayes: score = 0.155182683190695 > [23477] dbg: bayes: DB expiry: tokens in DB: 145489, Expiry max size: > 150000, Oldest atime: 1211879603, Newest atime: 1212656437, Last > expire: 1212572821, Current time: 1212657280 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: bayes: untie-ing > [23477] dbg: bayes: untie-ing db_toks > [23477] dbg: bayes: untie-ing db_seen > [23477] dbg: rules: ran eval rule BAYES_20 ======> got hit > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=-0.741 > [23477] dbg: rules: running full-text regexp tests; score so far=-0.741 > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'check_tick' > [23477] dbg: check: running tests for priority: 500 > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'check_post_dnsbl' > [23477] dbg: rules: running meta tests; score so far=-0.741 > [23477] info: rules: meta test DIGEST_MULTIPLE has undefined > dependency 'DCC_CHECK' > [23477] dbg: rules: running header regexp tests; score so far=1.416 > [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 > [23477] dbg: uri: running uri tests; score so far=1.416 > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=1.416 > [23477] dbg: rules: running full-text regexp tests; score so far=1.416 > [23477] dbg: check: running tests for priority: 1000 > [23477] dbg: rules: running meta tests; score so far=1.416 > [23477] dbg: rules: running header regexp tests; score so far=1.416 > [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 > [23477] dbg: uri: running uri tests; score so far=1.416 > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=1.416 > [23477] dbg: rules: running full-text regexp tests; score so far=1.416 > [23477] dbg: check: is spam? score=1.416 required=3 > [23477] dbg: check: > tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [23477] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > --------------------------------------------------------------------------------------------------------------------------------- > Then I set the following in /etc/MailScanner/MailScanner.conf and > restarted MailScanner: > > Spam Checks = yes > Spam List = spamhaus.org SBL+XBL > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 2 > > -------------------------------------------------------------------------------------------------------------------------------- > My /etc/MailScanner/MailScanner.conf is as follows: > > %org-name% = < This i am not giving> > %org-long-name% = < this i am not giving > > %web-site% = www.your-organisation.com > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/en > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > > > > > Max Children = 5 > Run As User = postfix > Run As Group = postfix > Queue Scan Interval = 6 > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = postfix > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > > > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = root > Quarantine Group = www > Quarantine Permissions = 0660 > > > > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Max Normal Queue Size = 800 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 2 > Find Archives By Content = yes > > Virus Scanning = yes > Virus Scanners = clamav > Virus Scanner Timeout = 300 > Deliver Disinfected Files = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = no > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/local/Sophos/ide > Sophos Lib Dir = /usr/local/Sophos/lib > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum Compression Ratio = 250 > > > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > > > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.rules.conf > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > > Quarantine Infections = yes > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > > Stored Bad Content Message Report = %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > > Disinfected Report = %report-dir%/disinfected.report.txt > > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 5 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet > E-Mail Service Provider for details > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > > > Scanned Subject Text = {Scanned} > Virus Modify Subject = start > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = start > High Scoring Spam Subject Text = {Spam?} > > Warning Is Attachment = yes > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = ISO-8859-1 > Archive Mail = > Send Notices = yes > Notices Include Full Headers = yes > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = postmaster > Local Postmaster = postmaster > > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = spamhaus.org SBL+XBL > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 2 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Max Spam Check Size = 150000 > > Use SpamAssassin = yes > Max SpamAssassin Size = 40k > Required SpamAssassin Score = 3 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > > MCP Modify Subject = start > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {MCP?} > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.58.9 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > > Always Looked Up Last = &MailWatchLogging > Always Looked Up Last After Batch = no > Deliver In Background = yes > > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions > Lock Type = > Minimum Code Status = supported > > -------------------------------------------------------------------------------------------------------------------------------------- > My /etc/MailScanner/spam.assassin.prefs.conf is as follows: > > dns_available yes > bayes_path /var/spool/MailScanner/spamassassin/bayes > bayes_file_mode 0770 > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information > > lock_method flock > > use_auto_whitelist 0 > > ifplugin Mail::SpamAssassin::Plugin::Pyzor > pyzor_path /usr/local/bin/pyzor > endif > > ifplugin Mail::SpamAssassin::Plugin::DCC > dcc_path /usr/local/bin/dccproc > endif > > score RCVD_IN_BL_SPAMCOP_NET 4 > > envelope_sender_header X-MailScanner-From > > ------------------------------------------------------------------------------------------------------------------------------------- > sa-learn --dump magic -D shows the follows: > > mail:/var/spool/MailScanner/spamassassin # sa-learn --dump magic -D > > [27360] dbg: logger: adding facilities: all > [27360] dbg: logger: logging level is DBG > [27360] dbg: generic: SpamAssassin version 3.1.6 > [27360] dbg: config: score set 0 chosen. > [27360] dbg: util: running in taint mode? yes > [27360] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [27360] dbg: util: PATH included '/sbin', keeping > [27360] dbg: util: PATH included '/usr/sbin', keeping > [27360] dbg: util: PATH included '/usr/local/sbin', keeping > [27360] dbg: util: PATH included '/opt/gnome/sbin', keeping > [27360] dbg: util: PATH included '/root/bin', keeping > [27360] dbg: util: PATH included '/usr/local/bin', keeping > [27360] dbg: util: PATH included '/usr/bin', keeping > [27360] dbg: util: PATH included '/usr/X11R6/bin', keeping > [27360] dbg: util: PATH included '/bin', keeping > [27360] dbg: util: PATH included '/usr/games', keeping > [27360] dbg: util: PATH included '/opt/gnome/bin', keeping > [27360] dbg: util: PATH included '/opt/kde3/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/mit/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/mit/sbin', keeping > [27360] dbg: util: PATH included '/usr/lib/qt3/bin', keeping > [27360] dbg: util: final PATH set to: > /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin > [27360] dbg: message: ---- MIME PARSER START ---- > [27360] dbg: message: main message type: text/plain > [27360] dbg: message: parsing normal part > [27360] dbg: message: added part, type: text/plain > [27360] dbg: message: ---- MIME PARSER END ---- > [27360] dbg: dns: is Net::DNS::Resolver available? yes > [27360] dbg: dns: Net::DNS version: 0.59 > [27360] dbg: config: using "/etc/mail/spamassassin" for site rules pre files > [27360] dbg: config: read file /etc/mail/spamassassin/init.pre > [27360] dbg: config: read file /etc/mail/spamassassin/v310.pre > [27360] dbg: config: read file /etc/mail/spamassassin/v312.pre > [27360] dbg: config: using "/usr/share/spamassassin" for sys rules pre files > [27360] dbg: config: using "/usr/share/spamassassin" for default rules dir > [27360] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [27360] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf > [27360] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [27360] dbg: config: read file /etc/mail/spamassassin/local.cf > [27360] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f090) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e115ec) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e34804) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [27360] dbg: pyzor: network tests on, attempting Pyzor > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e3a0bc) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [27360] dbg: razor2: razor2 is not available > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13f68) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [27360] dbg: reporter: network tests on, attempting SpamCop > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3f54) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b2d4) > [27360] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043ef8) > [27360] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f50) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052c34) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) > [27360] dbg: config: adding redirector regex: > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [27360] dbg: config: adding redirector regex: > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [27360] dbg: config: adding redirector regex: > m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i > [27360] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) implements > 'finish_parsing_end' > [27360] dbg: replacetags: replacing tags > [27360] dbg: replacetags: done replacing tags > [27360] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_toks > [27360] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_seen > [27360] dbg: bayes: found bayes db version 3 > [27360] dbg: bayes: DB journal sync: last sync: 1212657053 > [27360] dbg: config: score set 3 chosen. > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 32262 0 non-token data: nspam > 0.000 0 41829 0 non-token data: nham > 0.000 0 145597 0 non-token data: ntokens > 0.000 0 1211879603 0 non-token data: oldest atime > 0.000 0 1212660698 0 non-token data: newest atime > 0.000 0 1212657053 0 non-token data: last journal sync atime > 0.000 0 1212572821 0 non-token data: last expiry atime > 0.000 0 691200 0 non-token data: last expire atime delta > 0.000 0 59972 0 non-token data: last expire > reduction count > [27360] dbg: bayes: untie-ing > [27360] dbg: bayes: untie-ing db_toks > [27360] dbg: bayes: untie-ing db_seen > > > ------------------------------------------------------------------------------------------------------------------------------------- > > Please help me so that i can fix my mailscanner to catch low scoring > spams. Also please tell me how do i know whether mailscanner is using > and checking the lists specified in SPAM LIST. I can not see any > error in /var/log/mail. > > I can see spamd entries getting logged only when our users send mails, > not when receiving mails from outside like the following: > > ----------------------------------------- > Jun 5 15:32:39 mail spamd[23430]: spamd: result: . -3 - > ALL_TRUSTED,BAYES_00 > scantime=0.6,size=2036,user=spamuser,uid=3000,required_score=3.0, > rhost=localhost,raddr=127.0.0.1,rport=27589,mid=<1675.122.163.77.164.1212660155. > squirrel@mail.econdse.org>,bayes=5.55111512312578e-17,autolearn=ham > -------------------------------------------------------------------------------- > > Hope you would be kind enough to go through my mail and help me out. > > Regards > vinu > > > > > > > > On Tue, May 27, 2008 at 8:49 PM, Scott Silva wrote: >> Comments are inline ... >> >>> Dear all, >>> I am just a beginner to postfix,spamassassin,Mailscanner and >>> mailwatch. I recently installed a mail server with the following and >>> is working fine except for one problem that mailscanner+spamassassin >>> combination is not detecting mails with SA Score lower than the >>> Required Spamassassin score ( I use 3) as spam though they are >>> definitely spam. The mailscanner+spamassassin combination tags mails >>> with SA score greater than the Required Spamassassin score as spam. >>> >>> postfix.2.3.2-28 >>> Spamassassin.3.1.6-15 >>> MailScanner 4.58.9 >> >> All older versions of the software. It might be adding to your problems. >>> >>> I have been reading different posts on mailscanner and about >>> spamassassin to understand why low scoring mails are not detected as >>> spam by mailscanner+spamassassin. >>> >>> The following are the things I could find out . >>> >>> 1. The headers of mails does not contain "autolearn=spam" in the mail >>> header and rest of the fields are there. (See below) >>> >>> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >>> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09, >>> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00, >>> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12, >>> INFO_TLD 1.27) >>> >>> 2. the /root/.spamassassin folder does not contain any bayes related >>> database. >> >> When running with postfix, MailScanner runs as postfix and cannot access the >> /root directory. Maybe you missed some steps in the postfix howtos. >> http://www.mailscanner.info/postfix.html and >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation >> You need the bayes directory somewhere that the postfix user can access. >> >> Maybe Glenn will chime in here. >> >> >>> >>> 3. I could not see anything in /var/log/mail which says mailscanner >>> is checking the Spam Lists. >>> >>> *********************************************** >>> When I tried to test the spamassassin configuration with "spamassassin >>> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please >>> rerun with debug enabled for more information" >>> >>> Please see the result below. : >>> >>> >>> --------------------------------------------------------------------------------------------- >>> mail:/etc/MailScanner # spamassassin -D --lint >>> >>> [4882] dbg: logger: adding facilities: all >>> [4882] dbg: logger: logging level is DBG >>> [4882] dbg: generic: SpamAssassin version 3.1.6 >>> [4882] dbg: config: score set 0 chosen. >>> [4882] dbg: util: running in taint mode? yes >>> [4882] dbg: util: taint mode: deleting unsafe environment variables, >>> resetting PATH >>> [4882] dbg: util: PATH included '/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/local/sbin', keeping >>> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping >>> [4882] dbg: util: PATH included '/root/bin', keeping >>> [4882] dbg: util: PATH included '/usr/local/bin', keeping >>> [4882] dbg: util: PATH included '/usr/bin', keeping >>> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping >>> [4882] dbg: util: PATH included '/bin', keeping >>> [4882] dbg: util: PATH included '/usr/games', keeping >>> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping >>> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >>> [4882] dbg: util: final PATH set to: >>> >>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >>> [4882] dbg: message: ---- MIME PARSER START ---- >>> [4882] dbg: message: main message type: text/plain >>> [4882] dbg: message: parsing normal part >>> [4882] dbg: message: added part, type: text/plain >>> [4882] dbg: message: ---- MIME PARSER END ---- >>> [4882] dbg: dns: is Net::DNS::Resolver available? yes >>> [4882] dbg: dns: Net::DNS version: 0.59 >>> [4882] dbg: diag: perl platform: 5.008008 linux >>> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11 >>> [4882] dbg: diag: module installed: HTML::Parser, version 3.55 >>> [4882] dbg: diag: module installed: MIME::Base64, version 3.07 >>> [4882] dbg: diag: module installed: DB_File, version 1.814 >>> [4882] dbg: diag: module installed: Net::DNS, version 0.59 >>> [4882] dbg: diag: module installed: Net::SMTP, version 2.29 >>> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require' >>> failed) >>> [4882] dbg: diag: module not installed: IP::Country::Fast ('require' >>> failed) >>> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' >>> failed) >>> [4882] dbg: diag: module not installed: Net::Ident ('require' failed) >>> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' >>> failed) >>> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >>> [4882] dbg: diag: module installed: Time::HiRes, version 1.86 >>> [4882] dbg: diag: module installed: DBI, version 1.52 >>> [4882] dbg: diag: module installed: Getopt::Long, version 2.35 >>> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033 >>> [4882] dbg: diag: module installed: HTTP::Date, version 1.47 >>> [4882] dbg: diag: module installed: Archive::Tar, version 1.30 >>> [4882] dbg: diag: module installed: IO::Zlib, version 1.04 >>> [4882] dbg: ignore: using a test message to lint rules >>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre >>> files >>> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre >>> files >>> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir >>> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [4882] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >>> [4882] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir >>> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [4882] dbg: pyzor: local tests only, disabling Pyzor >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [4882] dbg: razor2: local tests only, skipping Razor >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [4882] dbg: reporter: local tests only, disabling SpamCop >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8) >>> [4882] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c) >>> [4882] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >>> @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >>> @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >>> [4882] dbg: config: adding redirector regex: >>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >>> [4882] dbg: config: adding redirector regex: >>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [4882] warn: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements >>> 'finish_parsing_end' >>> [4882] dbg: replacetags: replacing tags >>> [4882] dbg: replacetags: done replacing tags >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >> >> Here is your error. Mailscanner running as postfix cannot access /root >> directory. You need to set a bayes path somewhere that postfix has access, >> and then you will need to do some training. >> >>> [4882] dbg: config: score set 0 chosen. >>> [4882] dbg: message: ---- MIME PARSER START ---- >>> [4882] dbg: message: main message type: text/plain >>> [4882] dbg: message: parsing normal part >>> [4882] dbg: message: added part, type: text/plain >>> [4882] dbg: message: ---- MIME PARSER END ---- >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [4882] dbg: dns: is DNS available? 0 >>> [4882] dbg: metadata: X-Spam-Relays-Trusted: >>> [4882] dbg: metadata: X-Spam-Relays-Untrusted: >>> [4882] dbg: metadata: X-Spam-Relays-Internal: >>> [4882] dbg: metadata: X-Spam-Relays-External: >>> [4882] dbg: message: no encoding detected >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'parsed_metadata' >>> [4882] dbg: rules: local tests only, ignoring RBL eval >>> [4882] dbg: check: running tests for priority: 0 >>> [4882] dbg: rules: running header regexp tests; score so far=0 >>> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" >>> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: >>> "1211883990" >>> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit: >>> "<1211883990@lint_rules> >>> [4882] dbg: rules: " >>> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: >>> "@lint_rules>" >>> [4882] dbg: eval: all '*From' addrs: >>> ignore@compiling.spamassassin.taint.org >>> [4882] dbg: eval: all '*To' addrs: >>> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit >>> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=-0.001 >>> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" >>> [4882] dbg: uri: running uri tests; score so far=-0.001 >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [4882] dbg: bayes: not scoring message, returning undef >>> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=-0.001 >>> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001 >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'check_tick' >>> [4882] dbg: check: running tests for priority: 500 >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'check_post_dnsbl' >>> [4882] dbg: rules: running meta tests; score so far=-0.001 >>> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency >>> 'DCC_CHECK' >>> [4882] dbg: rules: running header regexp tests; score so far=1.866 >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=1.866 >>> [4882] dbg: uri: running uri tests; score so far=1.866 >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=1.866 >>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >>> [4882] dbg: check: running tests for priority: 1000 >>> [4882] dbg: rules: running meta tests; score so far=1.866 >>> [4882] dbg: rules: running header regexp tests; score so far=1.866 >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=1.866 >>> [4882] dbg: uri: running uri tests; score so far=1.866 >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=1.866 >>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >>> [4882] dbg: check: is spam? score=1.866 required=5 >>> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE >>> [4882] dbg: check: >>> >>> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >>> [4882] warn: lint: 1 issues detected, please rerun with debug enabled >>> for more information >>> >>> >>> ------------------------------------------------------------------------------------------------------------------------------------------------------ >>> >>> Is the warning because of >>> >>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [4882] warn: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> >>> and can I ignore it?? ( I dont have pyzor installed. Is it a must to >>> have pyzor installed??) >> >> Either install pyzor, or disable the plugin line that tries to load it. >> Look in all your .pre files in /etc/mail/spamassassin >>> >>> >>> ******************************************************************************************************************* >>> >>> >>> When I tried sa-learn --dump magic -D, I got the following error : >>> >>> ERROR: Bayes dump returned an error, please re-run with -D for more >>> information >> >> Again, no bayes db to dump. >>> >>> >>> >>> ----------------------------------------------------------------------------------------- >>> mail:/etc/mail/spamassassin # sa-learn --dump magic -D >>> [2675] dbg: logger: adding facilities: all >>> [2675] dbg: logger: logging level is DBG >>> [2675] dbg: generic: SpamAssassin version 3.1.6 >>> [2675] dbg: config: score set 0 chosen. >>> [2675] dbg: util: running in taint mode? yes >>> [2675] dbg: util: taint mode: deleting unsafe environment variables, >>> resetting PATH >>> [2675] dbg: util: PATH included '/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/local/sbin', keeping >>> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping >>> [2675] dbg: util: PATH included '/root/bin', keeping >>> [2675] dbg: util: PATH included '/usr/local/bin', keeping >>> [2675] dbg: util: PATH included '/usr/bin', keeping >>> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping >>> [2675] dbg: util: PATH included '/bin', keeping >>> [2675] dbg: util: PATH included '/usr/games', keeping >>> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping >>> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >>> [2675] dbg: util: final PATH set to: >>> >>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >>> [2675] dbg: message: ---- MIME PARSER START ---- >>> [2675] dbg: message: main message type: text/plain >>> [2675] dbg: message: parsing normal part >>> [2675] dbg: message: added part, type: text/plain >>> [2675] dbg: message: ---- MIME PARSER END ---- >>> [2675] dbg: dns: is Net::DNS::Resolver available? yes >>> [2675] dbg: dns: Net::DNS version: 0.59 >>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre >>> files >>> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre >>> files >>> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir >>> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [2675] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >>> [2675] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir >>> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [2675] dbg: pyzor: network tests on, attempting Pyzor >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [2675] dbg: razor2: razor2 is not available >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [2675] dbg: reporter: network tests on, attempting SpamCop >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0) >>> [2675] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14) >>> [2675] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >>> @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >>> @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >>> [2675] dbg: config: adding redirector regex: >>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >>> [2675] dbg: config: adding redirector regex: >>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >>> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [2675] info: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> [2675] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements >>> 'finish_parsing_end' >>> [2675] dbg: replacetags: replacing tags >>> [2675] dbg: replacetags: done replacing tags >>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [2675] dbg: config: score set 1 chosen. >>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> ERROR: Bayes dump returned an error, please re-run with -D for more >>> information >>> >>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> --> Am I getting this error because there are no bayes related files >>> in the /root/.spamassassin directory?? (its empty now) >>> >>> --> If yes, should I use the following command to create them?? >>> >>> # sa-learn --showdots --spam >>> /home//Maildir/cur (this is my inbox) >>> >>> >>> # sa-learn --showdots --ham /home/Maildir/.spam/cur >>> (this is where i filter all my {spam?} tagged mails) >>> >>> >>> ---> After this if i restart spamassassin, will >>> spamassassin+mailscanner start doing the bayes autolearn and check the >>> lists specified in Spam Lists option of the mailscanner? If not, what >>> should I do to get my spamassassin+mailscanner start doing the bayes >>> autolearn and check the lists specified in Spam Lists option of the >>> mailscanner? >>> >>> >>> Hope someone would be kind enough to help me. >>> >>> Expecting an early reply >>> >>> sincerely yours >> >> >> -- >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > From velda.midanovic at trezor.sr.gov.yu Wed Jun 18 10:02:55 2008 From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic) Date: Wed Jun 18 10:08:36 2008 Subject: Upgrade of MailScanner Message-ID: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> I have a following combination : RH4, MailScanner 4.58.9, ClamAV, SmapAssassin, all working very well together. The problem is that I get quite some backscatter on some of my users, and since watermarking may solve at least some of my problems, I plant to use it. Alas!!! My version of MailScanner does not support watermarking.... So I should upgrade. BUT I installed all from TAR packages. So how do I do it? Here is my output of #MailScanner -v : This is MailScanner version 4.58.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001008 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.24 Net::IP 0.57 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Pllease help. Velda -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/bb8da3ce/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jun 18 10:47:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 18 10:48:04 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <4858D9C4.4000901@ecs.soton.ac.uk> Donnie D. Quindardo wrote: > Hi Jules, > > Best of luck with the operation and future health. Thank you for your > help on my previous questions. > > One other thing that I've been pondering: > > - I currently use CentOS and was wondering if extracting the > mailscanner*.rpm from the stable download tar.gz file and running > rpm -Uvh mailscanner*.rpm would be okay? That all depends on what you have installed at the moment. If I were you I would just run ./install.sh fast and it will get through the install process pretty quickly. > > > Julian Field wrote: >> I have just released the latest stable version of MailScanner, >> version 4.70.6. >> >> The main new features this time are: >> - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. >> - New setting "Dont Sign HTML If Headers Exist" to provide finer >> control over placement of HTML signatures. >> - All known problems with Watermarks fixed. >> - Improvements to filename and filetype checks to allow for common >> mistakes in filename patterns. >> - Added "ID Header" setting to allow the X-MailScanner-ID: header to >> be customised or removed. >> - Minor improvements to the phishing net. >> - Improvement to checking of "Sophos Allowed Error Messages". >> >> Download as usual from www.mailscanner.info. >> >> The full Change Log is this: >> >> * New Features and Improvements * >> 1 Improvement to OLE document unpacking code, more likely to extract >> embedded >> files correctly. >> 1 Added new setting "Dont Sign HTML If Headers Exist" to provide >> finer control >> over placement of HTML signatures. If any of the named headers exist in >> the message, the message is deemed to be a "reply", and so the HTML >> signature is not attached. By default this functionality is switched >> off >> by not specifying any header names. >> 2 Improvement to Filename and Filetype checks to catch mistakenly >> starting a >> regular expression with a "*" on its own, as in "*.pdf" or just "*". >> 2 Improved message reporting when Sophos finds password-protected zip >> archives. >> 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to >> upgrade your >> ClamAV+SpamAssassin installation, using the download package I provide. >> 3 Improved update_bad_phishing_sites to support proxy_* environment >> variables. >> Thanks to Heinz.Knutzen@dataport.de for this. >> 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV >> 0.22. >> 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in >> SpamAssassin by default now. >> 3 Improvements to handling of Watermarks to resolve various problems >> with them. >> 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install >> package. >> 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. >> Thanks >> to Anthony Cartmell for this idea. >> 6 Changed Watermarking, so it only checks if there was a SMTP client >> IP address >> as we don't want to block messages we generated on the MailScanner >> server. >> 6 Added "ID Header" setting so that you can choose whether or not you >> want >> the header showing the MailScanner message id value. If you don't >> want the >> header then set this to be blank. >> 6 Minor improvement to link detection in the phishing net. >> >> * Fixes * >> 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. >> 2 Fixed output text error in upgrade_MailScanner_conf. >> 3 Bugfixes to Watermark handling and logging. >> 4 More fixes to Watermark handling. >> 5 More fixes to Watermark handling, and a minor header change. >> 6 Made check for Sophos Allowed Error Messages case-insensitive. >> >> Jules >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Wed Jun 18 10:47:27 2008 From: ja at conviator.com (Jan Agermose) Date: Wed Jun 18 10:48:46 2008 Subject: whitelisting/sorbs Message-ID: hi this might actually not be mailscanner related - maybe its more sendmail - if so forgive me. we are using sorbs blacklist and its blacklisting gmail and one of our partners. How can I whitelist the IPs - make sure that sorbs is not asked or something for the IPs I know to be OK? Can I add the IPS in /etc/mail/access or something? regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/b74b45aa/attachment.html From telecaadmin at gmail.com Wed Jun 18 11:00:44 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Jun 18 11:03:13 2008 Subject: whitelisting/sorbs In-Reply-To: References: Message-ID: <4858DCCC.4040002@gmail.com> > we are using sorbs blacklist and its blacklisting gmail and one of our > partners. How can I whitelist the IPs - make sure that sorbs is not > asked or something for the IPs I know to be OK? Can I add the IPS in > /etc/mail/access or something? The question is HOW you use the sorbs lists. 1) If you're using RBLs on the SMTP level, you must make sure that you have a whitelist file which "overrides" all later checkes. As I'm a postfixer, this is done by eg specifying check_sender_access hash:/etc/postfix/from_force_accepts, textually BEFORE any of the RBL checks. "from_force_accepts" will say "OK" and then all following checks are skipped. 2) You will have to ALSO whitelist them in MailScanner, by using a rule for the spam checks (can't think of the according config directive at the moment). That way the mails will be scanned, but not spam checked against the RBLs and rules and whatnot. Cheers, Ronny From craig at csfs.co.za Wed Jun 18 11:06:34 2008 From: craig at csfs.co.za (Craig Retief) Date: Wed Jun 18 11:09:09 2008 Subject: Upgrade of MailScanner In-Reply-To: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> References: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> Message-ID: <1213783594.7222.18.camel@cX> On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: > I have a following combination : RH4, MailScanner 4.58.9, ClamAV, > SmapAssassin, all working very well together. > > The problem is that I get quite some backscatter on some of my users, > and since watermarking may solve at least some of my problems, I plant > to use it. > > Alas!!! > > My version of MailScanner does not support watermarking.... > > So I should upgrade. BUT I installed all from TAR packages. So how do > I do it? > What I usually do is the following after downloading the tarball to your server: 1. disable the check_mailscanner command in crontab with # 2. move the softlink in /opt like this : [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 3. unpack Jules's TAR package 4. Run the install.sh script 5. change directory to /opt/MailScanner/etc and run the following command: [root@host]# ../bin/upgrade_MailScanner_conf /opt/MailScanner_4.58.9/etc/MailScanner.conf /opt/MailScanner/etc/MailScanner.conf > MailScanner.new [root@host]# vi MailScanner.new (here I check that all the settings are still correct and see what new toys Jules added to the mix) [root@host]# mv MailScanner.conf MailScanner.old [root@host]# mv MailScanner.new MailScanner.conf 6. change directory to reports/en and run the following command: [root@host]# ../../../bin/upgrade_languages_conf /opt/MailScanner_4.58.9/etc/reports/en/languages.conf /opt/MailScanner/etc/reports/en/languages.conf > languages.new [root@host]# mv languages.conf languages.old [root@host]# mv languages.new languages.conf [root@host]# cp /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) [root@host]# ?cp /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and MailWatch.pm files to the new install like this: [root@host]# cd /opt/MailScanner/lib/MailScanner/CustomFunctions/ [root@host]# cp /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBlackWhiteList.pm ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?MailWatch.pm . (note the dot) 8. That shoudl be about all, then you can run the follwing command and monitor the log file for any errors: [root@host]# /opt/MailScanner/bin/check_mailscanner; tail -f /var/log/maillog 9. Re-enable the cronjob if all went well If I missed a step someone might like to point it out. Cheers Craig > Here is my output of #MailScanner ?v : > > This is MailScanner version 4.58.9 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.14 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.10 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.18 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.814 DB_File > > 1.12 DBD::SQLite > > 1.50 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.10 Digest::SHA1 > > 0.44 Inline > > missing Mail::ClamAV > > 3.001008 Mail::SpamAssassin > > 1.999001 Mail::SPF::Query > > 0.20 Net::CIDR::Lite > > 1.24 Net::IP > > 0.57 Net::DNS > > 0.31 Net::LDAP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.56 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > Pllease help. > > Velda > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/531d7269/attachment.html From martinh at solidstatelogic.com Wed Jun 18 11:44:06 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 18 11:44:18 2008 Subject: Upgrade of MailScanner In-Reply-To: <1213783594.7222.18.camel@cX> Message-ID: <0cd6dd129330114f83a330924db36921@solidstatelogic.com> Slight variation.. 1. login to the mailscanner computer and download the latest version of the software 2 .extract the archive with tar zxf MailScanner-install-.tar.gz 3 cd to the directory extracted and su to root 4 run the installer which will put the files onto /opt/MailScanner- an d install ant perl modules requires with ./install.sh 5 cd to the newly created directory in /opt and copy the rule files etc over from the running system: 6 cd /opt/MailScanner- 7 cd ../lib/MailScanner/CustomFunctions 8 cp /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm . 9 cd ../../../etc/rules 10 cp /opt/MailScanner/etc/rules/*.rules . 11 cd ../reports/en 12 cp /opt/MailScanner/etc/reports/en/inline.sig.* . 13 cd ../../ 14 cp /opt/MailScanner/etc/spam.assassin.prefs.conf . 15 finally merge in the existing settings file with the new one using the following: 16 ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new 17 mv MailScanner.conf MailScanner.old 18 mv MailScanner.new MailScanner.conf The last stage is to run the new version rather than the old: 19 cd /opt 20 /usr/local/etc/rc.d/MailScanner.sh stop (or whatever you use to stop) 21 rm MailScanner 22 ln -s MailScanner- MailScanner 23 /usr/local/etc/rc.d/MailScanner.sh start Steps 19-23 are the only time when you need to stop MS, therefore downtime is pretty minimal Backout if things go wrong is easy - redo 19-23 using the oldversion of MS rather than new version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Craig Retief > Sent: 18 June 2008 11:07 > To: MailScanner discussion > Subject: Re: Upgrade of MailScanner > > > > On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: > > I have a following combination : RH4, MailScanner > 4.58.9, ClamAV, SmapAssassin, all working very well together. > > The problem is that I get quite some backscatter on > some of my users, and since watermarking may solve at least > some of my problems, I plant to use it. > > Alas!!! > > My version of MailScanner does not support watermarking.... > > So I should upgrade. BUT I installed all from TAR > packages. So how do I do it? > > > > What I usually do is the following after downloading the > tarball to your server: > > 1. disable the check_mailscanner command in crontab with # > 2. move the softlink in /opt like this : > [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 > 3. unpack Jules's TAR package > 4. Run the install.sh script > 5. change directory to /opt/MailScanner/etc and run the > following command: > [root@host]# ../bin/upgrade_MailScanner_conf > /opt/MailScanner_4.58.9/etc/MailScanner.conf > /opt/MailScanner/etc/MailScanner.conf > MailScanner.new > [root@host]# vi MailScanner.new (here I check that > all the settings are still correct and see what new toys > Jules added to the mix) > [root@host]# mv MailScanner.conf MailScanner.old > [root@host]# mv MailScanner.new MailScanner.conf > 6. change directory to reports/en and run the following command: > [root@host]# ../../../bin/upgrade_languages_conf > /opt/MailScanner_4.58.9/etc/reports/en/languages.conf > /opt/MailScanner/etc/reports/en/languages.conf > languages.new > [root@host]# mv languages.conf languages.old > [root@host]# mv languages.new languages.conf > [root@host]# cp > /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) > [root@host]# ?cp > /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the > dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and > MailWatch.pm files to the new install like this: > [root@host]# cd > /opt/MailScanner/lib/MailScanner/CustomFunctions/ > [root@host]# cp > /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBl > ackWhiteList.pm > ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?Mail > Watch.pm . (note the dot) > 8. That shoudl be about all, then you can run the follwing > command and monitor the log file for any errors: > [root@host]# /opt/MailScanner/bin/check_mailscanner; tail > -f /var/log/maillog 9. Re-enable the cronjob if all went well > > > If I missed a step someone might like to point it out. > > Cheers > > Craig > > > > > Here is my output of #MailScanner ?v : > > This is MailScanner version 4.58.9 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.14 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.10 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.18 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.814 DB_File > > 1.12 DBD::SQLite > > 1.50 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.10 Digest::SHA1 > > 0.44 Inline > > missing Mail::ClamAV > > 3.001008 Mail::SpamAssassin > > 1.999001 Mail::SPF::Query > > 0.20 Net::CIDR::Lite > > 1.24 Net::IP > > 0.57 Net::DNS > > 0.31 Net::LDAP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.56 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > Pllease help. > > Velda > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner > , and is > believed to be clean. > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From craig at csfs.co.za Wed Jun 18 12:03:43 2008 From: craig at csfs.co.za (Craig Retief) Date: Wed Jun 18 12:07:02 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: <4858191B.4010103@ecs.soton.ac.uk> References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <1213787023.7222.27.camel@cX> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: stock_smiley-1.png Type: image/png Size: 873 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/069b63fc/stock_smiley-1.png From theodrake at comcast.net Wed Jun 18 13:25:43 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:26:09 2008 Subject: Health update In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> Message-ID: <4858FEC7.1010004@comcast.net> Christian Rasmussen wrote: > I've been a sysadmin for so long I don't think anyone would have much > use for my liver. > LOL. If I ever need a liver I'm moving to Utah. later, From theodrake at comcast.net Wed Jun 18 13:27:08 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:27:31 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4858FF1C.6010709@comcast.net> Luck Jules. From theodrake at comcast.net Wed Jun 18 13:28:58 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:29:18 2008 Subject: Health update In-Reply-To: <48561153.3080806@tradoc.fr> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> <48561153.3080806@tradoc.fr> Message-ID: <4858FF8A.1040305@comcast.net> John Wilcock wrote: > --[ UxBoD ]-- a ?crit : >> All the best Jules ... Wish you a short wait and a very speedy >> recovery ... Make sure the nice nurse keeps your laptop well out of >> reach! > > I beg to differ ;-) Keeping Julian from his laptop would be terrible > for his mental well-being! > > Julian, may the time that you're *not* straining to get at your laptop > after the op be as short as possible! I'm looking forward to another right up on how he gets past all the internet security. From Denis.Beauchemin at USherbrooke.ca Wed Jun 18 13:54:36 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 18 13:55:05 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> References: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> Message-ID: <4859058C.6070803@USherbrooke.ca> Dave Jones a ?crit : > >Dave Jones a ?crit : > >> > >> >> You can reinstall MailScanner but you will still have the same perl > >> >> conflicts next time a perl module gets updated on RPMforge (or > >> >> whatever your repo is that has the conflicting package). > >> >> > >> >> I would simply force the install of the perl modules (I do it > all the > >> >> time) with the conflict from the MailScanner installation: > >> >> > >> >> # rpm -Uhv --force > >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > >> >> > >> >> Substitute "rpmforge" above with whatever your repository name > is and > >> >> the RPM file in question. > >> >> > >> >> Dave > >> >> > >> >> -- > >> >> Dave Jones > >> >Dave, > >> > > >> >It didn't work on my RHEL 5.2 server: > >> >[root@smtps ~]# rpm -Uvh --force > >> > >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/lost\+found/.*. > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/\.journal. > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/lost\+found. > >> >Preparing... > ########################################### > >> >[100%] > >> >1:perl ########################################### > >> >[100%] > >> >[root@smtps ~]# MailScanner --lint > >> > > >> > > >> >**** ERROR: You must upgrade your perl IO module to at least > >> >**** ERROR: version 1.2301 or MailScanner will not work! > >> > > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp > >> >perl-Math-BigInt perl-Math-BigRat perl-bignum > >> > > >> >Denis > >> > >> Sounds like you might have SELinux active. Run "getenforce" and if it > >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then > >> run your command again. > >> > >> If permissive mode allows the package install command to work with > >> --force, then disable SELinux or try your hand at updating the SELinux > >> policy that is preventing it from installing. RHEL 5 is supposed to > >> be much easier to customize SELinux policies but I haven't played with > >> it yet. I still just disable it during the install and go... > >> > >> -- > >> Dave Jones > > > >Dave, > > > >It is disabled on all my servers (I just checked and getenforce returns > >Disabled)... I see the "selinux" messages all the time whenever I > >install or upgrade an RPM... to the point where I don't even pay any > >attention to them... could have been the reason I had problem, though! > > > >Denis > Now that I see your repo is "rhel-i386-server-5" then there could be a few > other things it could be. What repos do you have installed and > active? If > you have RPMforge installed (which every CentOS box should have), it may > overlap some packages with with the RHEL repo. We install RPMforge on our > RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we > only enable it for specific packages from the command line with the > "--enable-repo=rpmforge" option. > > On a RHEL server like yours, the perl packages should come from the RHEL > repo to keep everything clean. Is it possible that perl was updated or > installed from another source? You might try removing and > reinstalling perl > after making sure that the only active repo is "rhel-i386-server-5." > -- > Dave Jones Dave, The only repo I used until 1 week ago was RedHat's. I added rpmforge since but didn't upgrade anything from them (just used it to install clamd). So this behaviour is really RedHat's own. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Robert.Meurlin at se.fujitsu.com Wed Jun 18 14:26:17 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed Jun 18 14:43:59 2008 Subject: SV: SV: SV: mailscanner dont process email at all In-Reply-To: <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org><797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x><485660C0.1080803@USherbrooke.ca><797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> Message-ID: <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> root 3432 0.0 0.8 66852 35056 ? Ss 15:09 0:00 MailScanner: master waiting for children, sleeping root 3433 100 1.4 94092 57864 ? R 15:09 2:36 MailScanner: starting children If I start MailScanner with sendmail , it will just hang as seen. Can it be something with clam? MailScanner --lint configtest doesn't give anything. Iam running this on Suse Enterprise 64 bit and it was installed trough rpm packages. Is there any command to start mailscanner med n?got trace option? Robert -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 17 juni 2008 11:39 Till: MailScanner discussion ?mne: Re: SV: SV: mailscanner dont process email at all 2008/6/17 Meurlin Robert : > Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. > > Is the last option to reinstall mailscanner? All points to that is the problem. > Hej Robert, You mention configtest ... Is this a command? What is it supposed to do for you? Is this running on cPanel or similar? How did you do the install? What version of OS/distro are you using? The more details the better answers:-). Tjena -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mi6 at orcon.net.nz Wed Jun 18 14:56:49 2008 From: mi6 at orcon.net.nz (Charlie) Date: Wed Jun 18 14:56:59 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Thanks for all the replies. In response to some of them: - we have now installed nscd, so output is now: # /etc/init.d/nscd status Status of Name Service Cache Daemon service: running - we have added 2 more MS children - we'll look into adding more RAM > 2-5 seconds per batch is pretty fast. Anything under 1 minute is > acceptable IMHO. > Why the concern about scan times?? Email isn't IM :-). Seriously why the > concern about scan times? The concern is that I am eventually looking to have over 10,000 users, so will be receiving, and then sending, multiple emails per second. Even now, with only 1,500 users, people have started reporting "Too many concurrent SMTP connections; Please try again later" They only started seeing this message after I turned on SpamAssassin. I am thinking that perhaps, as 99% of the emails we receive are not spam, that scanning for spam may be an unnecessary luxury, once email volumes reach a certain level. From alex at rtpty.com Wed Jun 18 15:02:54 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jun 18 15:03:22 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> References: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: <676D8DAA-5F99-4ECA-981E-29D021E18488@rtpty.com> Correlation is not causation. SpamAssassin doesn't increase the number of concurrent SMTP connections, as you receive e-mail normally *and then* have it scanned in batches, not "in-line". You should either increase (within reason) the number of possible incoming SMTP connections in your MTA so that this doesn't happen. If by increasing the possible incoming connections on the MTA your performance goes down, you should look into either increasing your hardware resources, tweaking your existing config, or getting more bandwidth if that's your bottleneck. On Jun 18, 2008, at 8:56 AM, Charlie wrote: > Even now, with only 1,500 users, people have started reporting "Too > many concurrent SMTP connections; Please try again later" From martinh at solidstatelogic.com Wed Jun 18 15:12:56 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 18 15:13:09 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: Charlie That's an MTA setup issue.....not mailscanner! Have you got a gateway machine ot you running mailscanner on the mailserver -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 18 June 2008 14:57 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > Thanks for all the replies. In response to some of them: > > - we have now installed nscd, so output is now: > # /etc/init.d/nscd status > Status of Name Service Cache Daemon service: running > > - we have added 2 more MS children > - we'll look into adding more RAM > > > 2-5 seconds per batch is pretty fast. Anything under 1 minute is > > acceptable IMHO. > > Why the concern about scan times?? Email isn't IM :-). > Seriously why > > the concern about scan times? > > The concern is that I am eventually looking to have over > 10,000 users, so will be receiving, and then sending, > multiple emails per second. > Even now, with only 1,500 users, people have started > reporting "Too many concurrent SMTP connections; Please try > again later" > They only started seeing this message after I turned on > SpamAssassin. I am thinking that perhaps, as 99% of the > emails we receive are not spam, that scanning for spam may be > an unnecessary luxury, once email volumes reach a certain level. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Rich at GlaserTechnology.com Wed Jun 18 16:05:16 2008 From: Rich at GlaserTechnology.com (Rich Berrill) Date: Wed Jun 18 16:05:30 2008 Subject: MailScanner stops processing Message-ID: <86AE6EB9FC22024D91E76C0802A7D530646DC4@glaser-sbs.Glaser.local> I have MailScanner and SpamAssassin running on Ubuntu Server. About once a day it will stop processing email and the incoming mail will stack up in /var/spool/postfix/hold sometimes it gets up to 4 or 500 messages before it finally processes them and begins to empty. When it does empty it runs very fast. I removed the RBL's thinking they could be causing this and I also tested external DNS on some of the messages it was getting stuck on and I am seeing no problems at all there. I ran a MailScaner -debug -sa-debug the first time and saw that my bayes tables were reporting that they were damage so I repaired that. The next time I ran it, it completed but it hung for a good 2 minutes on the following line: [17790] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__M SOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__ TVD_BODY,__UNUSABLE_MSGID Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/e30a8fa4/attachment.html From jra at baylink.com Wed Jun 18 16:45:05 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jun 18 16:45:15 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080617172014.GQ840@cgi.jachomes.com> Message-ID: <20080618154505.GB6584@cgi.jachomes.com> On Tue, Jun 17, 2008 at 09:34:10AM -0800, Kevin Miller wrote: > > Yes, I'm sure it does. But the instructions only tell you to *run* it > > if you're doing an in-place upgrade. > > > > I wasn't. I was trying to do a parallel install, so I could test it > > and be able to back out if I screwed something up, as I noted. So I > > was using the "fresh install" instructions, and they don't mention it, > > for oblivious raisins. ;-) > > What I usually do in that situation is to tar up the /etc/MailScanner > tree and copy it to the new host, then do the install. The installer > will see the old conf & rule files, and create .rpmnew flavors. It > won't care that it isn't really already installed. You can then run the > upgrade_MailScanner script with expected results. I wasn't, at the time, trying to put it on a separate box. I am now. > BTY, Julian's published a book on MailScanner - it's worth the price of > admission. Especially if you boss is picking up the tab... Saw that; thanks for the good review. I'll grab it. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From MailScanner at ecs.soton.ac.uk Wed Jun 18 17:57:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 18 17:58:07 2008 Subject: Upgrade of MailScanner In-Reply-To: References: Message-ID: <48593E8A.7040205@ecs.soton.ac.uk> Can you put that somewhere prominent in the wiki please? How about we try to script some of this and I provide it in the distribution? Martin.Hepworth wrote: > Slight variation.. > > 1. login to the mailscanner computer and download the latest version of the software > > 2 .extract the archive with tar zxf MailScanner-install-.tar.gz > > 3 cd to the directory extracted and su to root > > 4 run the installer which will put the files onto /opt/MailScanner- an d install ant perl modules requires with ./install.sh > > 5 cd to the newly created directory in /opt and copy the rule files etc over from the running system: > > 6 cd /opt/MailScanner- > > 7 cd ../lib/MailScanner/CustomFunctions > > 8 cp /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm . > > 9 cd ../../../etc/rules > > 10 cp /opt/MailScanner/etc/rules/*.rules . > > 11 cd ../reports/en > > 12 cp /opt/MailScanner/etc/reports/en/inline.sig.* . > > 13 cd ../../ > > 14 cp /opt/MailScanner/etc/spam.assassin.prefs.conf . > > 15 finally merge in the existing settings file with the new one using the following: > > 16 ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new > > 17 mv MailScanner.conf MailScanner.old > > 18 mv MailScanner.new MailScanner.conf > > The last stage is to run the new version rather than the old: > > 19 cd /opt > > 20 /usr/local/etc/rc.d/MailScanner.sh stop (or whatever you use to stop) > > 21 rm MailScanner > > 22 ln -s MailScanner- MailScanner > > 23 /usr/local/etc/rc.d/MailScanner.sh start > > > Steps 19-23 are the only time when you need to stop MS, therefore downtime is pretty minimal > > Backout if things go wrong is easy - redo 19-23 using the oldversion of MS rather than new version. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Craig Retief >> Sent: 18 June 2008 11:07 >> To: MailScanner discussion >> Subject: Re: Upgrade of MailScanner >> >> >> >> On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: >> >> I have a following combination : RH4, MailScanner >> 4.58.9, ClamAV, SmapAssassin, all working very well together. >> >> The problem is that I get quite some backscatter on >> some of my users, and since watermarking may solve at least >> some of my problems, I plant to use it. >> >> Alas!!! >> >> My version of MailScanner does not support watermarking.... >> >> So I should upgrade. BUT I installed all from TAR >> packages. So how do I do it? >> >> >> >> What I usually do is the following after downloading the >> tarball to your server: >> >> 1. disable the check_mailscanner command in crontab with # >> 2. move the softlink in /opt like this : >> [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 >> 3. unpack Jules's TAR package >> 4. Run the install.sh script >> 5. change directory to /opt/MailScanner/etc and run the >> following command: >> [root@host]# ../bin/upgrade_MailScanner_conf >> /opt/MailScanner_4.58.9/etc/MailScanner.conf >> /opt/MailScanner/etc/MailScanner.conf > MailScanner.new >> [root@host]# vi MailScanner.new (here I check that >> all the settings are still correct and see what new toys >> Jules added to the mix) >> [root@host]# mv MailScanner.conf MailScanner.old >> [root@host]# mv MailScanner.new MailScanner.conf >> 6. change directory to reports/en and run the following command: >> [root@host]# ../../../bin/upgrade_languages_conf >> /opt/MailScanner_4.58.9/etc/reports/en/languages.conf >> /opt/MailScanner/etc/reports/en/languages.conf > languages.new >> [root@host]# mv languages.conf languages.old >> [root@host]# mv languages.new languages.conf >> [root@host]# cp >> /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) >> [root@host]# ?cp >> /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the >> dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and >> MailWatch.pm files to the new install like this: >> [root@host]# cd >> /opt/MailScanner/lib/MailScanner/CustomFunctions/ >> [root@host]# cp >> /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBl >> ackWhiteList.pm >> ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?Mail >> Watch.pm . (note the dot) >> 8. That shoudl be about all, then you can run the follwing >> command and monitor the log file for any errors: >> [root@host]# /opt/MailScanner/bin/check_mailscanner; tail >> -f /var/log/maillog 9. Re-enable the cronjob if all went well >> >> >> If I missed a step someone might like to point it out. >> >> Cheers >> >> Craig >> >> >> >> >> Here is my output of #MailScanner ?v : >> >> This is MailScanner version 4.58.9 >> >> Module versions are: >> >> 1.00 AnyDBM_File >> >> 1.16 Archive::Zip >> >> 1.03 Carp >> >> 1.119 Convert::BinHex >> >> 1.00 DirHandle >> >> 1.05 Fcntl >> >> 2.73 File::Basename >> >> 2.08 File::Copy >> >> 2.01 FileHandle >> >> 1.06 File::Path >> >> 0.14 File::Temp >> >> 0.90 Filesys::Df >> >> 1.35 HTML::Entities >> >> 3.54 HTML::Parser >> >> 2.37 HTML::TokeParser >> >> 1.21 IO >> >> 1.10 IO::File >> >> 1.123 IO::Pipe >> >> 1.71 Mail::Header >> >> 3.05 MIME::Base64 >> >> 5.420 MIME::Decoder >> >> 5.420 MIME::Decoder::UU >> >> 5.420 MIME::Head >> >> 5.420 MIME::Parser >> >> 3.03 MIME::QuotedPrint >> >> 5.420 MIME::Tools >> >> 0.10 Net::CIDR >> >> 1.08 POSIX >> >> 1.77 Socket >> >> 1.4 Sys::Hostname::Long >> >> 0.18 Sys::Syslog >> >> 1.86 Time::HiRes >> >> 1.02 Time::localtime >> >> >> >> Optional module versions are: >> >> 0.17 Convert::TNEF >> >> 1.814 DB_File >> >> 1.12 DBD::SQLite >> >> 1.50 DBI >> >> 1.15 Digest >> >> 1.01 Digest::HMAC >> >> 2.36 Digest::MD5 >> >> 2.10 Digest::SHA1 >> >> 0.44 Inline >> >> missing Mail::ClamAV >> >> 3.001008 Mail::SpamAssassin >> >> 1.999001 Mail::SPF::Query >> >> 0.20 Net::CIDR::Lite >> >> 1.24 Net::IP >> >> 0.57 Net::DNS >> >> 0.31 Net::LDAP >> >> 1.94 Parse::RecDescent >> >> missing SAVI >> >> 2.56 Test::Harness >> >> 0.47 Test::Simple >> >> 1.95 Text::Balanced >> >> 1.35 URI >> >> >> >> Pllease help. >> >> Velda >> >> >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner >> , and is >> believed to be clean. >> >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jun 18 20:20:27 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:20:55 2008 Subject: Health update In-Reply-To: <4858FEC7.1010004@comcast.net> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> <4858FEC7.1010004@comcast.net> Message-ID: on 6-18-2008 5:25 AM Ed spake the following: > Christian Rasmussen wrote: >> I've been a sysadmin for so long I don't think anyone would have much >> use for my liver. > > LOL. If I ever need a liver I'm moving to Utah. > > later, I've been in Utah. You would be surprised at how much of the non-Mormon population might not be that great of a liver donor! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/e37f2903/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:27:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:28:14 2008 Subject: Health update In-Reply-To: <4858FF8A.1040305@comcast.net> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> <48561153.3080806@tradoc.fr> <4858FF8A.1040305@comcast.net> Message-ID: on 6-18-2008 5:28 AM Ed spake the following: > John Wilcock wrote: >> --[ UxBoD ]-- a ?crit : >>> All the best Jules ... Wish you a short wait and a very speedy >>> recovery ... Make sure the nice nurse keeps your laptop well out of >>> reach! >> >> I beg to differ ;-) Keeping Julian from his laptop would be terrible >> for his mental well-being! >> >> Julian, may the time that you're *not* straining to get at your laptop >> after the op be as short as possible! > I'm looking forward to another right up on how he gets past all the > internet security. If it can be done, Julian will do it! I.m sure that for the first few weeks he might be in semi-isolation as the anti-rejection drugs can mess with your immunity for a while. That means nothing will come in that can't be sterilized. And for his health sake, I hope he follows the rules. We will just have to be content with whatever stable release we have and not ask for the next "world domination" feature for a while. The list has enough competent admin's to help with the newbies until he fells better and gets the restrictions lifted. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/19d60b6f/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:31:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:35:11 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> Message-ID: on 6-18-2008 12:27 AM vinayan KP spake the following: > Sir, > > I am trying to fix the problem of mailscanner+spamassassin installed > on my new postfix server not detecting mails with low SA score as > spam. But I can see my old mailscanner which receives mails and > forwards it to new postfix server detects them as spam and tags them > {Spam?}. I am saying a sorry in advance that I won't be able to try > your suggestions the same day and respond with results. I will be > able to do whatever you suggest when I get enough time. > > I have been suggested by Mr.Scott to install pyzor, set the bayes file > path, permission for the beyes files, then do sa-learn etc