From Rich.West at wesmo.com Sun Jun 1 04:00:29 2008 From: Rich.West at wesmo.com (Rich West) Date: Sun Jun 1 04:00:41 2008 Subject: Blacklist all + allow some? In-Reply-To: <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com> <48407440.2030009@evi-inc.com> <4840BA85.2000208@wesmo.com> <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> Message-ID: <484210CD.5020500@wesmo.com> Glenn Steen wrote: > I suppose you're asking what > syntax you need use for a ruleset "blacklisting" everything, and then > whitelisting some mails passing through MailScanner... In which case > you can do this with a normal ruleset ... The syntax is described in > numerous places (the EXAMPLES file in the rules subdirectory, the > wiki, the book...) ... So all you really need do is decide on what > setting (in MailScanner.conf) you should apply the ruleset, since this > will > a) decide what the rightmost value should be (it need make sense to > the setting applied to), and > b) affect what will actually happen. > > I'd think the "Is Definitely Spam"/"Is Definitely Not Spam" and > perhaps "Definite Spam Is Highscoring" settings could be used for > this, along with a "store" only "High Scoring Spam Actions" setting, > or similar ... (or perhaps use a SA "rule" to tag the messages and > selectively act on them with the new SA-rules actions... Seems a bit > backward, but might be more manageable for you). > > Note that for this to really work on a "per intern basis", you need > split your incoming mails into one/recipient, else MailScanner will > just use the rules applicable for the first recipient. > > Links that apply to all this: > http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Spam > http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Not%20Spam > http://www.mailscanner.info/MailScanner.conf.index.html#Definite%20Spam%20Is%20High%20Scoring > http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:split_mails_per_recipient > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient > (watch out for line wrapping in the above:-) > > HtH > Cheers > Ahh.. thanks. For what it is worth, I did check out a few of those (some within the wiki lead to blank pages, and others are examples that didn't really cover what I was looking for). I really thought that there might have been some special syntax I was missing for the per-user blacklist rule where you'd have one master blacklist rule for that user which says "block everything" and the whitelist rules allowing email from certain individuals (whitelists win). Thankfully, I already split the emails to one per recipient. Perhaps you are right.. an "Is Definitely Spam" ruleset might do the trick. With entries like "To: user@mydomain.com yes"... Hrmm.. I will have to test that. Of course, after the first request at work to block inbound to a single user, I now have a list of 22 interns I need to block.. Ugh. -Rich From MailScanner at ecs.soton.ac.uk Sun Jun 1 15:01:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 1 15:01:26 2008 Subject: Blacklist all + allow some? In-Reply-To: References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com> <48407440.2030009@evi-inc.com> <4840BA85.2000208@wesmo.com> <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com> Message-ID: <4842ABA5.4060904@ecs.soton.ac.uk> Rich West wrote: > > Glenn Steen wrote: >> I suppose you're asking what >> syntax you need use for a ruleset "blacklisting" everything, and then >> whitelisting some mails passing through MailScanner... In which case >> you can do this with a normal ruleset ... The syntax is described in >> numerous places (the EXAMPLES file in the rules subdirectory, the >> wiki, the book...) ... So all you really need do is decide on what >> setting (in MailScanner.conf) you should apply the ruleset, since this >> will >> a) decide what the rightmost value should be (it need make sense to >> the setting applied to), and >> b) affect what will actually happen. >> >> I'd think the "Is Definitely Spam"/"Is Definitely Not Spam" and >> perhaps "Definite Spam Is Highscoring" settings could be used for >> this, along with a "store" only "High Scoring Spam Actions" setting, >> or similar ... (or perhaps use a SA "rule" to tag the messages and >> selectively act on them with the new SA-rules actions... Seems a bit >> backward, but might be more manageable for you). >> >> Note that for this to really work on a "per intern basis", you need >> split your incoming mails into one/recipient, else MailScanner will >> just use the rules applicable for the first recipient. >> >> Links that apply to all this: >> http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Spam >> >> http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Not%20Spam >> >> http://www.mailscanner.info/MailScanner.conf.index.html#Definite%20Spam%20Is%20High%20Scoring >> >> http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions >> >> http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:split_mails_per_recipient >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient >> >> (watch out for line wrapping in the above:-) >> >> HtH >> Cheers >> > > Ahh.. thanks. For what it is worth, I did check out a few of those > (some within the wiki lead to blank pages, and others are examples > that didn't really cover what I was looking for). I really thought > that there might have been some special syntax I was missing for the > per-user blacklist rule where you'd have one master blacklist rule for > that user which says "block everything" and the whitelist rules > allowing email from certain individuals (whitelists win). > > Thankfully, I already split the emails to one per recipient. > > Perhaps you are right.. an "Is Definitely Spam" ruleset might do the > trick. With entries like "To: user@mydomain.com yes"... > Hrmm.. I will have to test that. > > Of course, after the first request at work to block inbound to a > single user, I now have a list of 22 interns I need to block.. Ugh. If you don't want to mix this in with your anti-spam settings, you could use "Reject Messsage" setting, which has its own report file attached to it, which would make the rejection message easier for the senders to understand, than getting complete silence from your anti-spam settings. Here's the docs on it from MailScanner.conf: # You may not want to receive mail from certain addresses and/or to certain # addresses. If so, you can do this with your email transport (sendmail, # Postfix, etc) but that will just send a one-line message which is not # helpful to the user sending the message. # If this is set to yes, then the message set by the "Rejection Report" # will be sent instead, and the incoming message will be deleted. # If you want to store a copy of the original incoming message then use the # "Archive Mail" setting to archive a copy of it. # The purpose of this option is to set it to be a ruleset, so that you # can reject messages from a few offending addresses where you need to send # a polite reply instead of just a brief 1-line rejection message. Reject Message = no Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at gmnet.net Sun Jun 1 17:08:41 2008 From: lists at gmnet.net (Rick Bragg) Date: Sun Jun 1 17:09:29 2008 Subject: Spam getting through... Message-ID: <1212336521.15192.7.camel@thor> Hi, I'm basically a newbe with just a few small domains. I set up Mailscanner with sendmail/ spamassassin/ clamAV and it seems great except tons of spam are getting through. They are mostly all marked as {Spam?} and are all delivered. Here is in my MailScanner.conf file Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL Spam Domain List = SORBS-BADCONF SORBS-NOMAIL Do these look OK? How can I test these out? Any advice to a newbe as to what I should do? Thanks Rick -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From lists at openenterprise.ca Sun Jun 1 18:12:34 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Sun Jun 1 18:12:46 2008 Subject: Whitelists Dont Appear to be Working Message-ID: <4842D882.1010504@openenterprise.ca> I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with my whitelists? I seem to recall trying to address this some months back and I beleive someone mentioned that my whitelists added in the mailwatch interface (Lists), should not have the "@" symbol so I went through and removed them all one at a time and so now they look like the examples below. Is this correct? Is there something else I might be doing wrong? ifossf.org default srs.perfora.net default sungardhe.com default Sample header This one just came through as spam in spite of the from addreses (ifossf.org and srs.perfora.net) being in the whitelist? Received: from serendipity.mountainhosting.ca (serendipity.mountainhosting.ca [66.249.13.171]) by gateway.johnnystork.ca (8.13.8/8.13.8) with ESMTP id m4VBvrCP003047 for ; Sat, 31 May 2008 04:57:53 -0700 Received: from [127.0.0.1] (helo=mout.perfora.net) by serendipity.mountainhosting.ca with esmtp (Exim 4.68) (envelope-from ) id 1K2Pia-0001vb-45 for stork@openenterprise.ca; Sat, 31 May 2008 04:57:53 -0700 Received: from mout.perfora.net ([74.208.4.194] helo=mout.perfora.net) by ASSP.nospam; 31 May 2008 04:57:51 -0700 Received: from [192.168.1.2] (ool-44c09678.dyn.optonline.net [68.192.150.120]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0MKpCa-1K2PiM2XbS-0004bz; Sat, 31 May 2008 07:57:46 -0400 Message-ID: <48413D31.2040406@ifossf.org> Date: Sat, 31 May 2008 07:57:37 -0400 From: Jenny Huang User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: neil.mcevoy@neilmcevoy.name CC: Tom Nolle Private , Yvette Dubel , Johnny Stork Subject: Re: iFOSSF opportunities and strategy References: <20080530140434.6fd4bf80a5d1be9fa935425f97c05397.6fda1310c4.wbe@email.secureserver.net> In-Reply-To: <20080530140434.6fd4bf80a5d1be9fa935425f97c05397.6fda1310c4.wbe@email.secureserver.net> Content-Type: multipart/mixed; boundary="------------080200010605030109040204" X-Provags-ID: V01U2FsdGVkX18Wr3qsaKkWNC1/FXTVy0jtDrZT689qr0cSOzG YnEPsQerAdaVUm2vRNqf6eB7p5J2TEDtsux/SsOzFgaVwyjFYe WTyy6HFyrS23o1fjfOmdoxjuA2GYnVfX/hOYHM6n74= X-Assp-Delay: not delayed (noprocessing); 31 May 2008 04:57:51 -0700 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - serendipity.mountainhosting.ca X-AntiAbuse: Original Domain - openenterprise.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - srs.perfora.net X-Source: X-Source-Args: X-Source-Dir: cached not score=17.007 7 required autolearn=spam -7.29 AWL From: address is in the auto white-list 15.00 BAYES_99 Bayesian spam probability is 99 to 100% 7.16 CRM114_CHECK 0.00 HTML_MESSAGE HTML included in message 1.46 MIME_HTML_ONLY Message only has text/html MIME parts 0.69 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) 0.00 WHOIS_NETSOLPR URL registered as a NetSol Private Registration From kc5goi at gmail.com Mon Jun 2 18:20:53 2008 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Sun Jun 1 18:21:18 2008 Subject: Spam getting through... In-Reply-To: <1212336521.15192.7.camel@thor> References: <1212336521.15192.7.camel@thor> Message-ID: <48442BF5.7040502@kc5goi.net> Rick Bragg wrote: > Hi, > > I'm basically a newbe with just a few small domains. I set up > Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > except tons of spam are getting through. They are mostly all marked as > {Spam?} and are all delivered. > > Here is in my MailScanner.conf file > > Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL > DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > > Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > > > Do these look OK? How can I test these out? Any advice to a newbe as to > what I should do? > > Thanks > Rick > > > Rick, I do not have the parameter name off the top of my head but look for Spam delivery. It is in the same general area as your AV. You can set it to delete, deliver, quarantine. Guy From hvdkooij at vanderkooij.org Sun Jun 1 19:02:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 1 19:02:24 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842D882.1010504@openenterprise.ca> References: <4842D882.1010504@openenterprise.ca> Message-ID: <4842E427.4030904@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnny Stork wrote: | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with | my whitelists? I seem to recall trying to address this some months back | and I beleive someone mentioned that my whitelists added in the | mailwatch interface (Lists), should not have the "@" symbol so I went | through and removed them all one at a time and so now they look like the | examples below. Is this correct? Is there something else I might be | doing wrong? | | ifossf.org default | srs.perfora.net default | sungardhe.com default This does not look like the samples I have seen untill now. Where is the first column in your rules file? Most rules look like: # This next line gives an example of how you might enable this option for # a frequent customer of yours. #From: yourcustomer.com yes # Under no circumstances should this be changed to "yes". FromOrTo: default no Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 TBBZ6f/N4eH9yHcfjZ7dbEs= =+6iz -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Jun 1 19:08:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 1 19:08:18 2008 Subject: Spam getting through... In-Reply-To: <1212336521.15192.7.camel@thor> References: <1212336521.15192.7.camel@thor> Message-ID: <4842E588.1000908@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Bragg wrote: | Hi, | | I'm basically a newbe with just a few small domains. I set up | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great | except tons of spam are getting through. They are mostly all marked as | {Spam?} and are all delivered. | | Here is in my MailScanner.conf file | | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL | | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL | | | Do these look OK? How can I test these out? Any advice to a newbe as to | what I should do? Read the book. First off I think you are using way too many lists here. It will cost you performance and speed of processing. How are your messages classified? What scores do they get in general from SpamAssassin? Did you tune your bayesian database? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIQuWHBvzDRVjxmYERAnP4AJ9FxOjUA8/0BzWdz9VfpN2D2+2LowCfRR2t syowFDMgXIu4Lf2/dBYcaGs= =HoOL -----END PGP SIGNATURE----- From lists at gmnet.net Sun Jun 1 20:01:06 2008 From: lists at gmnet.net (Rick Bragg) Date: Sun Jun 1 20:01:45 2008 Subject: Spam getting through... In-Reply-To: <4842E588.1000908@vanderkooij.org> References: <1212336521.15192.7.camel@thor> <4842E588.1000908@vanderkooij.org> Message-ID: <1212346866.15192.11.camel@thor> On Sun, 2008-06-01 at 20:08 +0200, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rick Bragg wrote: > | Hi, > | > | I'm basically a newbe with just a few small domains. I set up > | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > | except tons of spam are getting through. They are mostly all marked as > | {Spam?} and are all delivered. > | > | Here is in my MailScanner.conf file > | > | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL > | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > | > | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > | > | > | Do these look OK? How can I test these out? Any advice to a newbe as to > | what I should do? > > Read the book. > > First off I think you are using way too many lists here. It will cost > you performance and speed of processing. > > How are your messages classified? What scores do they get in general > from SpamAssassin? Did you tune your bayesian database? > > Hugo. > Thanks Hugo, I am new to this and would like to get a grasp on managing all these components. How should I go about choosing which "Spam List" and "Spam Domain List" services to use? Also, I'm not familiar with how to tune bayesian. Thanks Rick -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From gerard at seibercom.net Sun Jun 1 20:18:31 2008 From: gerard at seibercom.net (Gerard) Date: Sun Jun 1 20:19:14 2008 Subject: Spam getting through... In-Reply-To: <4842E588.1000908@vanderkooij.org> References: <1212336521.15192.7.camel@thor> <4842E588.1000908@vanderkooij.org> Message-ID: <20080601151831.6059b56c@scorpio> On Sun, 01 Jun 2008 20:08:08 +0200 Hugo van der Kooij wrote: > Rick Bragg wrote: > | Hi, > | > | I'm basically a newbe with just a few small domains. I set up > | Mailscanner with sendmail/ spamassassin/ clamAV and it seems great > | except tons of spam are getting through. They are mostly all > marked as | {Spam?} and are all delivered. > | > | Here is in my MailScanner.conf file > | > | Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP > | SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL > CBL | DSBL spamhaus.org spamhaus-XBL spamhaus-PBL NJABL > | > | Spam Domain List = SORBS-BADCONF SORBS-NOMAIL > | > | > | Do these look OK? How can I test these out? Any advice to a newbe > as to | what I should do? [snip] "dnsbl.sorbs.net" contains all of the SORBS lists with the exception of: "spam.dnsbl.sorbs.net" You might want to check: http://www.au.sorbs.net/using.shtml for further information. Personally, I prefer "zen.spamhaus.org". It contains all of the usual spamhaus lists. Further info available at: http://www.spamhaus.org/zen/index.lasso I might add that I am employing 'spamhaus' with Postfix. Once you accept the mail, you can no longer legitimately reject it. Of course you can delete it; however, I have never seen the logic in accepting to delete. Then again, that is just my 2?. -- Gerard gerard@seibercom.net During the voyage of life, remember to keep an eye out for a fair wind; batten down during a storm; hail all passing ships; and fly your colors proudly. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080601/4426aed5/signature.bin From lists at openenterprise.ca Mon Jun 2 15:12:06 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Jun 2 15:12:18 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842E427.4030904@vanderkooij.org> References: <4842D882.1010504@openenterprise.ca> <4842E427.4030904@vanderkooij.org> Message-ID: <4843FFB6.1060207@openenterprise.ca> This is how they are listed in the Mailwatch interface? Are the whitlelist entries in a file? I assumed they were in the db somewhere since I add/manage them from mailwatch? Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Johnny Stork wrote: > | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with > | my whitelists? I seem to recall trying to address this some months back > | and I beleive someone mentioned that my whitelists added in the > | mailwatch interface (Lists), should not have the "@" symbol so I went > | through and removed them all one at a time and so now they look like > the > | examples below. Is this correct? Is there something else I might be > | doing wrong? > | > | ifossf.org default > | srs.perfora.net default > | sungardhe.com default > > This does not look like the samples I have seen untill now. Where is the > first column in your rules file? > > Most rules look like: > > # This next line gives an example of how you might enable this option for > # a frequent customer of yours. > #From: yourcustomer.com yes > > # Under no circumstances should this be changed to "yes". > FromOrTo: default no > > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 > TBBZ6f/N4eH9yHcfjZ7dbEs= > =+6iz > -----END PGP SIGNATURE----- From lists at openenterprise.ca Mon Jun 2 15:16:36 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Jun 2 15:16:46 2008 Subject: Whitelists Dont Appear to be Working In-Reply-To: <4842E427.4030904@vanderkooij.org> References: <4842D882.1010504@openenterprise.ca> <4842E427.4030904@vanderkooij.org> Message-ID: <484400C4.9000101@openenterprise.ca> Also my "Is Definitely Not Spam" does not point to a file, but the db Is Definitely Not Spam = &SQLWhitelist Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Johnny Stork wrote: > | I am running MS 4.69.8 on Centos 5x. I seem to be having trouble with > | my whitelists? I seem to recall trying to address this some months back > | and I beleive someone mentioned that my whitelists added in the > | mailwatch interface (Lists), should not have the "@" symbol so I went > | through and removed them all one at a time and so now they look like > the > | examples below. Is this correct? Is there something else I might be > | doing wrong? > | > | ifossf.org default > | srs.perfora.net default > | sungardhe.com default > > This does not look like the samples I have seen untill now. Where is the > first column in your rules file? > > Most rules look like: > > # This next line gives an example of how you might enable this option for > # a frequent customer of yours. > #From: yourcustomer.com yes > > # Under no circumstances should this be changed to "yes". > FromOrTo: default no > > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIQuQmBvzDRVjxmYERAioIAJ4/cjYms+67c14F7SWq9NzXBAjqDQCfZKD8 > TBBZ6f/N4eH9yHcfjZ7dbEs= > =+6iz > -----END PGP SIGNATURE----- From doepain at gmail.com Mon Jun 2 20:56:38 2008 From: doepain at gmail.com (Rd03) Date: Mon Jun 2 20:56:48 2008 Subject: Newbie mail scanner user needs some insight in where to locate missing attachment. Message-ID: I have inherited a mail scanner server running on BSD. I am not to familiar with this application and its inner workings. We recently received a message (first week of May), and it had a MS Word attachment that was stripped, and quarantined. I was asked today to locate the file, and copy out of the quarantine folder and deliver it to the intended recipient. I did a "find" for the file and a "grep" neither returned any results. I would like to read the log files associated with this application in hopes to determine what happened to the attachment. Could you please guide me in the location of either where the log files for the application would be (not in /var/log), or a configuration file that may indicate where the logs directory/files are kept. I am guessing there aren't any logs being generated for this application. thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/b05d1530/attachment.html From Alan.Charlton at caseware.com Mon Jun 2 21:21:47 2008 From: Alan.Charlton at caseware.com (Alan Charlton) Date: Mon Jun 2 21:22:13 2008 Subject: Variables that can be used in inline.warning.txt and .html reports In-Reply-To: <200805201101.m4KB0OIx016556@safir.blacknight.ie> References: <200805201101.m4KB0OIx016556@safir.blacknight.ie> Message-ID: <5864E8A48D189F4999A1D1BAE37305168290E7@queen.caseware.cwi.local> > ------------------------------ > > Message: 20 > Date: Mon, 19 May 2008 21:24:53 -0400 > From: "Alan Charlton" > Subject: Variables that can be used in inline.warning.txt and .html > reports > To: > Message-ID: > <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local> > Content-Type: text/plain; charset="us-ascii" > > We've been trying to use some variables in the inline.warning.txt/html > files that don't seem to work. Specifically $datenumber and $to. > > We'd like to be able to provide our users with a link to release 'bad > content' or even 'virus' messages that they know are legitimate, similar > to what's in the recipient.spam.report.txt: > > http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t > o=$to > > I know it's a little risky, but we're a software development company and > we often get attachments that get caught, and our users tend to be > reasonably intelligent and cautious... and too impatient to submit a > ticket to IT every time a file is caught. > > Also for proper backup and archiving we'd like all legitimate emails to > reach the end users' mailboxes... > > For more details on what we're trying to do check out: > http://www.global-domination.org/forum/viewtopic.php?t=968 > > My searches for a solution turned up the following thread: > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803 > 0.html > > ...Which seems to imply that these variables need to be specifically > added to work in a given report. > > Is there any way we can add the variables ourselves? Or do we need to > request that they be added in a new release? > > Thanks, > Alan > > > ------------------------------ Bumping this up for another try... Does anyone know how to get $datenumber and $to to work in the inline.warning.txt and .html reports? Any help would be appreciated. Thanks, Alan From theodrake at comcast.net Mon Jun 2 22:04:02 2008 From: theodrake at comcast.net (Ed) Date: Mon Jun 2 22:04:26 2008 Subject: Error in maillog "saactions" Message-ID: <48446042.5020804@comcast.net> Since last Friday I've started getting this notification with every connection: Jun 2 16:57:47 mail5 MailScanner[7787]: Cannot match against destination IP address when resolving configuration option "saactions" MS appears to be working. The only thing I did was upgrade my kernel to: 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 GNU/Linux This is on a Redhat ES 4 server. Any ideas would be appreciated. later, Ed From vernon at comp-wiz.com Mon Jun 2 22:04:43 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon Jun 2 22:05:11 2008 Subject: Windows Exchange Server Message-ID: <0b5101c8c4f4$47fd3520$d7f79f60$@com> I have been using Linux Sendmail as me email MTA forever, but now have a need to use Windows Exchange server and am wondering what people are using as their Spam and virus protection (hopefully an inexpensive solution). I was hoping I could use MailScanner but don't see a Windows version. Any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/da90fcc8/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:04:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:05:17 2008 Subject: Newbie mail scanner user needs some insight in where to locate missing attachment. In-Reply-To: References: Message-ID: <48446074.1000409@ecs.soton.ac.uk> Rd03 wrote: > I have inherited a mail scanner server running on BSD. I am not to > familiar with this application and its inner workings. We recently > received a message (first week of May), and it had a MS Word > attachment that was stripped, and quarantined. I was asked today to > locate the file, and copy out of the quarantine folder and deliver it > to the intended recipient. > > I did a "find" for the file and a "grep" neither returned any results. > > I would like to read the log files associated with this application in > hopes to determine what happened to the attachment. Logging is done via the standard syslog mechanism. Consult your /etc/syslog.conf to see where mail logs are going, they should be in there. If there are any entries for the local* categories in syslog.conf, it's possible they are being logged to there. The main directory to find on your BSD box will be called "MailScanner" and it contains, among other things, the master config file "MailScanner.conf". That's the chief file you are looking for. That's where you will find everything defined such as the location of the Quarantine and so on. Once you have found MailScanner.conf, things should become a lot clearer. > > Could you please guide me in the location of either where the log > files for the application would be (not in /var/log), or a > configuration file that may indicate where the logs directory/files > are kept. > > I am guessing there aren't any logs being generated for this application. There are logs, they are usually sent to the same location as the mail logs. I hope that's enough to get you started. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:13:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:13:34 2008 Subject: Variables that can be used in inline.warning.txt and .html reports In-Reply-To: References: <200805201101.m4KB0OIx016556@safir.blacknight.ie> Message-ID: <4844626A.5030109@ecs.soton.ac.uk> Alan Charlton wrote: >> ------------------------------ >> >> Message: 20 >> Date: Mon, 19 May 2008 21:24:53 -0400 >> From: "Alan Charlton" >> Subject: Variables that can be used in inline.warning.txt and .html >> reports >> To: >> Message-ID: >> >> > <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local> > >> Content-Type: text/plain; charset="us-ascii" >> >> We've been trying to use some variables in the inline.warning.txt/html >> files that don't seem to work. Specifically $datenumber and $to. >> >> We'd like to be able to provide our users with a link to release 'bad >> content' or even 'virus' messages that they know are legitimate, >> > similar > >> to what's in the recipient.spam.report.txt: >> >> >> > http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t > >> o=$to >> >> I know it's a little risky, but we're a software development company >> > and > >> we often get attachments that get caught, and our users tend to be >> reasonably intelligent and cautious... and too impatient to submit a >> ticket to IT every time a file is caught. >> >> Also for proper backup and archiving we'd like all legitimate emails >> > to > >> reach the end users' mailboxes... >> >> For more details on what we're trying to do check out: >> http://www.global-domination.org/forum/viewtopic.php?t=968 >> >> My searches for a solution turned up the following thread: >> >> > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803 > >> 0.html >> >> ...Which seems to imply that these variables need to be specifically >> added to work in a given report. >> >> Is there any way we can add the variables ourselves? Or do we need to >> request that they be added in a new release? >> >> Thanks, >> Alan >> >> >> ------------------------------ >> > > Bumping this up for another try... Does anyone know how to get > $datenumber and $to to work in the inline.warning.txt and .html reports? > > Any help would be appreciated. > > Thanks, > Alan > At the moment, the only variables it appears you can use are these: $filename = join(', ', keys %infected); $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; I can add more if several people need them. If your Perl is up to it, you want to add code to sub ReadVirusWarning in Message.pm. Otherwise you'll have to bribe me to add them for you :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 2 22:15:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 2 22:16:11 2008 Subject: Error in maillog "saactions" In-Reply-To: References: Message-ID: <48446305.4030600@ecs.soton.ac.uk> You must have set something to do with "SpamAssassin Rule Actions". I strongly suspect you have a ruleset attached to that setting, with a "To:" line that refers to an IP address, or possible a domain name involving only the characters 0-9 and a-f. Please show us the ruleset you have attached to "SpamAssassin Rule Actions". Ed wrote: > Since last Friday I've started getting this notification with every > connection: > > Jun 2 16:57:47 mail5 MailScanner[7787]: Cannot match against > destination IP address when resolving configuration option "saactions" > > > MS appears to be working. The only thing I did was upgrade my kernel to: > > 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 > GNU/Linux > > This is on a Redhat ES 4 server. > > Any ideas would be appreciated. > > later, > Ed Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at vrt.dk Mon Jun 2 22:29:15 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Jun 2 22:29:30 2008 Subject: Windows Exchange Server In-Reply-To: <0b5101c8c4f4$47fd3520$d7f79f60$@com> References: <0b5101c8c4f4$47fd3520$d7f79f60$@com> Message-ID: <006f01c8c4f7$b60ed250$222c76f0$@dk> We use MailSCanner infront of all our exchange servers, it's the cheapest and best antispam protection for exchange, it does require a linux server though. Best regards Jonas A. Larsen From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon Webb Sent: 2. juni 2008 23:05 To: mailscanner@lists.mailscanner.info Subject: Windows Exchange Server I have been using Linux Sendmail as me email MTA forever, but now have a need to use Windows Exchange server and am wondering what people are using as their Spam and virus protection (hopefully an inexpensive solution). I was hoping I could use MailScanner but don't see a Windows version. Any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at www.comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080602/71104a79/attachment.html From kgoods at cropusainsurance.com Mon Jun 2 22:26:19 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Mon Jun 2 22:32:23 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Vernon Webb wrote: > I have been using Linux Sendmail as me email MTA forever, but now > have a need to use Windows Exchange server and am wondering what > people are using as their Spam and virus protection (hopefully an > inexpensive solution). I was hoping I could use MailScanner but don't > see a Windows version. Any ideas? > > Vernon Webb > (201) 703-1232 > web designs & web hosting by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. Put a MailScanner box in front of your Exchange server and pass everything through. Been running like that for 3 years and haven't looked back. You won't be sorry. Many people here run that way so you'll get plenty of friendly help. HTH Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From dward at nccumc.org Mon Jun 2 23:42:47 2008 From: dward at nccumc.org (Douglas Ward) Date: Mon Jun 2 23:42:59 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: What about inter-Exchange traffic? Exchange delivers locally when both sender and recipient are on the same server. On 6/2/08, Ken Goods wrote: > Vernon Webb wrote: >> I have been using Linux Sendmail as me email MTA forever, but now >> have a need to use Windows Exchange server and am wondering what >> people are using as their Spam and virus protection (hopefully an >> inexpensive solution). I was hoping I could use MailScanner but don't >> see a Windows version. Any ideas? >> >> Vernon Webb >> (201) 703-1232 >> web designs & web hosting by comp-wiz.com, inc. >> Information in this transmission is privileged & confidential. It is >> intended for the use of the individual or entity named above. Any >> review, dissemination, disclosure, alteration, printing, circulation >> or transmission of this email or it's attachments is prohibited and >> unlawful. > > Put a MailScanner box in front of your Exchange server and pass everything > through. Been running like that for 3 years and haven't looked back. You > won't be sorry. Many people here run that way so you'll get plenty of > friendly help. > > HTH > Kind regards, > Ken > > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Sent from Gmail for mobile | mobile.google.com My PGP key: http://www.douglasward.net/pubkey.asc From vernon at comp-wiz.com Mon Jun 2 23:50:36 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon Jun 2 23:51:03 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: <000c01c8c503$12517080$36f45180$@com> So you relay all the email through the Linux server to the Exchange server? How do you get around having people send email directly to the Exchange server box? Just block all email to port 25 except from the Linux server? Vernon Webb 201.703.1232 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken Goods Sent: Monday, June 02, 2008 5:26 PM To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Vernon Webb wrote: > I have been using Linux Sendmail as me email MTA forever, but now > have a need to use Windows Exchange server and am wondering what > people are using as their Spam and virus protection (hopefully an > inexpensive solution). I was hoping I could use MailScanner but don't > see a Windows version. Any ideas? > > Vernon Webb > (201) 703-1232 > web designs & web hosting by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. Put a MailScanner box in front of your Exchange server and pass everything through. Been running like that for 3 years and haven't looked back. You won't be sorry. Many people here run that way so you'll get plenty of friendly help. HTH Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From kgoods at cropusainsurance.com Mon Jun 2 23:45:36 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Mon Jun 2 23:51:39 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346852@aiainsurance.com> Douglas Ward wrote: > What about inter-Exchange traffic? Exchange delivers locally when > both sender and recipient are on the same server. > > > You're exactly correct. I guess it depends on your network. We don't have anyone spamming internally, we burned them all at the stake a while back. ;) Email anti-virus is handled internally with workstation AV products. Security in depth and all that rot... :) Ken Goods Network Administrator CropUSA Insurance, Inc. From kgoods at cropusainsurance.com Tue Jun 3 00:00:41 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Tue Jun 3 00:06:47 2008 Subject: Windows Exchange Server Message-ID: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Vernon Webb wrote: > So you relay all the email through the Linux server to the Exchange > server? How do you get around having people send email directly to > the Exchange server box? Just block all email to port 25 except from > the Linux server? > > Vernon Webb > 201.703.1232 > There are several ways, I use sendmail's relay-table, virtusertable, and mailertable. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sen dmail:how_to:setup_a_gateway And you're spot-on with blocking direct contact to the exchange server. Although it really isn't as much of a problem as you may think. Just remove the DNS entry for it and you can still let users POP off and SMTP (with authentication) outgoing. I do get maybe 10-20 direct hits a day because it was public at one time. Of course this does leave you with one point of failure, but that's all we had prior to installing the MailScanner box so it was a wash. The MailScanner box is rock solid so it isn't an issue for us. YMMV I used a guide on the MailScanner site for the initial setup. Take a look around there and see what you come up with. If you need more help or have other questions don't hesitate to ask. Ken Goods Network Administrator CropUSA Insurance, Inc. From vernon at comp-wiz.com Tue Jun 3 01:37:50 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Tue Jun 3 01:38:24 2008 Subject: Windows Exchange Server In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: <00c501c8c512$0fa58c90$2ef0a5b0$@com> Thanks for the info. Works great. Vernon Webb 201.703.1232 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken Goods Sent: Monday, June 02, 2008 7:01 PM To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Vernon Webb wrote: > So you relay all the email through the Linux server to the Exchange > server? How do you get around having people send email directly to > the Exchange server box? Just block all email to port 25 except from > the Linux server? > > Vernon Webb > 201.703.1232 > There are several ways, I use sendmail's relay-table, virtusertable, and mailertable. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sen dmail:how_to:setup_a_gateway And you're spot-on with blocking direct contact to the exchange server. Although it really isn't as much of a problem as you may think. Just remove the DNS entry for it and you can still let users POP off and SMTP (with authentication) outgoing. I do get maybe 10-20 direct hits a day because it was public at one time. Of course this does leave you with one point of failure, but that's all we had prior to installing the MailScanner box so it was a wash. The MailScanner box is rock solid so it isn't an issue for us. YMMV I used a guide on the MailScanner site for the initial setup. Take a look around there and see what you come up with. If you need more help or have other questions don't hesitate to ask. Ken Goods Network Administrator CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From markee at bandwidthco.com Tue Jun 3 02:45:02 2008 From: markee at bandwidthco.com (markee) Date: Tue Jun 3 02:45:16 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> Message-ID: <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> For inter-exchange traffic, use Exchange IMF (intelligne Message Filter) It's a plugin that is very easy to use and setup. This should get you started: http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-f ilter.html http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF -v2.html Otherwise - do as everyone else has suggested. Put MailScanner on a box before exchange and let it (and the MTA) do all the work. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Douglas Ward Sent: Monday, June 02, 2008 3:43 PM To: MailScanner discussion Subject: Re: Windows Exchange Server What about inter-Exchange traffic? Exchange delivers locally when both sender and recipient are on the same server. On 6/2/08, Ken Goods wrote: > Vernon Webb wrote: >> I have been using Linux Sendmail as me email MTA forever, but now >> have a need to use Windows Exchange server and am wondering what >> people are using as their Spam and virus protection (hopefully an >> inexpensive solution). I was hoping I could use MailScanner but don't >> see a Windows version. Any ideas? >> >> Vernon Webb >> (201) 703-1232 >> web designs & web hosting by comp-wiz.com, inc. >> Information in this transmission is privileged & confidential. It is >> intended for the use of the individual or entity named above. Any >> review, dissemination, disclosure, alteration, printing, circulation >> or transmission of this email or it's attachments is prohibited and >> unlawful. > > Put a MailScanner box in front of your Exchange server and pass everything > through. Been running like that for 3 years and haven't looked back. You > won't be sorry. Many people here run that way so you'll get plenty of > friendly help. > > HTH > Kind regards, > Ken > > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Sent from Gmail for mobile | mobile.google.com My PGP key: http://www.douglasward.net/pubkey.asc -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From peter at farrows.org Tue Jun 3 09:19:32 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jun 3 09:19:53 2008 Subject: Windows Exchange Server In-Reply-To: <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> Message-ID: <4844FE94.4010905@farrows.org> markee wrote: > For inter-exchange traffic, use Exchange IMF (intelligne Message Filter) > It's a plugin that is very easy to use and setup. This should get you > started: > http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-f > ilter.html > > http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF > -v2.html > > Otherwise - do as everyone else has suggested. Put MailScanner on a box > before exchange and let it (and the MTA) do all the work. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Douglas > Ward > Sent: Monday, June 02, 2008 3:43 PM > To: MailScanner discussion > Subject: Re: Windows Exchange Server > > What about inter-Exchange traffic? Exchange delivers locally when > both sender and recipient are on the same server. > > > > On 6/2/08, Ken Goods wrote: > >> Vernon Webb wrote: >> >>> I have been using Linux Sendmail as me email MTA forever, but now >>> have a need to use Windows Exchange server and am wondering what >>> people are using as their Spam and virus protection (hopefully an >>> inexpensive solution). I was hoping I could use MailScanner but don't >>> see a Windows version. Any ideas? >>> >>> Vernon Webb >>> (201) 703-1232 >>> web designs & web hosting by comp-wiz.com, inc. >>> Information in this transmission is privileged & confidential. It is >>> intended for the use of the individual or entity named above. Any >>> review, dissemination, disclosure, alteration, printing, circulation >>> or transmission of this email or it's attachments is prohibited and >>> unlawful. >>> >> Put a MailScanner box in front of your Exchange server and pass everything >> through. Been running like that for 3 years and haven't looked back. You >> won't be sorry. Many people here run that way so you'll get plenty of >> friendly help. >> >> HTH >> Kind regards, >> Ken >> >> >> Ken Goods >> Network Administrator >> CropUSA Insurance, Inc. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > I think that by far the best option is to use your mailscanner machine as a filter prior to going to exchange, you can you is then as a smarthost on the way out as well. This will avoid the very perilous method of having your Windows SMTP MTA facing the internet and is the most robust and effective solution all round. I have numerous clients doing it this way and it just works. If you are using sendmail as your MailScanner MTA I can provide complete help on how to make this work with MailScanner and exchange (all versions). All the Exchange options and Microsoft based solutions tend to be the "inflatable dinghy" approach to filtering whereas MailScanner is the battleship solution, and it costs less. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/3a3e0607/attachment.html From telecaadmin at gmail.com Tue Jun 3 10:17:50 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jun 3 10:19:26 2008 Subject: Windows Exchange Server In-Reply-To: <4844FE94.4010905@farrows.org> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: <48450C3E.2060401@gmail.com> > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny From gary at sgluk.com Tue Jun 3 11:11:57 2008 From: gary at sgluk.com (Gary Pentland) Date: Tue Jun 3 11:12:14 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: I've been doing this for years, it's slightly off topic and there is stuff about this in the MailScanner wiki but as people tend to forget about that:-) I have attached some old perl, based on something I found on the net years ago. It dumps list of Exchange recipients from an AD, use as basis for sendmail virtusers map or valid users map, run every 10 mins or so. Obviously change the passwords, domain controller names and baseDN. Simplest in sendmail is to configure is to define a virtual domain, default recipient is "user does not exist type error", every other recipient becomes user@exchange.domain... Then chuck in a mailertable entry or an MX for exchange.domain pointing at a hub transport (2007) or a front-end (2003) and use a script based on the attached perl to make the virtusers map. Alternatively, if you know you will only ever need to send to Exchange and nowhere else you could use something like the M4 fragment attached. This is old so will probably need some tweaking for your site but it will give you an idea. I'll leave it to Ronny here to help with postfix if you choose that route. Hope that helps, Gary mailscanner-bounces@lists.mailscanner.info wrote: >> I have numerous clients doing it this way and it just works. If you >> are using sendmail as your MailScanner MTA I can provide complete >> help on how to make this work with MailScanner and exchange (all >> versions). > > And I can help with postfix (+ Active Directory / LDAP)! > > > As for the inter-Exchange traffic: this really should be "trusted" > internal traffic, between internal servers, on an strictly internal > network. If it is NOT then it should not be allowed to flow freely > between servers directly. > > In any case you should run a mail scanning virus scanner on > your Exchange servers so internal viruses can not propagate. > > > Cheers, > Ronny -------------- next part -------------- A non-text attachment was scrubbed... Name: ldap_get_recips.pl Type: application/octet-stream Size: 3127 bytes Desc: ldap_get_recips.pl Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/4a6eabce/ldap_get_recips-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: sendmail example.m4 Type: application/octet-stream Size: 1085 bytes Desc: sendmail example.m4 Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080603/4a6eabce/sendmailexample-0001.obj From gary at sgluk.com Tue Jun 3 11:17:45 2008 From: gary at sgluk.com (Gary Pentland) Date: Tue Jun 3 11:17:57 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> Message-ID: Of course, I forgot to mention, there is an even easier way... Just configure Exchange to block/reject invalid recipients (it doesn't in most default setups) set a mailertable entry for it and run milter-ahead. That works as well, use whichever you are most comfortable with. Gary mailscanner-bounces@lists.mailscanner.info wrote: > I've been doing this for years, it's slightly off topic and > there is stuff about this in the MailScanner wiki but as > people tend to forget about that:-) > > I have attached some old perl, based on something I found on > the net years ago. It dumps list of Exchange recipients from > an AD, use as basis for sendmail virtusers map or valid users > map, run every 10 mins or so. Obviously change the > passwords, domain controller names and baseDN. > > Simplest in sendmail is to configure is to define a virtual > domain, default recipient is "user does not exist type > error", every other recipient becomes user@exchange.domain... > Then chuck in a mailertable entry or an MX for > exchange.domain pointing at a hub transport (2007) or a > front-end (2003) and use a script based on the attached perl to make > the virtusers map. > > Alternatively, if you know you will only ever need to send to > Exchange and nowhere else you could use something like the M4 > fragment attached. This is old so will probably need some > tweaking for your site but it will give you an idea. > > I'll leave it to Ronny here to help with postfix if you choose that > route. > > Hope that helps, > > Gary > > mailscanner-bounces@lists.mailscanner.info wrote: >>> I have numerous clients doing it this way and it just works. If you >>> are using sendmail as your MailScanner MTA I can provide complete >>> help on how to make this work with MailScanner and exchange (all >>> versions). >> >> And I can help with postfix (+ Active Directory / LDAP)! >> >> >> As for the inter-Exchange traffic: this really should be "trusted" >> internal traffic, between internal servers, on an strictly internal >> network. If it is NOT then it should not be allowed to flow freely >> between servers directly. >> >> In any case you should run a mail scanning virus scanner on your >> Exchange servers so internal viruses can not propagate. >> >> >> Cheers, >> Ronny From prandal at herefordshire.gov.uk Tue Jun 3 11:28:13 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 3 11:28:31 2008 Subject: ClamAV 0.93 released In-Reply-To: <483897C8.9050304@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <4836D23B.8070109@alexb.ch> <483897C8.9050304@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03DB9775@HC-MBX02.herefordshire.gov.uk> Julian, One buglet... I'd edited MailScanner.conf to read: Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd And upgrade_MailScanner_conf complained Your setting for 'Monitors for ClamAV Updates' is broken. It should look like this (unless your ClamAV is installed somewhere else) Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd As 0.93 no longer uses the .inc subdirectories this is broken. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 24 May 2008 23:34 To: MailScanner discussion Subject: Re: ClamAV 0.93 released I have just published a new beta of MailScanner including support for Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin package. These two should work successfully as a pair, and I would appreciate testers. Thanks! Jules. P.S. It's nice to be out in the big wide world again, I didn't go outside the building for a week, now I just need to get my sleep cycle back to normal. I am too used to sleeping in a hospital bed, and to being awake at 6am (I normally was in the shower by 6:30am in hospital). The latest news seems to be that they may pass my case back to the liver transplant team, and not do a small bowel transplant after all. But possibilities currently include everything up to, and including, replacing my stomach, duodenum, jejunum, ilium (small intestines, all 26 feet of it), liver, pancreas and all the blood vessels that join them all together. So just about anything is possible right now. Within the next month or two, I should hear what (if any) other tests they want to do, but my case will be discussed at a national level and they all have to agree what is best for me to have done. That could possibly take a few months, so I don't expect any quick news. I managed a very nice chat with a guy from their chronic pain team, and he had several new ideas for painkillers that the people in Southampton had never considered, which was very useful. Southampton's attitude seems to be that if a couple of Paracetomol (Tylenol) don't handle it, then they don't really know much about what to do :-) It's not quite as bad as that, but you get my drift :-) The Cambridge team at Addenbrookes actually appreciate the problem of your body becoming used to opiates and that you build up a tolerance to them, and had some ideas for new drugs which I have only rarely been exposed to before, such as Oramorph and Fentanyl. That's about the latest news, I'll keep you posted. Cheers, Jules. P.S. It's my list, and I'll top-post if I want to ;-) Alex Broens wrote: > On 5/23/2008 1:21 PM, David Lee wrote: >> On Mon, 28 Apr 2008, Denis Beauchemin wrote: >> >>> Leonardo Helman a ?crit : >>>> Hi I'm using clamavmodule >>>> >>>> >>>> I've made a patch for the Mail::ClamAV to compile (later I'll send >>>> it to the Mail::ClamAV mantainer) >>>> >>> Hello, >>> >>> Anything new on the official Mail::ClamAV module? I just looked and >>> version 0.21 still supports maxratio which have been removed from >>> Clam 0.93... >>> >>> Since there are known exploits for 0.92 I am beginning to feel the >>> urge to upgrade to 0.93... >> >> Scott Beck has released version 0.22 of Mail::ClamAV in the last few >> days. >> >> Could I suggest that some of us with test facilities and with a >> little technical experience try the various combinations of the older >> and newer versions of ClamAV and Mail::ClamAV and verify which >> combinations work and fail? >> >> 1. Old+old: We know that the combined earlier versions work. >> >> 2. New ClamAV + old Mail::ClamAV: It has been reported that the new >> ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21). Could >> someone provide details of what this breakage is? Is there a quick >> recipe to reproduce the problem that ClamAV 0.93 had introduced? >> >> 3. New + new: Julian's Clam+SA package would ultimately be new+new. >> Can >> we verify that this fixes any previously verified breakage? Also >> that >> it does not seem to introduce any new problems. >> >> 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use >> other sources (not Julian's package). Can we check what happens >> with >> if someone were to upgrade their Mail::ClamAV module but leave the >> main ClamAV software back on 0.92? (Probably not too important, but >> it would be a nice data point to complete the set...) >> >> Given Julian's sadly enforced absence from work, I'm sure he would >> appreciate it if we can do this tabulation for him. > > Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old > versions of MS > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From theodrake at comcast.net Tue Jun 3 13:44:36 2008 From: theodrake at comcast.net (Ed) Date: Tue Jun 3 13:44:59 2008 Subject: Error in maillog "saactions" In-Reply-To: <48446305.4030600@ecs.soton.ac.uk> References: <48446305.4030600@ecs.soton.ac.uk> Message-ID: <48453CB4.2040203@comcast.net> That stimulated what few synapses I have left to fire. I forgot I had made a change to the "SpamAssassin Rule Actions". I couldn't get it to work so I searched the mail list and found out what I was doing wrong by copying someone else's solution which had this line in the rule file: FromOrTo: 127.0.0.1 I've removed that line and I'm no longer seeing that message in the log. later, Julian Field wrote: > You must have set something to do with "SpamAssassin Rule Actions". > I strongly suspect you have a ruleset attached to that setting, with a > "To:" line that refers to an IP address, or possible a domain name > involving only the characters 0-9 and a-f. > > Please show us the ruleset you have attached to "SpamAssassin Rule > Actions". > From J.Ede at birchenallhowden.co.uk Tue Jun 3 14:00:12 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 3 14:03:04 2008 Subject: Windows Exchange Server In-Reply-To: <48450C3E.2060401@gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>,<48450C3E.2060401@gmail.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailadmin at midland-ics.ie Tue Jun 3 15:19:50 2008 From: mailadmin at midland-ics.ie (Mail Admin) Date: Tue Jun 3 15:20:08 2008 Subject: Windows Exchange Server In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> Message-ID: <004801c8c584$e2d03530$a8709f90$@ie> Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From glenn.steen at gmail.com Tue Jun 3 15:31:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 3 15:32:15 2008 Subject: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> 2008/6/3 Mail Admin : > Jason - Is there such a setting or configuration for Sendmail ? > "recipient_address_verification" > > I relay mail for several domains, some of which are Exchange Servers. It > would be good to drop mail at MTA if Exchange Recips not VALID > > Regards > Kevin One need use a milter for Sendmail. smf-sav can be used (although you shouldn't do the _sender_ part, only recipient)... or milter-ahead (which will cost a bit, I think... I'm strictly PF myself:-). Cheers -- Glenn > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 03 June 2008 14:00 > To: MailScanner discussion > Subject: RE: Windows Exchange Server > > Aye, for postfix we use recipient_address_verification so our MailScanner > server never accepts emails that we cannot deliver onto the exchange servers > and requires no extra tweaking on our part... It has massively cut the load > on our MailScanner servers. > > Jason > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert > [telecaadmin@gmail.com] > Sent: 03 June 2008 10:17 > To: MailScanner discussion > Subject: Re: Windows Exchange Server > >> I have numerous clients doing it this way and it just works. If you are >> using sendmail as your MailScanner MTA I can provide complete help on >> how to make this work with MailScanner and exchange (all versions). > > And I can help with postfix (+ Active Directory / LDAP)! > > > As for the inter-Exchange traffic: this really should be "trusted" > internal traffic, between internal servers, on an strictly internal network. > If it is NOT then it should not be allowed to flow freely between > servers directly. > > In any case you should run a mail scanning virus scanner on your > Exchange servers so internal viruses can not propagate. > > > Cheers, > Ronny > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From J.Ede at birchenallhowden.co.uk Tue Jun 3 15:43:45 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 3 15:45:44 2008 Subject: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local>, <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE60@server02.bhl.local> Hi, I don't know about sendmail I'm afraid. The actual postfix param is reject_unverified_recipient (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) although need to be careful only run that on incoming email. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mail Admin [mailadmin@midland-ics.ie] Sent: 03 June 2008 15:19 To: 'MailScanner discussion' Subject: RE: Windows Exchange Server Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Jun 3 16:48:07 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jun 3 16:48:19 2008 Subject: Windows Exchange Server In-Reply-To: <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> <223f97700806030731t6d9901cap37a61eef58260602@mail.gmail.com> Message-ID: <484567B7.1030404@alexb.ch> On 6/3/2008 4:31 PM, Glenn Steen wrote: > One need use a milter for Sendmail. smf-sav can be used (although you > shouldn't do the _sender_ part, only recipient)... or milter-ahead > (which will cost a bit, I think... I'm strictly PF myself:-). as to milter-ahead the latest version uses the Pfix transport file for its DB - it ROCKS! (as well as the sendmail mailertable) Using it on a few high traffic Pfix boxes and its holding up superbly. Worth every buck and more. Alex From telecaadmin at gmail.com Tue Jun 3 16:51:25 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jun 3 16:53:03 2008 Subject: Update wiki RE: postfix quarantine release script Message-ID: <4845687D.5070109@gmail.com> Hi, I'd like to update the wiki about the postfix quarantine release script. For recent postfixes (2.3, 2.4) the script not really is working and also has a subtle bug (chmod +x the queue file BEFORE the copying is bad). How'd I do that? Cheers, Ronny From MailScanner at ecs.soton.ac.uk Tue Jun 3 18:56:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 3 18:56:41 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <48160C77.5070602@USherbrooke.ca> <4836D23B.8070109@alexb.ch> <483897C8.9050304@ecs.soton.ac.uk> Message-ID: <484585BF.8040006@ecs.soton.ac.uk> Fixed for the next release. Thanks for reporting this. Randal, Phil wrote: > Julian, > > One buglet... > > I'd edited MailScanner.conf to read: > > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd > > And upgrade_MailScanner_conf complained > > Your setting for 'Monitors for ClamAV Updates' is broken. > It should look like this (unless your ClamAV is installed > somewhere else) > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd > > > As 0.93 no longer uses the .inc subdirectories this is broken. > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 24 May 2008 23:34 > To: MailScanner discussion > Subject: Re: ClamAV 0.93 released > > I have just published a new beta of MailScanner including support for Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin package. These two should work successfully as a pair, and I would appreciate testers. > > Thanks! > Jules. > > P.S. It's nice to be out in the big wide world again, I didn't go outside the building for a week, now I just need to get my sleep cycle back to normal. I am too used to sleeping in a hospital bed, and to being awake at 6am (I normally was in the shower by 6:30am in hospital). > > The latest news seems to be that they may pass my case back to the liver transplant team, and not do a small bowel transplant after all. But possibilities currently include everything up to, and including, replacing my stomach, duodenum, jejunum, ilium (small intestines, all 26 feet of it), liver, pancreas and all the blood vessels that join them all together. So just about anything is possible right now. Within the next month or two, I should hear what (if any) other tests they want to do, but my case will be discussed at a national level and they all have to agree what is best for me to have done. That could possibly take a few months, so I don't expect any quick news. I managed a very nice chat with a guy from their chronic pain team, and he had several new ideas for painkillers that the people in Southampton had never considered, which was very useful. Southampton's attitude seems to be that if a couple of Paracetomol (Tylenol) don't handle it, then they don't really know much about what to do :-) It's not quite as bad as that, but you get my drift :-) The Cambridge team at Addenbrookes actually appreciate the problem of your body becoming used to opiates and that you build up a tolerance to them, and had some ideas for new drugs which I have only rarely been exposed to before, such as Oramorph and Fentanyl. > > That's about the latest news, I'll keep you posted. > > Cheers, > Jules. > > P.S. It's my list, and I'll top-post if I want to ;-) > > > Alex Broens wrote: > >> On 5/23/2008 1:21 PM, David Lee wrote: >> >>> On Mon, 28 Apr 2008, Denis Beauchemin wrote: >>> >>> >>>> Leonardo Helman a ?crit : >>>> >>>>> Hi I'm using clamavmodule >>>>> >>>>> >>>>> I've made a patch for the Mail::ClamAV to compile (later I'll send >>>>> it to the Mail::ClamAV mantainer) >>>>> >>>>> >>>> Hello, >>>> >>>> Anything new on the official Mail::ClamAV module? I just looked and >>>> version 0.21 still supports maxratio which have been removed from >>>> Clam 0.93... >>>> >>>> Since there are known exploits for 0.92 I am beginning to feel the >>>> urge to upgrade to 0.93... >>>> >>> Scott Beck has released version 0.22 of Mail::ClamAV in the last few >>> days. >>> >>> Could I suggest that some of us with test facilities and with a >>> little technical experience try the various combinations of the older >>> and newer versions of ClamAV and Mail::ClamAV and verify which >>> combinations work and fail? >>> >>> 1. Old+old: We know that the combined earlier versions work. >>> >>> 2. New ClamAV + old Mail::ClamAV: It has been reported that the new >>> ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21). Could >>> someone provide details of what this breakage is? Is there a quick >>> recipe to reproduce the problem that ClamAV 0.93 had introduced? >>> >>> 3. New + new: Julian's Clam+SA package would ultimately be new+new. >>> Can >>> we verify that this fixes any previously verified breakage? Also >>> that >>> it does not seem to introduce any new problems. >>> >>> 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use >>> other sources (not Julian's package). Can we check what happens >>> with >>> if someone were to upgrade their Mail::ClamAV module but leave the >>> main ClamAV software back on 0.92? (Probably not too important, but >>> it would be a nice data point to complete the set...) >>> >>> Given Julian's sadly enforced absence from work, I'm sure he would >>> appreciate it if we can do this tabulation for him. >>> >> Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old >> versions of MS >> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Tue Jun 3 19:11:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 3 19:11:56 2008 Subject: Windows Exchange Server In-Reply-To: <48450C3E.2060401@gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org> <48450C3E.2060401@gmail.com> Message-ID: <48458963.5010905@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronny T. Lampert wrote: |> I have numerous clients doing it this way and it just works. If you |> are using sendmail as your MailScanner MTA I can provide complete help |> on how to make this work with MailScanner and exchange (all versions). | | And I can help with postfix (+ Active Directory / LDAP)! | | | As for the inter-Exchange traffic: this really should be "trusted" | internal traffic, between internal servers, on an strictly internal | network. | If it is NOT then it should not be allowed to flow freely between | servers directly. | | In any case you should run a mail scanning virus scanner on your | Exchange servers so internal viruses can not propagate. Not to mention that your scanner may not detect the specific sample at the time it will pass the perimeter scanner. Last year I spend a day in a AV lab and quite a bit of time with 4 months worth of raw samples. The average figures we came up with was 110 new samples per day of which about 40 were seen almost immediatly. So the majority of samples are analyzed only hours, days or even weeks after they may hit you. At the moment webbased ones seem the ones to change the fastest. But you may still pass malware because your scanner(s) did not detect it. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRYlhBvzDRVjxmYERAi4DAKC4FBj/YBHF1uoBX0gLJeJstIi+ZQCbBLH6 rY4pvDdGR0sberEk+N5vFk8= =1ysb -----END PGP SIGNATURE----- From clacroix at cegep-ste-foy.qc.ca Tue Jun 3 19:49:45 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Tue Jun 3 19:50:08 2008 Subject: About watermarks Message-ID: <48459249.4010304@cegep-ste-foy.qc.ca> Hi, I had this configuration which reduced alot of bounces going into user's mailbox. I was quite happy with this but today some users noticed that gmail's vacation messages were beiing blocked. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-SECRET! Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: I tried a few changes, like setting it to Treat Invalid Watermarks With No Sender as Spam = 5 or Check Watermarks To Skip Spam Checks = no but the vacation messages were still beiing blocked. the only way i got the vacations to come in was with the following configuration: Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = no Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-SECRET! Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: I find this scary to set it to 'no' as from what i understand, it will just disable the watermarks checks # Do you want to check watermarks? # This can also be the filename of a ruleset. Check Watermarks With No Sender = no can anyone help me on this, just to make sure i'm not doing something crazy :) thanks, Charles From lists at tippingmar.com Tue Jun 3 23:12:38 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Jun 3 23:12:53 2008 Subject: About watermarks In-Reply-To: <48459249.4010304@cegep-ste-foy.qc.ca> References: <48459249.4010304@cegep-ste-foy.qc.ca> Message-ID: <4845C1D6.30102@tippingmar.com> Charles Lacroix wrote: > Hi, > > I had this configuration which reduced alot of bounces going into > user's mailbox. > I was quite happy with this but today some users noticed that gmail's > vacation messages > were beiing blocked. > The watermark feature examines all messages that have a null sender. In sendmail logs these are the ones with: "from=<>" If gmail uses that approach to send vacation messages, and does not include the original message in the reply, then it will trigger the bad watermark action. So if you want to be able to receive these and still use the watermark feature, maybe you could just add 2 or 3 points for a bad watermark. Mark From Kevin_Miller at ci.juneau.ak.us Tue Jun 3 23:45:02 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 3 23:45:14 2008 Subject: update_bad_phishing_sites fails via cron Message-ID: If I run it by hand, update_bad_phishing_sites works fine, but the script in /etc/cron.hourly seems to be somewhat confused. The following is sent to root: ========= running hourly cronjob scripts SCRIPT: check_MailScanner, OK. SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 255. SCRIPT: update_virus_scanners, OK. ========= Any clues? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lists at designmedia.com Wed Jun 4 00:00:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 00:00:45 2008 Subject: SPF setting for MailScanner setup. Message-ID: Hi, I'm trying to set a SPF record for our new MainScanner/Exchange setup and wasn't sure what data to include. Currently, the only approved IP is the MainScanner box IP. Of course, since the Exchange box has a local non-routable IP (192.168.1.x), the MainScanner box always returns a SPF FAIL on all emails coming from the Exchange box. So am I suppose to include the non-routable IP in my SPF record? Or what is the normal way to fix this issue? Thanks. From philip at zeiglers.net Wed Jun 4 00:14:53 2008 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Wed Jun 4 00:15:27 2008 Subject: SPF setting for MailScanner setup. In-Reply-To: References: Message-ID: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> I would set up exchange to email out using a smarthost which is the mailscanner box. -----Original Message----- From: Henry Kwan Date: Tue, 3 Jun 2008 23:00:23 To:mailscanner@lists.mailscanner.info Subject: SPF setting for MailScanner setup. Hi, I'm trying to set a SPF record for our new MainScanner/Exchange setup and wasn't sure what data to include. Currently, the only approved IP is the MainScanner box IP. Of course, since the Exchange box has a local non-routable IP (192.168.1.x), the MainScanner box always returns a SPF FAIL on all emails coming from the Exchange box. So am I suppose to include the non-routable IP in my SPF record? Or what is the normal way to fix this issue? Thanks. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at designmedia.com Wed Jun 4 01:50:31 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 01:50:53 2008 Subject: SPF setting for MailScanner setup. References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> Message-ID: Philip Zeigler zeiglers.net> writes: > > I would set up exchange to email out using a smarthost which is the > mailscanner box. > Hi, The Exchange box is already configured to smarthost-relay all outbound messages through the Mailscanner box. The issue is that Mailscanner doesn't recognize the Exchange box as a valid SPF sender. Should I include the Exchange box's non-routable IP in my SPF record or is there another way to resolve this issue? Or does it not even matter since I've whitelisted my Exchange box (via /etc/MailScanner/spam.whitelist.rules)? Thanks. From ms-list at alexb.ch Wed Jun 4 06:12:24 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 06:12:44 2008 Subject: SPF setting for MailScanner setup. In-Reply-To: References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> Message-ID: <48462438.8090606@alexb.ch> On 6/4/2008 2:50 AM, Henry Kwan wrote: > Philip Zeigler zeiglers.net> writes: > >> I would set up exchange to email out using a smarthost which is the >> mailscanner box. >> > > Hi, > > The Exchange box is already configured to smarthost-relay all outbound messages > through the Mailscanner box. The issue is that Mailscanner doesn't recognize > the Exchange box as a valid SPF sender. > > Should I include the Exchange box's non-routable IP in my SPF record or is there > another way to resolve this issue? > > Or does it not even matter since I've whitelisted my Exchange box (via > /etc/MailScanner/spam.whitelist.rules)? what are your settings in: trusted_networks internal_networks for example: trusted_networks 192.168.1.0/24 internal_networks 192.168.1.0/24 h2h Alex From klaus.schuermann at directbox.com Wed Jun 4 07:40:16 2008 From: klaus.schuermann at directbox.com (=?iso-8859-2?Q?Klaus_Sch=FCrmann?=) Date: Wed Jun 4 07:40:25 2008 Subject: AW: Windows Exchange Server In-Reply-To: <004801c8c584$e2d03530$a8709f90$@ie> References: <13C0059880FDD3118DC600508B6D4A6D02346851@aiainsurance.com> <002f01c8c51b$70a2b780$0300a8c0@bandwidthco.com> <4844FE94.4010905@farrows.org>, <48450C3E.2060401@gmail.com> <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE5F@server02.bhl.local> <004801c8c584$e2d03530$a8709f90$@ie> Message-ID: <003e01c8c60d$d953c740$8bfb55c0$@schuermann@directbox.com> You can use the LDAP-routing feature from sendmail to get the used Exchange recipients from Active Directory: The LDAP query you must use instead of the default configuration: (|(proxyAddresses=smtp:%0)(mail=%0)) For that configuration you don't need any databases or scripts. If you make changes on the Active Directory sendmail gets the informations immediatly. Regards Klaus -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Mail Admin Gesendet: Dienstag, 3. Juni 2008 16:20 An: 'MailScanner discussion' Betreff: RE: Windows Exchange Server Jason - Is there such a setting or configuration for Sendmail ? "recipient_address_verification" I relay mail for several domains, some of which are Exchange Servers. It would be good to drop mail at MTA if Exchange Recips not VALID Regards Kevin -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 03 June 2008 14:00 To: MailScanner discussion Subject: RE: Windows Exchange Server Aye, for postfix we use recipient_address_verification so our MailScanner server never accepts emails that we cannot deliver onto the exchange servers and requires no extra tweaking on our part... It has massively cut the load on our MailScanner servers. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert [telecaadmin@gmail.com] Sent: 03 June 2008 10:17 To: MailScanner discussion Subject: Re: Windows Exchange Server > I have numerous clients doing it this way and it just works. If you are > using sendmail as your MailScanner MTA I can provide complete help on > how to make this work with MailScanner and exchange (all versions). And I can help with postfix (+ Active Directory / LDAP)! As for the inter-Exchange traffic: this really should be "trusted" internal traffic, between internal servers, on an strictly internal network. If it is NOT then it should not be allowed to flow freely between servers directly. In any case you should run a mail scanning virus scanner on your Exchange servers so internal viruses can not propagate. Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard at seveninternet.co.uk Wed Jun 4 08:40:00 2008 From: richard at seveninternet.co.uk (Richard Walker - Seven Internet Ltd) Date: Wed Jun 4 08:40:03 2008 Subject: Mailwatch Message-ID: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Hi I would appreciate some help with mailwatch. I have followed the install instructions and that seem to go fine. However when i try to log in to mailwatch i get Authentication Required! Your username and/or password are incorrect. Any help would be great Thanks Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/92acf5bd/attachment.html From telecaadmin at gmail.com Wed Jun 4 09:30:10 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Jun 4 09:31:51 2008 Subject: Update wiki RE: postfix quarantine release script In-Reply-To: <4845687D.5070109@gmail.com> References: <4845687D.5070109@gmail.com> Message-ID: <48465292.8000409@gmail.com> gah, forget it. eventually found the "register" link... From lists at designmedia.com Wed Jun 4 09:40:09 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 09:40:29 2008 Subject: SPF setting for MailScanner setup. References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> Message-ID: Alex Broens alexb.ch> writes: > what are your settings in: > > trusted_networks > internal_networks > > for example: > > trusted_networks 192.168.1.0/24 > internal_networks 192.168.1.0/24 Ah, that was it. I had forgotten to modify those two settings from my old SA config. Once I dropped in the proper IPs, no more SPF FAILs, just ALL_TRUSTED. Thanks for the tip! From hvdkooij at vanderkooij.org Wed Jun 4 09:56:52 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 4 09:57:02 2008 Subject: Mailwatch In-Reply-To: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> References: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Message-ID: <484658D4.8090509@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Walker - Seven Internet Ltd wrote: | I would appreciate some help with mailwatch. I have followed the install | instructions and that seem to go fine. However when i try to log in to | mailwatch i get | | Authentication Required! | | Your username and/or password are incorrect. | | Any help would be great I would suggest you address this by reading the documentation very carefull. Perhaps you missed a step: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation Then if you have taken time to check the logs you may want to address the MialWatch mailinglist. As that would the proper place to ask questions. However it is recommended to show some signs of having done the basic troubleshooting if you post to that or any other mailinglist. Explain what you have done to check and verify things. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRljSBvzDRVjxmYERAp1UAJ4hiEMGgz0oKzkZynGRlIAJnfmh8wCdHUAP Gda048tiDvaecDBRNB1RaQU= =px3N -----END PGP SIGNATURE----- From peter at farrows.org Wed Jun 4 10:21:48 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 4 10:22:10 2008 Subject: Mailwatch In-Reply-To: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> References: <007201c8c616$323196f0$0400a8c0@sevenu6l0qf6zz> Message-ID: <48465EAC.9090900@farrows.org> Richard Walker - Seven Internet Ltd wrote: > Hi > > I would appreciate some help with mailwatch. I have followed the > install instructions and that seem to go fine. However when i try to > log in to mailwatch i get > > > Authentication Required! > > Your username and/or password are incorrect. > > Any help would be great > > > Thanks > > Rich > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Hi Richard, I believe you will have to setup an account for the mailwatch user in the Mysql database, and its this account username and password that you use to access the web interface. At that point , once logged in as user "mailwatch" you should create a top admin account called "admin" as this is a special account name that can then drive the mailwatch whitelist and blacklist configurations. You need to make sure that the mailwatch user has permission to access the mysql database from the correct range of Ips as well otherwise your logon will be denied for that reason as well. If you look at this web page: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install a little way down is says "create the mailwatch web user" its here the username and password are set. If you have any other questions on MailScanner and mailwatch, feel free to ask away here, despite whats been said, no one has the right to tell you where to ask your questions, its still relevant to mailscanner so please don't be put off. Regards Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/eda63998/attachment.html From devonharding at gmail.com Wed Jun 4 12:21:21 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 12:21:29 2008 Subject: Spamassassin rules Message-ID: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> For MailScanner users, which one of the SARE rules (from the link below) are a must have? I have a few spam messages that are still getting through (mainly cause of BAYES_00). http://www.rulesemporium.com/rules.htm -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/bb6aaf64/attachment.html From ms-list at alexb.ch Wed Jun 4 13:01:21 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 13:01:34 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> Message-ID: <48468411.8050704@alexb.ch> On 6/4/2008 1:21 PM, Devon Harding wrote: > For MailScanner users, which one of the SARE rules (from the link below) are > a must have? I have a few spam messages that are still getting through > (mainly cause of BAYES_00). > > http://www.rulesemporium.com/rules.htm Pls consider that these rules aren't being updated and will probably stay as is NOTE: If anyone is using rules_du_jour regularly, you can stop hammering the site as you won't get anything new. There's a couple of SARE Ninjas on this list that would announce any changes. Alex From devonharding at gmail.com Wed Jun 4 13:41:34 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 13:41:45 2008 Subject: Spamassassin rules In-Reply-To: <48468411.8050704@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> Message-ID: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> > > > > NOTE: > If anyone is using rules_du_jour regularly, you can stop hammering the site > as you won't get anything new. > > There's a couple of SARE Ninjas on this list that would announce any > changes. > > Alex > > With that said, whats the best way to combat these URL spam. I'm noticing that everyone that gets through has BAYES_00 tagged which gives it a -2.60. I've already sa-learned these messages with no successes. What next? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/e95ddfb3/attachment.html From donnieq at quindardonet.net Wed Jun 4 13:43:09 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Wed Jun 4 13:42:02 2008 Subject: Watermarks and Reports Message-ID: <48468DDD.9050500@quindardonet.net> Hello, I'm using MailScanner 4.69.9. Currently, I am checking for watermarks in every e-mail. MS is also alerting users if it denies their attachments. The e-mail in which is sent from MS via postfix to the user fails the watermark test, since it is sent with an envelope address of <> and does not have a watermark. Is there a way to fix this rather quickly? Thanks! From a.peacock at chime.ucl.ac.uk Wed Jun 4 13:57:09 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Jun 4 13:57:23 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> Message-ID: <48469125.8020501@chime.ucl.ac.uk> Devon Harding wrote: >> >> >> NOTE: >> If anyone is using rules_du_jour regularly, you can stop hammering the site >> as you won't get anything new. >> >> There's a couple of SARE Ninjas on this list that would announce any >> changes. >> >> Alex >> >> > With that said, whats the best way to combat these URL spam. I'm noticing > that everyone that gets through has BAYES_00 tagged which gives it a -2.60. > I've already sa-learned these messages with no successes. What next? Hi Devon, It depends. The easiest way to get help with false negatives is to make one available to us to look at, with the rules that it does hit. Don't send it to the list, but place the full email (with all headers) on the web somewhere accessible, then people will be more likely to tell you what rules that they use to catch this sort of spam. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From hvdkooij at vanderkooij.org Wed Jun 4 14:15:31 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 4 14:15:40 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> Message-ID: <48469573.7020105@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | | | NOTE: | If anyone is using rules_du_jour regularly, you can stop hammering | the site as you won't get anything new. | | There's a couple of SARE Ninjas on this list that would announce any | changes. | | Alex | | | With that said, whats the best way to combat these URL spam. I'm | noticing that everyone that gets through has BAYES_00 tagged which gives | it a -2.60. I've already sa-learned these messages with no successes. | What next? If you get hit by messages with URL's I suggest you use URIBL. That seems to get most of them. And for those that passed. I suggest you add them to the URIBL by recommending them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRpVxBvzDRVjxmYERAq8rAJ9UnnAsj3aKrgXhRG3GpTaLSAtSzQCgsU2S 61eZX9eQUJGtfXzIiVSZGGU= =6+U0 -----END PGP SIGNATURE----- From clacroix at cegep-ste-foy.qc.ca Wed Jun 4 14:19:34 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jun 4 14:19:46 2008 Subject: About watermarks In-Reply-To: <4845C1D6.30102@tippingmar.com> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> Message-ID: <48469666.40309@cegep-ste-foy.qc.ca> Mark Nienberg a ?crit : > Charles Lacroix wrote: >> Hi, >> >> I had this configuration which reduced alot of bounces going into >> user's mailbox. >> I was quite happy with this but today some users noticed that gmail's >> vacation messages >> were beiing blocked. >> > > The watermark feature examines all messages that have a null sender. > In sendmail logs these are the ones with: > > "from=<>" > > If gmail uses that approach to send vacation messages, and does not > include the original message in the reply, then it will trigger the > bad watermark action. So if you want to be able to receive these and > still use the watermark feature, maybe you could just add 2 or 3 > points for a bad watermark. > > Mark As i said in the original post, i tried setting a few points to it and it would mark it as spam and not check via spamassassin at all. Could i just build a ruleset like this: Check Watermarks With No Sender = rules/check.watermarks.rules From: *.google.com no From: default yes mail comes from hostnames similar to this: 'qb-out-0506.google.com' Sould this work? Thanks From devonharding at gmail.com Wed Jun 4 14:29:29 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:29:40 2008 Subject: Spamassassin rules In-Reply-To: <48469125.8020501@chime.ucl.ac.uk> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469125.8020501@chime.ucl.ac.uk> Message-ID: <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> > > Hi Devon, > > It depends. > > The easiest way to get help with false negatives is to make one available > to us to look at, with the rules that it does hit. Don't send it to the > list, but place the full email (with all headers) on the web somewhere > accessible, then people will be more likely to tell you what rules that they > use to catch this sort of spam. > > -- Here is an example of spam messages that got through: http://www.sirecon.com/spam/ -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/f77b6b57/attachment.html From devonharding at gmail.com Wed Jun 4 14:30:43 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:30:52 2008 Subject: Spamassassin rules In-Reply-To: <48469573.7020105@vanderkooij.org> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> Message-ID: <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> > > > > If you get hit by messages with URL's I suggest you use URIBL. That > seems to get most of them. And for those that passed. I suggest you add > them to the URIBL by recommending them. > > Hugo. > I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/c9b5769b/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jun 4 14:33:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 14:33:26 2008 Subject: About watermarks In-Reply-To: References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> Message-ID: <48469992.60709@ecs.soton.ac.uk> Charles Lacroix wrote: > Mark Nienberg a ?crit : >> Charles Lacroix wrote: >>> Hi, >>> >>> I had this configuration which reduced alot of bounces going into >>> user's mailbox. >>> I was quite happy with this but today some users noticed that >>> gmail's vacation messages >>> were beiing blocked. >>> >> >> The watermark feature examines all messages that have a null sender. >> In sendmail logs these are the ones with: >> >> "from=<>" >> >> If gmail uses that approach to send vacation messages, and does not >> include the original message in the reply, then it will trigger the >> bad watermark action. So if you want to be able to receive these >> and still use the watermark feature, maybe you could just add 2 or 3 >> points for a bad watermark. >> >> Mark > > As i said in the original post, i tried setting a few points to it and > it would mark it as spam and not check via spamassassin at all. > > Could i just build a ruleset like this: > > Check Watermarks With No Sender = rules/check.watermarks.rules > > > From: *.google.com no > From: default yes > > mail comes from hostnames similar to this: 'qb-out-0506.google.com' > > Sould this work? No, as that "From:" will check the sender address and not the SMTP client IP address. The only way of forcing it to check an IP address is to put in the netblock definition of their outgoing IP addresses. > Thanks > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From yashodhan.barve at gmail.com Wed Jun 4 14:38:04 2008 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Wed Jun 4 14:38:18 2008 Subject: What is the best way to collect SPAM from users? Message-ID: <48469ABC.6010208@gmail.com> Hi I have a MailScanner+Postfix box in front of a MS Exchange server. Very little SPAM is getting thru that. I want to collect that and feed it to sa-learn. Forwarding the mails breaks the headers so that is not an option. I was thinking of having a common mailbox in exchange to which users would move SPAM & HAM and then I would POP it and feed it to sa-learn. So what is a good approach that works? and how do I automate it? thanks.. yashodhan From devonharding at gmail.com Wed Jun 4 14:40:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 14:40:59 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> Message-ID: <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding wrote: > >> >> If you get hit by messages with URL's I suggest you use URIBL. That >> seems to get most of them. And for those that passed. I suggest you add >> them to the URIBL by recommending them. >> >> Hugo. >> > > I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? > > -Devon > Hmm...I noticed these lines commented in /etc/mail/spamassassin/ mailscanner.cf. Is this it? # # Julian Field Fri Apr 28 2006 # # Added the "Black" and "Grey" URIBL lists from www.uribl.com # # #urirhssub URIBL_BLACK multi.uribl.com. A 2 #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') #describe URIBL_BLACK Contains an URL listed in the URIBL blacklist #tflags URIBL_BLACK net #score URIBL_BLACK 3.0 # #urirhssub URIBL_GREY multi.uribl.com. A 4 #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') #describe URIBL_GREY Contains an URL listed in the URIBL greylist #tflags URIBL_GREY net #score URIBL_GREY 0.25 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/58b596b2/attachment.html From a.peacock at chime.ucl.ac.uk Wed Jun 4 14:48:32 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Jun 4 14:48:44 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469125.8020501@chime.ucl.ac.uk> <2baac6140806040629v18dfa4dan9959c020d6c939ed@mail.gmail.com> Message-ID: <48469D30.7030006@chime.ucl.ac.uk> Devon Harding wrote: >> Hi Devon, >> >> It depends. >> >> The easiest way to get help with false negatives is to make one available >> to us to look at, with the rules that it does hit. Don't send it to the >> list, but place the full email (with all headers) on the web somewhere >> accessible, then people will be more likely to tell you what rules that they >> use to catch this sort of spam. >> >> -- > > > Here is an example of spam messages that got through: > http://www.sirecon.com/spam/ How about in plain text format? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From ms-list at alexb.ch Wed Jun 4 15:14:06 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 15:14:20 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> Message-ID: <4846A32E.20903@alexb.ch> On 6/4/2008 3:40 PM, Devon Harding wrote: > On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding > wrote: > >>> If you get hit by messages with URL's I suggest you use URIBL. That >>> seems to get most of them. And for those that passed. I suggest you add >>> them to the URIBL by recommending them. >>> >>> Hugo. >>> >> I thought URIBL was enabled by default in SA 3.2.4? How can I verify this? >> >> -Devon >> > > > Hmm...I noticed these lines commented in /etc/mail/spamassassin/ > mailscanner.cf. Is this it? > > # > # Julian Field Fri Apr 28 2006 > # > # Added the "Black" and "Grey" URIBL lists from www.uribl.com > # > # > #urirhssub URIBL_BLACK multi.uribl.com. A 2 > #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') > #describe URIBL_BLACK Contains an URL listed in the URIBL blacklist > #tflags URIBL_BLACK net > #score URIBL_BLACK 3.0 > # > #urirhssub URIBL_GREY multi.uribl.com. A 4 > #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') > #describe URIBL_GREY Contains an URL listed in the URIBL greylist > #tflags URIBL_GREY net > #score URIBL_GREY 0.25 > > the rules are in 25_uribl.cf Julian's entries are obsolete and should be removed. (left over from the days when Uribl.com wasn't yet included in SA) Alex From martinh at solidstatelogic.com Wed Jun 4 15:16:51 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 4 15:17:02 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <48469ABC.6010208@gmail.com> Message-ID: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> hi For sa-learn feed back users need to drag/drop to the ham/spam folders. These folders should be imap folders on exchange and use the many perl scripts that be found to get the messages from the imap folder and push then to sa-learn. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Yashodhan Barve > Sent: 04 June 2008 14:38 > To: MailScanner discussion > Subject: What is the best way to collect SPAM from users? > > Hi > > I have a MailScanner+Postfix box in front of a MS Exchange server. Very > little SPAM is getting thru that. > > I want to collect that and feed it to sa-learn. Forwarding the mails > breaks the headers so that is not an option. > > I was thinking of having a common mailbox in exchange to which users > would move SPAM & HAM and then I would POP it and feed it to sa-learn. > > So what is a good approach that works? and how do I automate it? > > thanks.. > yashodhan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 4 16:01:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 16:01:38 2008 Subject: Spamassassin rules In-Reply-To: References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> Message-ID: <4846AE3D.1060700@ecs.soton.ac.uk> Alex Broens wrote: > On 6/4/2008 3:40 PM, Devon Harding wrote: >> On Wed, Jun 4, 2008 at 9:30 AM, Devon Harding >> wrote: >> >>>> If you get hit by messages with URL's I suggest you use URIBL. That >>>> seems to get most of them. And for those that passed. I suggest you >>>> add >>>> them to the URIBL by recommending them. >>>> >>>> Hugo. >>>> >>> I thought URIBL was enabled by default in SA 3.2.4? How can I >>> verify this? >>> >>> -Devon >>> >> >> >> Hmm...I noticed these lines commented in /etc/mail/spamassassin/ >> mailscanner.cf. Is this it? >> >> # >> # Julian Field Fri Apr 28 2006 >> # >> # Added the "Black" and "Grey" URIBL lists from www.uribl.com >> # >> # >> #urirhssub URIBL_BLACK multi.uribl.com. A 2 >> #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') >> #describe URIBL_BLACK Contains an URL listed in the URIBL >> blacklist >> #tflags URIBL_BLACK net >> #score URIBL_BLACK 3.0 >> # >> #urirhssub URIBL_GREY multi.uribl.com. A 4 >> #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') >> #describe URIBL_GREY Contains an URL listed in the URIBL >> greylist >> #tflags URIBL_GREY net >> #score URIBL_GREY 0.25 >> >> > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) They won't be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Jun 4 16:15:28 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jun 4 16:15:44 2008 Subject: About watermarks In-Reply-To: <48469992.60709@ecs.soton.ac.uk> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> Message-ID: <4846B190.1000304@cegep-ste-foy.qc.ca> Julian Field a ?crit : > > > Charles Lacroix wrote: >> Mark Nienberg a ?crit : >>> Charles Lacroix wrote: >>>> Hi, >>>> >>>> I had this configuration which reduced alot of bounces going into >>>> user's mailbox. >>>> I was quite happy with this but today some users noticed that >>>> gmail's vacation messages >>>> were beiing blocked. >>>> >>> >>> The watermark feature examines all messages that have a null >>> sender. In sendmail logs these are the ones with: >>> >>> "from=<>" >>> >>> If gmail uses that approach to send vacation messages, and does not >>> include the original message in the reply, then it will trigger the >>> bad watermark action. So if you want to be able to receive these >>> and still use the watermark feature, maybe you could just add 2 or 3 >>> points for a bad watermark. >>> >>> Mark >> >> As i said in the original post, i tried setting a few points to it >> and it would mark it as spam and not check via spamassassin at all. >> >> Could i just build a ruleset like this: >> >> Check Watermarks With No Sender = rules/check.watermarks.rules >> >> >> From: *.google.com no >> From: default yes >> >> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >> >> Sould this work? > No, as that "From:" will check the sender address and not the SMTP > client IP address. The only way of forcing it to check an IP address > is to put in the netblock definition of their outgoing IP addresses. >> Thanks >> >> > > Jules > Ok. # /pattern-with-no-letters/ # Any SMTP client IP address matching this # # Perl regular expression How can i know all of gmail's outgoing smtp servers? so if i understand, this would still not work. From: /^.+\.google\.com$/ Charles From MailScanner at ecs.soton.ac.uk Wed Jun 4 16:22:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 4 16:22:30 2008 Subject: About watermarks In-Reply-To: References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> Message-ID: <4846B321.9050900@ecs.soton.ac.uk> Charles Lacroix wrote: > Julian Field a ?crit : >> >> >> Charles Lacroix wrote: >>> Mark Nienberg a ?crit : >>>> Charles Lacroix wrote: >>>>> Hi, >>>>> >>>>> I had this configuration which reduced alot of bounces going into >>>>> user's mailbox. >>>>> I was quite happy with this but today some users noticed that >>>>> gmail's vacation messages >>>>> were beiing blocked. >>>>> >>>> >>>> The watermark feature examines all messages that have a null >>>> sender. In sendmail logs these are the ones with: >>>> >>>> "from=<>" >>>> >>>> If gmail uses that approach to send vacation messages, and does not >>>> include the original message in the reply, then it will trigger the >>>> bad watermark action. So if you want to be able to receive these >>>> and still use the watermark feature, maybe you could just add 2 or >>>> 3 points for a bad watermark. >>>> >>>> Mark >>> >>> As i said in the original post, i tried setting a few points to it >>> and it would mark it as spam and not check via spamassassin at all. >>> >>> Could i just build a ruleset like this: >>> >>> Check Watermarks With No Sender = rules/check.watermarks.rules >>> >>> >>> From: *.google.com no >>> From: default yes >>> >>> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >>> >>> Sould this work? >> No, as that "From:" will check the sender address and not the SMTP >> client IP address. The only way of forcing it to check an IP address >> is to put in the netblock definition of their outgoing IP addresses. >>> Thanks >>> >>> >> >> Jules >> > Ok. > > # /pattern-with-no-letters/ # Any SMTP client IP address > matching this > # # Perl regular expression > > How can i know all of gmail's outgoing smtp servers? > > > so if i understand, this would still not work. > From: /^.+\.google\.com$/ Correct, it won't work. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jun 4 16:49:52 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 16:50:18 2008 Subject: About watermarks In-Reply-To: <4846B190.1000304@cegep-ste-foy.qc.ca> References: <48459249.4010304@cegep-ste-foy.qc.ca> <4845C1D6.30102@tippingmar.com> <48469992.60709@ecs.soton.ac.uk> <4846B190.1000304@cegep-ste-foy.qc.ca> Message-ID: on 6-4-2008 8:15 AM Charles Lacroix spake the following: > Julian Field a ?crit : >> >> >> Charles Lacroix wrote: >>> Mark Nienberg a ?crit : >>>> Charles Lacroix wrote: >>>>> Hi, >>>>> >>>>> I had this configuration which reduced alot of bounces going into >>>>> user's mailbox. >>>>> I was quite happy with this but today some users noticed that >>>>> gmail's vacation messages >>>>> were beiing blocked. >>>>> >>>> >>>> The watermark feature examines all messages that have a null >>>> sender. In sendmail logs these are the ones with: >>>> >>>> "from=<>" >>>> >>>> If gmail uses that approach to send vacation messages, and does not >>>> include the original message in the reply, then it will trigger the >>>> bad watermark action. So if you want to be able to receive these >>>> and still use the watermark feature, maybe you could just add 2 or 3 >>>> points for a bad watermark. >>>> >>>> Mark >>> >>> As i said in the original post, i tried setting a few points to it >>> and it would mark it as spam and not check via spamassassin at all. >>> >>> Could i just build a ruleset like this: >>> >>> Check Watermarks With No Sender = rules/check.watermarks.rules >>> >>> >>> From: *.google.com no >>> From: default yes >>> >>> mail comes from hostnames similar to this: 'qb-out-0506.google.com' >>> >>> Sould this work? >> No, as that "From:" will check the sender address and not the SMTP >> client IP address. The only way of forcing it to check an IP address >> is to put in the netblock definition of their outgoing IP addresses. >>> Thanks >>> >>> >> >> Jules >> > Ok. > > # /pattern-with-no-letters/ # Any SMTP client IP address matching > this > # # Perl regular expression > > How can i know all of gmail's outgoing smtp servers? > By their own SPF records. ;; ANSWER SECTION: _netblocks.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all" By their own SPF records. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/4c4af81c/signature.bin From gmatt at nerc.ac.uk Wed Jun 4 17:17:32 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jun 4 17:18:06 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> Message-ID: <4846C01C.5060302@nerc.ac.uk> Martin.Hepworth wrote: > hi > > For sa-learn feed back users need to drag/drop to the ham/spam > folders. > > These folders should be imap folders on exchange and use the many > perl scripts that be found to get the messages from the imap folder > and push then to sa-learn. > >> I was thinking of having a common mailbox in exchange to which >> users would move SPAM & HAM and then I would POP it and feed it to >> sa-learn. >> >> So what is a good approach that works? and how do I automate it? how much to you trust your users? seriously, users will not be as careful as you when they are throwing stuff into the spam folder. I have a mailbox for sending false positives (ham rather than spam but the same principles apply) to and users have very strict instructions on how to use it. Nonetheless, I still get spam forwarded to it on occasion and mail sent to it in the wrong format or without the original message or malformed in a hundred other ways. I once tried to automate the processing of this mailbox but there is so much that can go wrong I came to the conclusion that I didnt have the hacking skills required to anticipate and work around all possible situations. My compromise is that I read the mailbox regularly using mutt which provides a very quick and easy interface for viewing the message structure and saving exactly the right bit, I then feed this (eyeballed) data back into SA. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From rob at kettle.org.uk Wed Jun 4 18:27:52 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Jun 4 18:28:05 2008 Subject: Bad Filenames In-Reply-To: References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> Message-ID: <4846D098.5060800@kettle.org.uk> Hi, hoping someone can help because I may have missed the obvious.... Is there a way to whitelist a sender so that bad filename or filetype rules are not applied ? many thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Wed Jun 4 18:36:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 18:37:04 2008 Subject: Spamassassin rules In-Reply-To: <4846A32E.20903@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> Message-ID: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> > > >> > > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) > > Alex > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin directory. Where is it located? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/224f4edb/attachment.html From devonharding at gmail.com Wed Jun 4 18:39:09 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 18:39:18 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding wrote: > >>> >> >> >> the rules are in 25_uribl.cf >> >> Julian's entries are obsolete and should be removed. >> (left over from the days when Uribl.com wasn't yet included in SA) >> >> Alex >> > > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin > directory. Where is it located? > > -Devon > Disregard....found it here: http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/336fe109/attachment.html From shuttlebox at gmail.com Wed Jun 4 18:40:18 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 4 18:40:26 2008 Subject: Bad Filenames In-Reply-To: <4846D098.5060800@kettle.org.uk> References: <690855981-1212534906-cardhu_decombobulator_blackberry.rim.net-1962235830-@bxe196.bisx.prod.on.blackberry> <48462438.8090606@alexb.ch> <4846D098.5060800@kettle.org.uk> Message-ID: <625385e30806041040m54c4031el727ebe04f808fa1b@mail.gmail.com> On Wed, Jun 4, 2008 at 7:27 PM, Rob Kettle wrote: > Hi, > > hoping someone can help because I may have missed the obvious.... > > Is there a way to whitelist a sender so that bad filename or filetype rules > are not applied ? Look into rulesets. Create multiple filename and filetype files and let the ruleset select between them. It's in the wiki too. -- /peter From ssilva at sgvwater.com Wed Jun 4 18:44:42 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 18:44:59 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <4846C01C.5060302@nerc.ac.uk> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> <4846C01C.5060302@nerc.ac.uk> Message-ID: on 6-4-2008 9:17 AM Greg Matthews spake the following: > Martin.Hepworth wrote: >> hi >> >> For sa-learn feed back users need to drag/drop to the ham/spam >> folders. >> >> These folders should be imap folders on exchange and use the many >> perl scripts that be found to get the messages from the imap folder >> and push then to sa-learn. >> >>> I was thinking of having a common mailbox in exchange to which >>> users would move SPAM & HAM and then I would POP it and feed it to >>> sa-learn. >>> >>> So what is a good approach that works? and how do I automate it? > > how much to you trust your users? seriously, users will not be as > careful as you when they are throwing stuff into the spam folder. I have > a mailbox for sending false positives (ham rather than spam but the same > principles apply) to and users have very strict instructions on how to > use it. Nonetheless, I still get spam forwarded to it on occasion and > mail sent to it in the wrong format or without the original message or > malformed in a hundred other ways. > > I once tried to automate the processing of this mailbox but there is so > much that can go wrong I came to the conclusion that I didnt have the > hacking skills required to anticipate and work around all possible > situations. > > My compromise is that I read the mailbox regularly using mutt which > provides a very quick and easy interface for viewing the message > structure and saving exactly the right bit, I then feed this (eyeballed) > data back into SA. > > GREG And users are notorious for reporting as spam stuff they subscribed to ( opt-in) but don't want anymore and are too lazy to unsubscribe from. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/f737e96b/signature-0001.bin From devonharding at gmail.com Wed Jun 4 19:10:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 19:10:59 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> Message-ID: <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> On Wed, Jun 4, 2008 at 1:39 PM, Devon Harding wrote: > > > On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding > wrote: > >> >>>> >>> >>> >>> the rules are in 25_uribl.cf >>> >>> Julian's entries are obsolete and should be removed. >>> (left over from the days when Uribl.com wasn't yet included in SA) >>> >>> Alex >>> >> >> Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin >> directory. Where is it located? >> >> -Devon >> > > Disregard....found it here: > http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf > I''m wondering if I should load the rest of the rules from http://spamassassin.apache.org/full/3.0.x/dist/rules/? any thoughts? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/22dc8746/attachment.html From yashodhan.barve at gmail.com Wed Jun 4 19:16:44 2008 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Wed Jun 4 19:16:53 2008 Subject: What is the best way to collect SPAM from users? In-Reply-To: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> References: <36d3b7a55da387419481edfb380e2508@solidstatelogic.com> Message-ID: <4846DC0C.2070701@gmail.com> Thanks Martin, Greg & Scott for your feedback. I guess I will be implementing the check and sa-learn since it is too easy to move wrong messages in the public folders. Thanks again. yashodhan From ssilva at sgvwater.com Wed Jun 4 19:25:45 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 19:26:01 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: on 6-4-2008 10:36 AM Devon Harding spake the following: > > > > > the rules are in 25_uribl.cf > > Julian's entries are obsolete and should be removed. > (left over from the days when Uribl.com wasn't yet included in SA) > > Alex > > > Hmm....I don't even have 25_uribl.cf in my > /etc/mail/spamassassin directory. Where is it located? > > -Devon > That is where you put custom rules. Look in /usr/share/spamassassin -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/fb5b6a56/signature.bin From ssilva at sgvwater.com Wed Jun 4 19:29:56 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 4 19:35:11 2008 Subject: Spamassassin rules In-Reply-To: <48468411.8050704@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> Message-ID: on 6-4-2008 5:01 AM Alex Broens spake the following: > On 6/4/2008 1:21 PM, Devon Harding wrote: >> For MailScanner users, which one of the SARE rules (from the link >> below) are >> a must have? I have a few spam messages that are still getting through >> (mainly cause of BAYES_00). >> >> http://www.rulesemporium.com/rules.htm > > Pls consider that these rules aren't being updated and will probably > stay as is > > NOTE: > If anyone is using rules_du_jour regularly, you can stop hammering the > site as you won't get anything new. > > There's a couple of SARE Ninjas on this list that would announce any > changes. > > Alex > Is there some posting that they won't be updated? Just curious as I haven't heard anything about it, but I have been off the spamassassin list for a while (way too much traffic for the time I have available). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/c39ca7ef/signature.bin From ms-list at alexb.ch Wed Jun 4 20:43:11 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 20:43:30 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> Message-ID: <4846F04F.1020503@alexb.ch> On 6/4/2008 7:36 PM, Devon Harding wrote: >> >> >> the rules are in 25_uribl.cf >> >> Julian's entries are obsolete and should be removed. >> (left over from the days when Uribl.com wasn't yet included in SA) >> >> Alex >> > > Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin > directory. Where is it located? locate 25_uribl.cf /usr/share/spamassassin/25_uribl.cf /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf From ms-list at alexb.ch Wed Jun 4 20:47:36 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 4 20:47:50 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <48468411.8050704@alexb.ch> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> Message-ID: <4846F158.5020202@alexb.ch> On 6/4/2008 8:10 PM, Devon Harding wrote: > On Wed, Jun 4, 2008 at 1:39 PM, Devon Harding > wrote: > >> >> On Wed, Jun 4, 2008 at 1:36 PM, Devon Harding >> wrote: >> >>>> >>>> the rules are in 25_uribl.cf >>>> >>>> Julian's entries are obsolete and should be removed. >>>> (left over from the days when Uribl.com wasn't yet included in SA) >>>> >>>> Alex >>>> >>> Hmm....I don't even have 25_uribl.cf in my /etc/mail/spamassassin >>> directory. Where is it located? >>> >>> -Devon >>> >> Disregard....found it here: >> http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf >> > > > > I''m wondering if I should load the rest of the rules from > http://spamassassin.apache.org/full/3.0.x/dist/rules/? > > any thoughts? NO! hands off - beer time... no need to becoem over-creative :-) if you installed SA, its all there. if you see no URIBL or SURBL hits, it probably means your URIBL plugin is not enabled in /etc/mail/spamassassin/v320.pre if enabled but you see SURBL yet no URIBL.com hits, it means your DNS recursor/cacher has been ACLd by Uribl.com and you may need a datafeed. Alex From devonharding at gmail.com Wed Jun 4 21:41:38 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Jun 4 21:41:48 2008 Subject: Spamassassin rules In-Reply-To: <4846F158.5020202@alexb.ch> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> <2baac6140806040541u36e8316bi33c13b86b865c35d@mail.gmail.com> <48469573.7020105@vanderkooij.org> <2baac6140806040630s107eb427if88438552fc88c94@mail.gmail.com> <2baac6140806040640x72bdd2g87b271d01db8b0bd@mail.gmail.com> <4846A32E.20903@alexb.ch> <2baac6140806041036m22e78711m6cd388431c0f20e6@mail.gmail.com> <2baac6140806041039r76119298nce0a63b906518144@mail.gmail.com> <2baac6140806041110k28170081wcafd7bbbbd9b377c@mail.gmail.com> <4846F158.5020202@alexb.ch> Message-ID: <2baac6140806041341n2b0b235bua5851dd31d725d7a@mail.gmail.com> > > > > > NO! hands off - beer time... no need to becoem over-creative :-) > > if you installed SA, its all there. > > if you see no URIBL or SURBL hits, it probably means your URIBL plugin is > not enabled in /etc/mail/spamassassin/v320.pre > > if enabled but you see SURBL yet no URIBL.com hits, it means your DNS > recursor/cacher has been ACLd by Uribl.com and you may need a datafeed. > > > Alex > I see SURBL but no URIBL.com hits. How do I obtain a datafeed? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/1f478ce3/attachment.html From lists at designmedia.com Wed Jun 4 23:14:32 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 4 23:14:56 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: Ken Goods cropusainsurance.com> writes: > I used a guide on the MailScanner site for the initial setup. Take a look > around there and see what you come up with. If you need more help or have > other questions don't hesitate to ask. Hi Ken, I'm currently installing a MailScanner (using Sendmail) and Exchange 2007 setup and have it mostly configured but in the process of testing it, I did come across an issue. When I create a distribution list in Exchange, by default it only accepts mail from authenticated senders. I have to manually unset that option before I can send emails to that distribution list from the outside world. How do I make my MailScanner box an authenticated sender to Exchange? Currently, there is a Receive Connector that accepts anonymous SMTP only from the MailScanner box and no other IP. Thanks. From peter at farrows.org Wed Jun 4 23:41:27 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 4 23:41:48 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> Message-ID: <48471A17.2020707@farrows.org> Henry Kwan wrote: > Ken Goods cropusainsurance.com> writes: > > >> I used a guide on the MailScanner site for the initial setup. Take a look >> around there and see what you come up with. If you need more help or have >> other questions don't hesitate to ask. >> > > Hi Ken, > > I'm currently installing a MailScanner (using Sendmail) and Exchange 2007 setup > and have it mostly configured but in the process of testing it, I did come > across an issue. > > When I create a distribution list in Exchange, by default it only accepts mail > from authenticated senders. I have to manually unset that option before I can > send emails to that distribution list from the outside world. How do I make my > MailScanner box an authenticated sender to Exchange? Currently, there is a > Receive Connector that accepts anonymous SMTP only from the MailScanner box and > no other IP. > > Thanks. > > > If your MailSCanner authenticated to the exchange and it accepts email from the outside world, then the end result is the same as simply unchecking the authenticated senders option. Its there as a mechanism to prevent outsiders from emailing certain groups within the organisation. For example if you had a distribution group than encompassed the whole company you wouldn't necessarily want outsiders to the company being able to fire one email that went to all say 1000+ employees. This mechanism simply allows control over who can email to the distribution list. If you want people from outside to be able to use certain distribution groups then you simply turn this option off for those groups, its not really any big deal, exchange versions prior to 2007 didn't have this "feature" implemented in this way anyway so its no great loss turning it off. You can probably setup a group policy option to set this automagically by default. Use this command to unset it for Set-DistributionGroup "? -RequireSenderAuthenticationEnabled $False P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080604/7c609ac9/attachment.html From lists at designmedia.com Thu Jun 5 01:41:27 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jun 5 01:41:53 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: Peter Farrow farrows.org> writes: > If your MailSCanner authenticated to the exchange and it accepts email > from the outside world, then the end result is the same as simply > unchecking the authenticated senders option. Its there as a mechanism > to prevent outsiders from emailing certain groups within the > organisation. For example if you had a distribution group than > encompassed the whole company you wouldn't necessarily want outsiders > to the company being able to fire one email that went to all say 1000+ > employees. Ah, ok. Thanks for the explanation. I'll just stick with setting that option to off for all of my public distribution groups then. But is there any value to making the MailScanner box an authenticated sender to Exchange? Is there even a way to do this? Thanks. From hvdkooij at vanderkooij.org Thu Jun 5 06:06:03 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 5 06:06:14 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: <4847743B.6030003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Kwan wrote: | But is there any value to making the MailScanner box an authenticated sender to | Exchange? Is there even a way to do this? MailScanner does not communicate with Exchange. Your MTA on the MailScanner machine does. Which is ? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIR3Q6BvzDRVjxmYERAk0uAJ9F74KcZWJBvArBKOJl+YwnVIMvsgCfRl/S /ZaSM4t5uwMQ0XhdB8Znw90= =9azP -----END PGP SIGNATURE----- From gary at sgluk.com Thu Jun 5 09:21:26 2008 From: gary at sgluk.com (Gary Pentland) Date: Thu Jun 5 09:21:54 2008 Subject: Windows Exchange Server In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> Message-ID: > But is there any value to making the MailScanner box an > authenticated sender to Exchange? Is there even a way to do this? Yes, I found this after an upgrade to Exchange 2007. As Hugo pointed out, it's not MailScanner itself but the MTA software that does the sending of mail and hence needs to do the authentication bit. I use sendmail and it is possible to make sendmail authenticate when sending to Exchange. Start with http://www.sendmail.org/~ca/email/auth.html - about half way down it starts the "client" side authentication stuff. Remember when sending to another MTA (Exchange in this case) sendmail or whatever is the client sending to a server for onward delivery. If you're not using sendmail then I'm afraid you'll have to ask others on this or other lists for advice. Gary From Dirk.Heuvels at inovasec.de Thu Jun 5 09:55:29 2008 From: Dirk.Heuvels at inovasec.de (Dirk.Heuvels@inovasec.de) Date: Thu Jun 5 09:55:46 2008 Subject: Clamav timeouts block Mailscanner Message-ID: Hello, I am using Mailscanner for quiet a while and I'm really happy with it. There is only one problem which arises from time to time. Whenever a message is big enough to let clamav time out, MS will write "Denial Of Service attack detected" to its log and restart the affected MS child process. (We sometimes receive compressed logfiles, wich increase dramatically in size when being uncompressed for scanning.) Unfortunately after spawning a new process MC will try to rescan the same message again, wich will fail. I tried playing with the "Max Children" Option, but this doesn't solve the problem. The queue will fill up with messages on hold, because at least one MS Process won't requeue any mails, as it plays with the message that always times out. Did anyone solve this problem already? Is there a way to tell MS to mark the blocking message as "unavailable", as it is possible for spamassassin (Option "Max SpamAssassin Timeouts")? Thanks in advance, Dirk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/8bfe9a85/attachment.html From list-mailscanner at linguaphone.com Wed Jun 4 12:45:19 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 5 10:14:18 2008 Subject: Spamassassin rules In-Reply-To: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> References: <2baac6140806040421g20b15e79n5706c9f3115d74ba@mail.gmail.com> Message-ID: <1212579918.15489.3.camel@gblades-suse.linguaphone-intranet.co.uk> http://www.gbnetwork.co.uk/mailscanner/ On Wed, 2008-06-04 at 12:21, Devon Harding wrote: > For MailScanner users, which one of the SARE rules (from the link > below) are a must have? I have a few spam messages that are still > getting through (mainly cause of BAYES_00). > > http://www.rulesemporium.com/rules.htm > > -Devon > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Jun 5 11:06:38 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 5 11:06:51 2008 Subject: Bad Filenames In-Reply-To: <4846D098.5060800@kettle.org.uk> Message-ID: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> Rob Rule overloading is what you need.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Kettle > Sent: 04 June 2008 18:28 > To: MailScanner discussion > Subject: Bad Filenames > > Hi, > > hoping someone can help because I may have missed the obvious.... > > Is there a way to whitelist a sender so that bad filename or filetype > rules are not applied ? > > many thanks > Rob > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From pedro.hoffmann at gmail.com Thu Jun 5 15:30:13 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 15:30:23 2008 Subject: .AGP Files Message-ID: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> Hello. I have this client that sends attached in the message a file, with the extension .agp This file is a security signature to work with banks, but if Mailscanner scan it for virus, it gets corrupted. How should I do to make mailscanner don't scan this kind a file? Already try to put this in /etc/MailScanner/filnename.rules.conf Something like this: allow \.agp$ - - But still getting corrupted. What should I do? Thanks for the help! Regards Pedro -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/ca0c0bc1/attachment.html From alex at nkpanama.com Thu Jun 5 15:42:01 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 5 15:42:36 2008 Subject: .AGP Files Message-ID: <200806051442.m55EgRIT006784@safir.blacknight.ie> Scanning for viruses doesn't corrupt files. Modifying the message after it's scanned (adding signatures and headers) may make digital signatures like DKIM and such fail their specific checks because the message has been modified. Allowing the file through doesn't corrupt the file. It changes the message. You need to NOT process those messages. Try adding: Scan Messages = %rules-dir%/scan.messages.rules And in your scan.messages.rules file, located within the %rules-dir% folder, add: FromOrTo: default yes From: xx.xx.xx.xx no ... where xx.xx.xx.xx is the IP address of the sending server. You could ask "why not use From: *@domain.com"... that would mean that anyone could pretend to be from that domain and get through mailscanner untouched. In fact, the truly paranoid could use: From: blabla@domain.com and From: xx.xx.xx.xx yes That would mean a message would have to be from blabla@domain.com AND come from that IP in order to skip processing by MailScanner. Fake messages from elsewhere would be scanned, and messages that don't have that AGP thing would be scanned because they come from somebody else that doesn't use them. On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with > the extension .agp > This file is a security signature to work with banks, but if > Mailscanner scan it for virus, it gets corrupted. > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rgreen at trayerproducts.com Thu Jun 5 16:13:13 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Jun 5 16:14:03 2008 Subject: .AGP Files In-Reply-To: <200806051442.m55EgRIT006784@safir.blacknight.ie> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> Message-ID: <48480289.70209@trayerproducts.com> Should the "FromorTo: default yes" statement be the last line in the scan.messages.rule file? Alex Neuman wrote: > Scanning for viruses doesn't corrupt files. > Modifying the message after it's scanned (adding signatures and > headers) may make digital signatures like DKIM and such fail their > specific checks because the message has been modified. > Allowing the file through doesn't corrupt the file. It changes the > message. > You need to NOT process those messages. Try adding: > Scan Messages = %rules-dir%/scan.messages.rules > > And in your scan.messages.rules file, located within the %rules-dir% > folder, add: > > FromOrTo: default yes > From: xx.xx.xx.xx no > > ... where xx.xx.xx.xx is the IP address of the sending server. > > You could ask "why not use From: *@domain.com"... that would mean that > anyone could pretend to be from that domain and get through > mailscanner untouched. > > In fact, the truly paranoid could use: > > From: blabla@domain.com and From: xx.xx.xx.xx yes > > That would mean a message would have to be from blabla@domain.com AND > come from that IP in order to skip processing by MailScanner. Fake > messages from elsewhere would be scanned, and messages that don't have > that AGP thing would be scanned because they come from somebody else > that doesn't use them. > > On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pedro.hoffmann at gmail.com Thu Jun 5 17:44:41 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 17:44:52 2008 Subject: .AGP Files In-Reply-To: <48480289.70209@trayerproducts.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> Message-ID: <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> In the moment I'm not using the scan.messages.rules What about I remove the signature of e-mail? Those signature that mailscanner put in the sent e-mail. Will sove? Thanks so much about this help Regards Pedro 2008/6/5 Rodney Green : > Should the "FromorTo: default yes" statement be the last line in the > scan.messages.rule file? > > Alex Neuman wrote: > >> Scanning for viruses doesn't corrupt files. >> Modifying the message after it's scanned (adding signatures and headers) >> may make digital signatures like DKIM and such fail their specific checks >> because the message has been modified. >> Allowing the file through doesn't corrupt the file. It changes the >> message. >> You need to NOT process those messages. Try adding: >> Scan Messages = %rules-dir%/scan.messages.rules >> >> And in your scan.messages.rules file, located within the %rules-dir% >> folder, add: >> >> FromOrTo: default yes >> From: xx.xx.xx.xx no >> >> ... where xx.xx.xx.xx is the IP address of the sending server. >> >> You could ask "why not use From: *@domain.com"... that would mean that >> anyone could pretend to be from that domain and get through mailscanner >> untouched. >> >> In fact, the truly paranoid could use: >> >> From: blabla@domain.com and From: xx.xx.xx.xx yes >> >> That would mean a message would have to be from blabla@domain.com AND >> come from that IP in order to skip processing by MailScanner. Fake messages >> from elsewhere would be scanned, and messages that don't have that AGP thing >> would be scanned because they come from somebody else that doesn't use them. >> >> On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/2f049c91/attachment.html From davejenx at googlemail.com Thu Jun 5 18:04:44 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Thu Jun 5 18:04:54 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 Message-ID: Hello, I'm new to the list . I have successfully run MailScanner with sendmail for a couple of years, now setting it up with postfix on another server. MailScanner & postfix have mostly been running happily for a few weeks, averaging about 5 msgs/min. But on two occasions we've had defunct MailScanner processes and the error "postfix: Process did not exit cleanly, returned 1 with signal 0". Once the error & the defunct processes started appearing, there was an ever-growing "Found N messages waiting" (got to 480 first time) and no mail getting through. /var/log/maillog revealed that the same batch of 30 messages was being scanned over & over. Disabling virus scanning in MailScanner.conf, didn't help. Neither did removing all "yes" entries from /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I restarted MailScanner after each change.) Finally I turned off scanning (Scan Messages = no) and this allowed the queue to clear. I then switched scanning, virus and spamassassin back on (i.e. restored previous config) and it then ran fine. I'm wondering if it was a peculiarity of one of the messages that caused MailScanner to crash. The second time it happened, before clearing the queue I took a copy of /var/spool/MailScanner/incoming; will that help in debugging the problem? If so, what should I do with it and if not, what should I do next time it happens? Software: Centos 5 postfix-2.3.3-2 mailscanner-4.69.8-1 from rpm from mailscanner.info clamav-0.93-2.el5.rf spamassassin-3.1.9-1.el5 Hardware: CPU: AMD Phenom(tm) 9550 Quad-Core Processor RAM: 2G DIsks: 2 x 500GB SATA in software RAID-1 Thanks, Dave. From ssilva at sgvwater.com Thu Jun 5 18:20:08 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 5 18:20:27 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> <21be6cae0806050944jb581393w969335abaa10a8c0@mail.gmail.com> Message-ID: on 6-5-2008 9:44 AM Pedro Bordin Hoffmann - [M]orpheus spake the following: > In the moment I'm not using the scan.messages.rules > > What about I remove the signature of e-mail? Those signature that > mailscanner put in the sent e-mail. > Will solve? > You would have to test it and see if it solves it. Or you can use a ruleset to only tag outgoing mail, and leave incoming untagged. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/ffcc8870/signature.bin From pedro.hoffmann at gmail.com Thu Jun 5 18:41:28 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Thu Jun 5 18:41:49 2008 Subject: .AGP Files In-Reply-To: <48480289.70209@trayerproducts.com> References: <200806051442.m55EgRIT006784@safir.blacknight.ie> <48480289.70209@trayerproducts.com> Message-ID: <21be6cae0806051041t6e052a39lf8ad8600a064c008@mail.gmail.com> Hummm, I'll test the remove of signature. But, some doubts has come to mind :) From: user@domain.com From: 192.168.1.25 yes Should be like that? I have only one user that sends this kind a message. Don't want to all output messages goes without passing by mailscanner. So will be like that the scan.messages.rule file? Thanks Pedro 2008/6/5 Rodney Green : > Should the "FromorTo: default yes" statement be the last line in the > scan.messages.rule file? > > Alex Neuman wrote: > >> Scanning for viruses doesn't corrupt files. >> Modifying the message after it's scanned (adding signatures and headers) >> may make digital signatures like DKIM and such fail their specific checks >> because the message has been modified. >> Allowing the file through doesn't corrupt the file. It changes the >> message. >> You need to NOT process those messages. Try adding: >> Scan Messages = %rules-dir%/scan.messages.rules >> >> And in your scan.messages.rules file, located within the %rules-dir% >> folder, add: >> >> FromOrTo: default yes >> From: xx.xx.xx.xx no >> >> ... where xx.xx.xx.xx is the IP address of the sending server. >> >> You could ask "why not use From: *@domain.com"... that would mean that >> anyone could pretend to be from that domain and get through mailscanner >> untouched. >> >> In fact, the truly paranoid could use: >> >> From: blabla@domain.com and From: xx.xx.xx.xx yes >> >> That would mean a message would have to be from blabla@domain.com AND >> come from that IP in order to skip processing by MailScanner. Fake messages >> from elsewhere would be scanned, and messages that don't have that AGP thing >> would be scanned because they come from somebody else that doesn't use them. >> >> On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/aacef9c4/attachment.html From ssilva at sgvwater.com Thu Jun 5 18:44:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 5 18:44:59 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: on 6-5-2008 10:04 AM Dave Jenkins spake the following: > Hello, > > I'm new to the list . I have successfully run MailScanner with > sendmail for a couple of years, now setting it up with postfix on > another server. > > MailScanner & postfix have mostly been running happily for a few > weeks, averaging about 5 msgs/min. But on two occasions we've had > defunct MailScanner processes and the error "postfix: Process did not > exit cleanly, returned 1 with signal 0". > > Once the error & the defunct processes started appearing, there was an > ever-growing "Found N messages waiting" (got to 480 first time) and no > mail getting through. /var/log/maillog revealed that the same batch of > 30 messages was being scanned over & over. > > Disabling virus scanning in MailScanner.conf, didn't help. Neither did > removing all "yes" entries from > /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I > restarted MailScanner after each change.) Finally I turned off > scanning (Scan Messages = no) and this allowed the queue to clear. > > I then switched scanning, virus and spamassassin back on (i.e. > restored previous config) and it then ran fine. I'm wondering if it > was a peculiarity of one of the messages that caused MailScanner to > crash. > > The second time it happened, before clearing the queue I took a copy > of /var/spool/MailScanner/incoming; will that help in debugging the > problem? If so, what should I do with it and if not, what should I do > next time it happens? > > Software: > Centos 5 > postfix-2.3.3-2 > mailscanner-4.69.8-1 from rpm from mailscanner.info > clamav-0.93-2.el5.rf > spamassassin-3.1.9-1.el5 > > Hardware: > CPU: AMD Phenom(tm) 9550 Quad-Core Processor > RAM: 2G > DIsks: 2 x 500GB SATA in software RAID-1 > > Thanks, > Dave. If a single message brought down the system, it is usually the oldest message in the queue. So if you copied the queue, and the times are preserved, you could look there. Many times what kills postfix is non-queue files in the queue directory. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080605/08272f4f/signature.bin From lists at designmedia.com Thu Jun 5 23:43:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jun 5 23:43:44 2008 Subject: Windows Exchange Server References: <13C0059880FDD3118DC600508B6D4A6D02346853@aiainsurance.com> <48471A17.2020707@farrows.org> <4847743B.6030003@vanderkooij.org> Message-ID: Hugo van der Kooij vanderkooij.org> writes: > Henry Kwan wrote: > > | But is there any value to making the MailScanner box an authenticated > sender to > | Exchange? Is there even a way to do this? > > MailScanner does not communicate with Exchange. Your MTA on the > MailScanner machine does. Which is ? Ah, poor wording on my part. I should have known better. :) I'm running sendmail so Gary Pentland's link for "Using sendmail as a client with AUTH" should work for me. I'll try it out in a bit. Thanks to both of you. From james at gray.net.au Thu Jun 5 23:08:21 2008 From: james at gray.net.au (James Gray) Date: Fri Jun 6 04:07:31 2008 Subject: Viruses flagged as spam too Message-ID: Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/02171427/smime.bin From prandal at herefordshire.gov.uk Fri Jun 6 07:24:42 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 6 07:24:57 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03DB9D86@HC-MBX02.herefordshire.gov.uk> Bad idea! Learning viruses as spam (and training Bayes with them) may well protect you against new variants which are sufficiently similar to their predecessors but not enough to be caught by your antivirus program. What you propose is a false economy, IMHO. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Gray Sent: 05 June 2008 23:08 To: MailScanner Discussion List Subject: Viruses flagged as spam too Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James From rob at kettle.org.uk Fri Jun 6 07:36:33 2008 From: rob at kettle.org.uk (rob@kettle.org.uk) Date: Fri Jun 6 07:36:48 2008 Subject: Bad Filenames In-Reply-To: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> References: <3f600a3963ee814ca29de71abf243df4@solidstatelogic.com> Message-ID: Hi, thanks. that has sorted it. Rob > Rob > > Rule overloading is what you need.. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Kettle >> Sent: 04 June 2008 18:28 >> To: MailScanner discussion >> Subject: Bad Filenames >> >> Hi, >> >> hoping someone can help because I may have missed the obvious.... >> >> Is there a way to whitelist a sender so that bad filename or filetype >> rules are not applied ? >> >> many thanks >> Rob >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > From martinh at solidstatelogic.com Fri Jun 6 08:03:36 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 6 08:03:35 2008 Subject: Viruses flagged as spam too Message-ID: James How many viruses are you seeing? Ie whats the size of the problem? For me i see very few (1 a day maybe), so this option wouldn;t gain me much. -- martin -----Original Message----- From: James Gray Sent: Friday, June 06, 2008 4:13 AM To: MailScanner Discussion List Subject: Viruses flagged as spam too Hi All, I've had a dig through the archives, but didn't turn up anything definitive (maybe I need more coffee?). However, I'll ask the question anyway: is there any way to prevent messages detected as viruses from also being scanned for spam? Given that SpamAssassin is the biggest bottle-neck in the process, it seems pointless to scan messages that (in my set-up) are never delivered. I see a big, nasty fly in the ointment though; MailScanner's batch processing paradigm. How can we rip individual messages out of a batch, once the batch has started processing?? Any takers? Cheers, James ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From telecaadmin at gmail.com Fri Jun 6 09:19:02 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 6 09:20:50 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: <4848F2F6.3060803@gmail.com> >> MailScanner & postfix have mostly been running happily for a few >> weeks, averaging about 5 msgs/min. But on two occasions we've had >> defunct MailScanner processes and the error "postfix: Process did not >> exit cleanly, returned 1 with signal 0". >> >> Once the error & the defunct processes started appearing, there was an >> ever-growing "Found N messages waiting" (got to 480 first time) and no >> mail getting through. /var/log/maillog revealed that the same batch of >> 30 messages was being scanned over & over. I looks like your postfix has problems. postfix does not do such things - maybe some smtpds died in the middle of something? Did you DOUBLEcheck your config? Please have a CLOSE look into the maillog for postfix's error messages - they can be quite subtle at times. >> The second time it happened, before clearing the queue I took a copy >> of /var/spool/MailScanner/incoming; will that help in debugging the >> problem? If so, what should I do with it and if not, what should I do >> next time it happens? Make sure that MailScanner is running as your postfix user and you did the postfix-specific side of the setup procedure. Your versions of postfix and MailScanner look fine. One small thing: have a look at the permissions and ownerships of the incoming/ snapshot you took. postfix will be totally knocked out if queue files have wrong ownerships. The delivery will come to a total(!) halt, and you will not really see any errors in the log. All files should have postfix as owner, and 0600 if the files are "in progress" and 0700 if they are deemed ready for final delievery. To hardcore-test your postfix you can do the following: Stop MailScanner, have only postfix running. #> cd /var/spool/postfix #> mv hold/ incoming #> chmod 0700 incoming/ This file should be delivered successfully without any scanning and you should see entries in the maillog. Cheers, Ronny From gmatt at nerc.ac.uk Fri Jun 6 10:13:02 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 6 10:13:46 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> Message-ID: <4848FF9E.1020509@nerc.ac.uk> Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with the > extension .agp > This file is a security signature to work with banks, but if Mailscanner > scan it for virus, it gets corrupted. this is almost certainly your signature - this was discussed way back on the list. It is alleged that there is a bug in perl itself which means that the signature adding bit of MailScanner can end up changing the line terminations throughout the whole message body. This obviously affects digital signatures and the like. As far as I know it has never been fixed. I'm having difficulty tracking down the relevant threads on this list but it has been discussed a couple of times. Either you have secure digital signatures, OR you add a corporate sig onto each message. You can't have both. Of course you can add a rule-set for adding/not adding the corporate sig. GREG > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ja at conviator.com Fri Jun 6 10:41:06 2008 From: ja at conviator.com (Jan Agermose) Date: Fri Jun 6 10:41:35 2008 Subject: tmp blocking new incomming mail Message-ID: hi I want to block for new mails with out stopping mailscanner handling mails already queued and I dont want to do it by sending a "get back later" error since this will not ofload to the 2. MX correct? So I was thinking that I could simply block using iptables but Im not sure how to write the rule with out stopping Mailscanner completly. But as I understand it the incomming sendmail is listening on eht0 and the outgoing is listening on the lo-interface? So if I block port 25 on eth0 only then Mailscanner will still be able to process all the mails queued already? regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/d42bcf02/attachment.html From garyalex at gmail.com Fri Jun 6 10:49:45 2008 From: garyalex at gmail.com (Gary Alexander) Date: Fri Jun 6 10:49:55 2008 Subject: tmp blocking new incomming mail In-Reply-To: References: Message-ID: <5489f9700806060249v3e5ed5cn9f7a9808441497f8@mail.gmail.com> 2008/6/6 Jan Agermose : > hi > > > > I want to block for new mails with out stopping mailscanner handling mails > already queued and I dont want to do it by sending a "get back later" error > since this will not ofload to the 2. MX correct? So I was thinking that I > could simply block using iptables but Im not sure how to write the rule with > out stopping Mailscanner completly. But as I understand it the incomming > sendmail is listening on eht0 and the outgoing is listening on the > lo-interface? So if I block port 25 on eth0 only then Mailscanner will still > be able to process all the mails queued already? > > > > regards > > Jan You can do it with iptables: iptables -I INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT That's applicable if eth0 is your external interface to the internet... -- Open Answers to IT Questions - http://www.openanswers.co.za Recycle your unwanted goods - http://www.freecycle.org From glenn.steen at gmail.com Fri Jun 6 10:50:57 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 10:51:07 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: Message-ID: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> 2008/6/5 Dave Jenkins : > Hello, > > I'm new to the list . I have successfully run MailScanner with > sendmail for a couple of years, now setting it up with postfix on > another server. > > MailScanner & postfix have mostly been running happily for a few > weeks, averaging about 5 msgs/min. But on two occasions we've had > defunct MailScanner processes and the error "postfix: Process did not > exit cleanly, returned 1 with signal 0". > > Once the error & the defunct processes started appearing, there was an > ever-growing "Found N messages waiting" (got to 480 first time) and no > mail getting through. /var/log/maillog revealed that the same batch of > 30 messages was being scanned over & over. > > Disabling virus scanning in MailScanner.conf, didn't help. Neither did > removing all "yes" entries from > /etc/MailScanner/rules/spam.checking.rules, leaving default "no". (I > restarted MailScanner after each change.) Finally I turned off > scanning (Scan Messages = no) and this allowed the queue to clear. > > I then switched scanning, virus and spamassassin back on (i.e. > restored previous config) and it then ran fine. I'm wondering if it > was a peculiarity of one of the messages that caused MailScanner to > crash. > > The second time it happened, before clearing the queue I took a copy > of /var/spool/MailScanner/incoming; will that help in debugging the > problem? If so, what should I do with it and if not, what should I do > next time it happens? > > Software: > Centos 5 > postfix-2.3.3-2 > mailscanner-4.69.8-1 from rpm from mailscanner.info > clamav-0.93-2.el5.rf > spamassassin-3.1.9-1.el5 > > Hardware: > CPU: AMD Phenom(tm) 9550 Quad-Core Processor > RAM: 2G > DIsks: 2 x 500GB SATA in software RAID-1 > > Thanks, > Dave. Next time it happens, look in the hold queue, the oldest messages, to see if you have a problem there. If it were non-queue files fouling things up, doing what you did would likely not have cleared things up, so it might not be the usual razor agent log misplaced in the hold directory... More like some subtle permission thing or subcomponent "borking totally" on a specific mail. Trick is to find what part and what to do with it:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 6 11:44:57 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 11:45:07 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> Message-ID: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Guys'n'gals! It's that silly time of year again, when nominations are counted... bribes are made... accusations fly...:-) Let your voice be counted for Jules and MailScanner! I've just nominated MailScanner (with the official link of http://www.mailscanner.info) both for Best Project and Best SysAdmin Tool... Why don't you do that too? Cheers -- Glenn ---------- Forwarded message ---------- From: SourceForge. net Community Choice Awards Date: 2008/6/6 Subject: Vote for Open Source Awesomeness! To: glenn.steen@gmail.com If you can't read the message below, you can view it on the web at http://sourceforge.net/community/wp-content/uploads/2008/06/nominate.html. You have received this message because you subscribed to it on SourceForge(R).net. To unsubscribe from future mailings, login to the SourceForge.net site and modify your subscription preferences at: https://sourceforge.net/account/ Hey! You! Are you sick of letting the big hardware companies, tech blogs, and mainstream media decide which open source projects deserve widespread attention? So are we. That's why we created the SourceForge.net Community Choice Awards, and we need your nominations! Award Categories Most Likely to Change the World Best New Project Most Likely to Be Ambiguously Accused of Patent Violation Most Likely to Get Users Sued Best Tool or Utility for SysAdmins Best Tool or Utility for Developers Best Project Best Project for the Enterprise Best Project for Educators Most Likely to Be the Next $1B Acquisition Best Project for Multimedia Best Project for Gamers Based on your nominations, ten finalists will be chosen in each category. The winners will receive our coveted award robot, be showered with praise, and will have vastly increased reputation in the city or town of their choice. So nominate now, because there's no better way to tell the world that your favorite open source project can beat up your friend's favorite open source project. Make your voice heard! This message was sent on behalf of SourceForge.net. To unsubscribe from future mailings, login to the SourceForge(R).net site and modify your subscription preferences at: https://sourceforge.net/account/ Or contact us by postal mail at: Attn: SourceForge(R).net Legal Services - Unsubscribe SourceForge(R), Inc. 650 Castro Street, Suite 450 Mountain View, CA 94041 Unsubscribe requests will be processed within 10 days of receipt. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Jun 6 12:26:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 6 12:26:53 2008 Subject: F-Secure licence keys for V7.0.1? Message-ID: <48491EEB.4060907@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone give me a working licence key for the command-line client? Someone gave me a key to use for development work, but it isn't accepted. I've got the 64 bit package, but no licence key. It won't start without one. :-( It will only be used for development work, and will never be given to anyone, you're quite safe. But I can't implement support for it if I can't run it with a real licence :-( Thanks folks, Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFISR7sEfZZRxQVtlQRAo6NAKDV/oAaVnLoOtPfzBBWWpifp9wwewCgu8P2 fe5aOZlZXddcK6DJok2Y10Y= =NUsP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Hostmaster at computerservicecentre.com Fri Jun 6 12:36:29 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Fri Jun 6 12:36:46 2008 Subject: F-Secure licence keys for V7.0.1? In-Reply-To: <48491EEB.4060907@ecs.soton.ac.uk> References: <48491EEB.4060907@ecs.soton.ac.uk> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A79F7@commssrv01.computerservicecentre.com> >Can anyone give me a working licence key for the command-line client? >Someone gave me a key to use for development work, but it isn't accepted. >I've got the 64 bit package, but no licence key. It won't start without >one. :-( Hi Jules, This might seem like a bit of a far-out idea, but have you considered going to F-Secure and asking if you can have a NFR license for your development work? Obviously it's in their interests that MailScanner supports F-Secure AV, as then MailScanner users can buy licenses for F-Sec AV... I had some dealings with F-Secure quite some time ago, and have their news feed in my feedreader and they seem like pretty friendly chaps - it's worth a shot just to ask :) -- Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre web???? http://www.computerservicecentre.com? All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From pedro.hoffmann at gmail.com Fri Jun 6 13:25:47 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Fri Jun 6 13:25:58 2008 Subject: .AGP Files In-Reply-To: <4848FF9E.1020509@nerc.ac.uk> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> Message-ID: <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> Hello again! So is there no solution?? :( I added this on scan.messages.rules *From: luciano.b@sullog.com.br no From: 192.168.1.11 no FromOrTo: default yes* But isn't working. I'm changing to don't sign clean messages, will test this way. Thanks! 2008/6/6 Greg Matthews : > Pedro Bordin Hoffmann - [M]orpheus wrote: > >> Hello. >> >> I have this client that sends attached in the message a file, with the >> extension .agp >> This file is a security signature to work with banks, but if Mailscanner >> scan it for virus, it gets corrupted. >> > > this is almost certainly your signature - this was discussed way back on > the list. It is alleged that there is a bug in perl itself which means that > the signature adding bit of MailScanner can end up changing the line > terminations throughout the whole message body. This obviously affects > digital signatures and the like. As far as I know it has never been fixed. > I'm having difficulty tracking down the relevant threads on this list but it > has been discussed a couple of times. > > Either you have secure digital signatures, OR you add a corporate sig onto > each message. You can't have both. > > Of course you can add a rule-set for adding/not adding the corporate sig. > > GREG > > >> How should I do to make mailscanner don't scan this kind a file? >> Already try to put this in /etc/MailScanner/filnename.rules.conf >> Something like this: >> >> allow \.agp$ - - >> >> But still getting corrupted. >> >> What should I do? >> >> Thanks for the help! >> Regards >> Pedro >> >> >> > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/c678e33c/attachment.html From Denis.Beauchemin at USherbrooke.ca Fri Jun 6 13:29:00 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 6 13:29:23 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Message-ID: <48492D8C.7070000@USherbrooke.ca> Glenn Steen a ?crit : > Guys'n'gals! > > It's that silly time of year again, when nominations are counted... > bribes are made... accusations fly...:-) > Let your voice be counted for Jules and MailScanner! > > I've just nominated MailScanner (with the official link of > http://www.mailscanner.info) both for Best Project and Best SysAdmin > Tool... Why don't you do that too? > > Cheers > -- Glenn > Done! Jules, if you want to put "vote-for-MailScanner" badges on the website, look here: https://sourceforge.net/community/cca08-badge?project_name=MailScanner&project_url=http://www.mailscanner.info Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From gmatt at nerc.ac.uk Fri Jun 6 13:40:20 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 6 13:40:37 2008 Subject: .AGP Files In-Reply-To: <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> <21be6cae0806060525r687d06cw734a070629f76ece@mail.gmail.com> Message-ID: <48493034.9010708@nerc.ac.uk> Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello again! > > So is there no solution?? :( AFAIK there is *no solution* to the "sign clean messages" altering the line endings of the message. Jules will know more. > > I added this on scan.messages.rules > > *From: luciano.b@sullog.com.br no > From: 192.168.1.11 no > FromOrTo: default yes* are those "*" typos? Seems like turning off scanning is a harsh solution. > But isn't working. I'm changing to don't sign clean messages, will test this > way. that would be preferable - still get scanning. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From piero at arrigoni.cl Fri Jun 6 17:35:49 2008 From: piero at arrigoni.cl (Piero Arrigoni) Date: Fri Jun 6 17:36:36 2008 Subject: "spam(no null-header or sender address)" problem Message-ID: <001b01c8c7f3$61158600$23409200$@cl> Hello, I run a mailscanner configuration, using postfix, spamassassin and mailscanner. Mail accounts stores in an sql database. Today I started to receive what seemed to be a Spam attack. Two of the accounts were filled with all sort of junk mail. The messages are in several languages, and came from different ip's from several different places. The situation is really annoying because the mails are still coming in, even receiving dozens of those mails per minute, filling the mailboxes with garbage. All of these mail one thing in common. These have empty "from" addresses. So mailwatch flags the mail as light spam (the kind of spam that gets its subject marked but it's delivered to the recipient anyway), giving the following message in the spam report: "spam(no null-header or sender address)". The spam score remains in 0. I would like to modify mailscanner so that messages with empty from-addresses get filtered as usual mail, going through the regular scoring other mails do. Could you please help me with this? I have been looking around a lot but still have not found a solution. Thank you all. Best regards, Piero P.S.: I found a post in google that had a similar problem. It was fixed by changing a configuration from "Treat Invalid Watermarks With No Sender as Spam = spam" To "Treat Invalid Watermarks With No Sender as Spam = nothing" However I do not know in which configuration file this option can be changed to try it out. I am sort of a newbie in this. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/e7d4aa59/attachment.html From ssilva at sgvwater.com Fri Jun 6 17:57:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 6 17:58:16 2008 Subject: Fwd: Vote for Open Source Awesomeness! In-Reply-To: <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> References: <4848b528.26e3220a.2f6f.ffff9de1SMTPIN_ADDED@mx.google.com> <223f97700806060344x5034e45ds5e618fcf7afd846a@mail.gmail.com> Message-ID: on 6-6-2008 3:44 AM Glenn Steen spake the following: > Guys'n'gals! > > It's that silly time of year again, when nominations are counted... > bribes are made... accusations fly...:-) > Let your voice be counted for Jules and MailScanner! > > I've just nominated MailScanner (with the official link of > http://www.mailscanner.info) both for Best Project and Best SysAdmin > Tool... Why don't you do that too? > > Cheers > -- Glenn Already been there, done that!!! Cheers Glenn! Scott -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/bc50bc51/signature.bin From davejenx at googlemail.com Fri Jun 6 18:58:07 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Fri Jun 6 18:58:19 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> References: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> Message-ID: 2008/6/6 Glenn Steen : > 2008/6/5 Dave Jenkins : >> MailScanner & postfix have mostly been running happily for a few >> weeks, averaging about 5 msgs/min. But on two occasions we've had >> defunct MailScanner processes and the error "postfix: Process did not >> exit cleanly, returned 1 with signal 0". ... >> ...Finally I turned off >> scanning (Scan Messages = no) and this allowed the queue to clear. >> >> I then switched scanning, virus and spamassassin back on (i.e. >> restored previous config) and it then ran fine. I'm wondering if it >> was a peculiarity of one of the messages that caused MailScanner to >> crash. >> >> The second time it happened, before clearing the queue I took a copy >> of /var/spool/MailScanner/incoming; will that help in debugging the >> problem? If so, what should I do with it and if not, what should I do >> next time it happens? > ... > Next time it happens, look in the hold queue, the oldest size... usually 30 or so> messages, to see if you have a problem > there. So it's the Incoming Queue Dir, in my case /var/spool/postfix/hold, that I should grab a copy of, rather than Incoming Work Dir (/var/spool/MailScanner/incoming), is that right? > If it were non-queue files fouling things up, doing what you > did would likely not have cleared things up, so it might not be the > usual razor agent log misplaced in the hold directory... That makes sense to me; I would have thought the fact that disabling scanning alowed the queue to be processed successfully and re-enabling scanning restored normal function, suggests that MailScanner choked during the scanning of a specific message. So I'm guessing the defunct MailScanner processes were the cause rather than effect of the postfix process exiting uncleanly. All files in my copy of /var/spool/MailScanner/incoming were owned by postfix:postfix and all files perm 600, subdirectories 700. > More like some subtle permission thing or subcomponent "borking totally" on a > specific mail. > Trick is to find what part and what to do with it:-):-) I think I've found which mail caused the problem. By finding the time of the first "postfix: Process did not exit cleanly" in /var/log/messages then looking at what happened around that time in /var/log/maillog, I've found a message that fits the timing perfectly and that seems to be the first in a growing queue of messages that got repeatedly but unsuccessfully processed until I set Scan Messages to off. I recognise the recipient from my perusing of the logs the first time the problem happened. But this time I have the offending message's entry from /var/spool/MailScanner/incoming: -rw------- 1 postfix postfix 1014 Jun 5 15:39 9E379FE019.AC06E.header 9E379FE019.AC06E: total 32 drwx------ 2 postfix postfix 4096 Jun 5 15:39 . drwx------ 31 postfix postfix 4096 Jun 5 15:39 .. -rw------- 1 postfix postfix 5571 Jun 5 15:39 msg-1101-41.txt -rw------- 1 postfix postfix 14362 Jun 5 15:39 msg-1101-42.html When I view the files with less, I get: "9E379FE019.AC06E/msg-1101-41.txt" may be a binary file. See it anyway? # file 9E379FE019.AC06E/msg-1101-41.txt 9E379FE019.AC06E/msg-1101-41.txt: Microsoft Office Document The .html file is OK. Cheers, Dave From glenn.steen at gmail.com Fri Jun 6 19:44:07 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 6 19:44:17 2008 Subject: postfix: Process did not exit cleanly, returned 1 with signal 0 In-Reply-To: References: <223f97700806060250p2e2bd41cncdfeb239c333d310@mail.gmail.com> Message-ID: <223f97700806061144m5612b659k667b3950776fa27b@mail.gmail.com> 2008/6/6 Dave Jenkins : > 2008/6/6 Glenn Steen : >> 2008/6/5 Dave Jenkins : >>> MailScanner & postfix have mostly been running happily for a few >>> weeks, averaging about 5 msgs/min. But on two occasions we've had >>> defunct MailScanner processes and the error "postfix: Process did not >>> exit cleanly, returned 1 with signal 0". > ... >>> ...Finally I turned off >>> scanning (Scan Messages = no) and this allowed the queue to clear. >>> >>> I then switched scanning, virus and spamassassin back on (i.e. >>> restored previous config) and it then ran fine. I'm wondering if it >>> was a peculiarity of one of the messages that caused MailScanner to >>> crash. >>> >>> The second time it happened, before clearing the queue I took a copy >>> of /var/spool/MailScanner/incoming; will that help in debugging the >>> problem? If so, what should I do with it and if not, what should I do >>> next time it happens? >> ... >> Next time it happens, look in the hold queue, the oldest > size... usually 30 or so> messages, to see if you have a problem >> there. > > So it's the Incoming Queue Dir, in my case /var/spool/postfix/hold, > that I should grab a copy of, rather than Incoming Work Dir > (/var/spool/MailScanner/incoming), is that right? > Yep. >> If it were non-queue files fouling things up, doing what you >> did would likely not have cleared things up, so it might not be the >> usual razor agent log misplaced in the hold directory... > > That makes sense to me; I would have thought the fact that disabling > scanning alowed the queue to be processed successfully and re-enabling > scanning restored normal function, suggests that MailScanner choked > during the scanning of a specific message. So I'm guessing the defunct > MailScanner processes were the cause rather than effect of the postfix > process exiting uncleanly. Sort of, yes. Find whatever message is causing the problem, and then try submitting it with small changes over and over until it works... Tedious tweak-work:-). > All files in my copy of /var/spool/MailScanner/incoming were owned by > postfix:postfix and all files perm 600, subdirectories 700. > >> More like some subtle permission thing or subcomponent "borking totally" on a >> specific mail. >> Trick is to find what part and what to do with it:-):-) > > I think I've found which mail caused the problem. By finding the time > of the first "postfix: Process did not exit cleanly" in > /var/log/messages then looking at what happened around that time in > /var/log/maillog, I've found a message that fits the timing perfectly > and that seems to be the first in a growing queue of messages that got > repeatedly but unsuccessfully processed until I set Scan Messages to > off. I recognise the recipient from my perusing of the logs the first > time the problem happened. But this time I have the offending > message's entry from /var/spool/MailScanner/incoming: > > -rw------- 1 postfix postfix 1014 Jun 5 15:39 9E379FE019.AC06E.header > > 9E379FE019.AC06E: > total 32 > drwx------ 2 postfix postfix 4096 Jun 5 15:39 . > drwx------ 31 postfix postfix 4096 Jun 5 15:39 .. > -rw------- 1 postfix postfix 5571 Jun 5 15:39 msg-1101-41.txt > -rw------- 1 postfix postfix 14362 Jun 5 15:39 msg-1101-42.html > > When I view the files with less, I get: > "9E379FE019.AC06E/msg-1101-41.txt" may be a binary file. See it anyway? > > # file 9E379FE019.AC06E/msg-1101-41.txt > 9E379FE019.AC06E/msg-1101-41.txt: Microsoft Office Document > > The .html file is OK. So something about the "office doc" is ... problematic. Or with your TNEF expander, perhaps... Hard to say, since you don't have the original file to work with. If I were you, I'd just keep an eye on things until next time, then grab the hold queue and start experimenting with that. > Cheers, > > Dave Cheers to you too;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pedro.hoffmann at gmail.com Fri Jun 6 21:27:20 2008 From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus) Date: Fri Jun 6 21:27:32 2008 Subject: Mailscanner exiting every second. Message-ID: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> I'm having this error on a Debian Etch 64 bits. ?Jun 6 17:19:35 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Don't know what is going on. Already try to restart the server, the services, all! I took a look in the permitions, in the spool dirs, and nothing found. It was working fine 1 day ago :\ Please some help Best wishes Pedro [Full] Jun 6 17:21:35 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:35 observi_2008 MailScanner[23006]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLSpamScores Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 Spam entries Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLBlacklist Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function MailWatchLogging Jun 6 17:21:35 observi_2008 MailScanner[23006]: Started SQL Logging child Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:35 observi_2008 MailScanner[23006]: Read 16 high Spam entries Jun 6 17:21:35 observi_2008 MailScanner[23006]: Config: calling custom init function SQLWhitelist Jun 6 17:21:35 observi_2008 MailScanner[23006]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:35 observi_2008 MailScanner[23006]: Using SpamAssassin results cache Jun 6 17:21:35 observi_2008 MailScanner[23006]: Connected to SpamAssassin cache database Jun 6 17:21:37 observi_2008 MailScanner[22990]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:37 observi_2008 MailScanner[22990]: Using locktype = flock Jun 6 17:21:37 observi_2008 MailScanner[22990]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:37 observi_2008 MailScanner[22990]: Spam Checks: Starting Jun 6 17:21:37 observi_2008 postfix/smtpd[22576]: connect from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:38 observi_2008 postfix/smtpd[22647]: connect from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:38 observi_2008 dovecot: pop3-login: Login: user=< rfadanelli@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.104, lip= 192.168.100.2 Jun 6 17:21:38 observi_2008 dovecot: POP3(rfadanelli@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:38 observi_2008 dovecot: pop3-login: Login: user=< rfadanelli@toigo.com.br>, method=PLAIN, rip=192.168.100.104, lip= 192.168.100.2 Jun 6 17:21:38 observi_2008 dovecot: POP3(rfadanelli@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:39 observi_2008 gld: Greylist activated for recipient=< ruzzarindigo@grandesamigos.com.br> sender= ip=< 87.248.80.2> Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: NOQUEUE: reject: RCPT from static-ip-87-248-80-2.promax.media.pl[87.248.80.2]: 450 4.7.1 < Tomer-0nehpets@30cs.com>: Sender address rejected: Service temporarily unavailable, please try later; from= to=< ruzzarindigo@grandesamigos.com.br> proto=ESMTP helo=< static-ip-87-248-80-2.promax.media.pl> Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: too many errors after RCPT from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:39 observi_2008 postfix/smtpd[22647]: disconnect from static-ip-87-248-80-2.promax.media.pl[87.248.80.2] Jun 6 17:21:39 observi_2008 gld: Greylist activated for recipient=< gabriela@toigo.com.br> sender= ip=<200.90.229.74> Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: NOQUEUE: reject: RCPT from 74-229-90.dial.terra.cl[200.90.229.74]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: too many errors after RCPT from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:39 observi_2008 postfix/smtpd[22576]: disconnect from 74-229-90.dial.terra.cl[200.90.229.74] Jun 6 17:21:40 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:40 observi_2008 MailScanner[23024]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLSpamScores Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 Spam entries Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLBlacklist Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function MailWatchLogging Jun 6 17:21:40 observi_2008 MailScanner[23024]: Started SQL Logging child Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:40 observi_2008 MailScanner[23024]: Read 16 high Spam entries Jun 6 17:21:40 observi_2008 MailScanner[23024]: Config: calling custom init function SQLWhitelist Jun 6 17:21:40 observi_2008 MailScanner[23024]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:40 observi_2008 MailScanner[23024]: Using SpamAssassin results cache Jun 6 17:21:40 observi_2008 MailScanner[23024]: Connected to SpamAssassin cache database Jun 6 17:21:42 observi_2008 MailScanner[23006]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:42 observi_2008 MailScanner[23006]: Using locktype = flock Jun 6 17:21:42 observi_2008 MailScanner[23006]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:42 observi_2008 MailScanner[23006]: Spam Checks: Starting Jun 6 17:21:43 observi_2008 dovecot: pop3-login: Login: user=< fiscal@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.12, lip= 192.168.100.2 Jun 6 17:21:43 observi_2008 dovecot: POP3(fiscal@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:43 observi_2008 dovecot: pop3-login: Login: user=< fiscal@toigo.com.br>, method=PLAIN, rip=192.168.100.12, lip=192.168.100.2 Jun 6 17:21:43 observi_2008 dovecot: POP3(fiscal@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:44 observi_2008 dovecot: pop3-login: Login: user=< tania@toigo.com.br>, method=PLAIN, rip=192.168.100.159, lip=192.168.100.2 Jun 6 17:21:44 observi_2008 dovecot: POP3(tania@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:44 observi_2008 dovecot: pop3-login: Login: user=< tania@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.159, lip= 192.168.100.2 Jun 6 17:21:44 observi_2008 dovecot: POP3(tania@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 dovecot: pop3-login: Login: user=< tania@toigo.com.br>, method=PLAIN, rip=192.168.100.159, lip=192.168.100.2 Jun 6 17:21:45 observi_2008 dovecot: POP3(tania@toigo.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 dovecot: pop3-login: Login: user=< tania@toigocontadores.com.br>, method=PLAIN, rip=192.168.100.159, lip= 192.168.100.2 Jun 6 17:21:45 observi_2008 dovecot: POP3(tania@toigocontadores.com.br): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 6 17:21:45 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:45 observi_2008 MailScanner[23058]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLSpamScores Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 Spam entries Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLBlacklist Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function MailWatchLogging Jun 6 17:21:45 observi_2008 MailScanner[23058]: Started SQL Logging child Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:45 observi_2008 MailScanner[23058]: Read 16 high Spam entries Jun 6 17:21:45 observi_2008 MailScanner[23058]: Config: calling custom init function SQLWhitelist Jun 6 17:21:45 observi_2008 MailScanner[23058]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:45 observi_2008 MailScanner[23058]: Using SpamAssassin results cache Jun 6 17:21:45 observi_2008 MailScanner[23058]: Connected to SpamAssassin cache database Jun 6 17:21:47 observi_2008 MailScanner[23024]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:47 observi_2008 MailScanner[23024]: Using locktype = flock Jun 6 17:21:47 observi_2008 MailScanner[23024]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:47 observi_2008 MailScanner[23024]: Spam Checks: Starting Jun 6 17:21:48 observi_2008 postfix/smtpd[22666]: connect from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:49 observi_2008 gld: Greylist activated for recipient=< sabrina@toigo.com.br> sender= ip=< 68.185.136.176> Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: NOQUEUE: reject: RCPT from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176]: 450 4.7.1 < Edward-unsuccin@2m-online.de>: Sender address rejected: Service temporarily unavailable, please try later; from= to=< sabrina@toigo.com.br> proto=ESMTP helo=< 68-185-136-176.dhcp.jcsn.tn.charter.com> Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: too many errors after RCPT from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:50 observi_2008 postfix/smtpd[22666]: disconnect from 68-185-136-176.dhcp.jcsn.tn.charter.com[68.185.136.176] Jun 6 17:21:50 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:50 observi_2008 MailScanner[23066]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLSpamScores Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 Spam entries Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLBlacklist Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function MailWatchLogging Jun 6 17:21:50 observi_2008 MailScanner[23066]: Started SQL Logging child Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:50 observi_2008 MailScanner[23066]: Read 16 high Spam entries Jun 6 17:21:50 observi_2008 MailScanner[23066]: Config: calling custom init function SQLWhitelist Jun 6 17:21:50 observi_2008 MailScanner[23066]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:50 observi_2008 MailScanner[23066]: Using SpamAssassin results cache Jun 6 17:21:50 observi_2008 MailScanner[23066]: Connected to SpamAssassin cache database Jun 6 17:21:52 observi_2008 named[3303]: lame server resolving 'blast.pp.ru' (in 'blast.pp.ru'?): 195.161.113.218#53 Jun 6 17:21:52 observi_2008 named[3303]: lame server resolving 'blast.pp.ru' (in 'blast.pp.ru'?): 217.16.27.36#53 Jun 6 17:21:52 observi_2008 MailScanner[23058]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:52 observi_2008 MailScanner[23058]: Using locktype = flock Jun 6 17:21:52 observi_2008 MailScanner[23058]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:52 observi_2008 MailScanner[23058]: Spam Checks: Starting Jun 6 17:21:55 observi_2008 MailScanner: Process did not exit cleanly, returned 1 with signal 0 Jun 6 17:21:55 observi_2008 MailScanner[23072]: MailScanner E-Mail Virus Scanner version 4.66.5 starting... Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 hostnames from the phishing whitelist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 0 hostnames from the phishing blacklist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLSpamScores Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 Spam entries Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLBlacklist Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function MailWatchLogging Jun 6 17:21:55 observi_2008 MailScanner[23072]: Started SQL Logging child Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLHighSpamScores Jun 6 17:21:55 observi_2008 MailScanner[23072]: Read 16 high Spam entries Jun 6 17:21:55 observi_2008 MailScanner[23072]: Config: calling custom init function SQLWhitelist Jun 6 17:21:55 observi_2008 MailScanner[23072]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 6 17:21:55 observi_2008 MailScanner[23072]: Using SpamAssassin results cache Jun 6 17:21:55 observi_2008 MailScanner[23072]: Connected to SpamAssassin cache database Jun 6 17:21:57 observi_2008 MailScanner[23066]: ClamAV scanner using unrar command /usr/bin/unrar Jun 6 17:21:57 observi_2008 MailScanner[23066]: Using locktype = flock Jun 6 17:21:57 observi_2008 MailScanner[23066]: New Batch: Scanning 8 messages, 234707 bytes Jun 6 17:21:57 observi_2008 MailScanner[23066]: Spam Checks: Starting [ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/3037eec5/attachment.html From alex at nkpanama.com Sat Jun 7 00:11:51 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 7 00:12:37 2008 Subject: .AGP Files In-Reply-To: <4848FF9E.1020509@nerc.ac.uk> References: <21be6cae0806050730m449839adrb31509e3848fc630@mail.gmail.com> <4848FF9E.1020509@nerc.ac.uk> Message-ID: <200806062312.m56NCP2n030918@safir.blacknight.ie> If it isn't working it means you're not restarting or reloading MailScanner between edits. On Jun 6, 2008, at 7:25 AM, Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello again! > > So is there no solution?? :( > > I added this on scan.messages.rules > > From: luciano.b@sullog.com.br no > From: 192.168.1.11 no > FromOrTo: default yes > > > But isn't working. I'm changing to don't sign clean messages, will > test this way. > > Thanks! > > > 2008/6/6 Greg Matthews : > Pedro Bordin Hoffmann - [M]orpheus wrote: > Hello. > > I have this client that sends attached in the message a file, with the > extension .agp > This file is a security signature to work with banks, but if > Mailscanner > scan it for virus, it gets corrupted. > > this is almost certainly your signature - this was discussed way > back on the list. It is alleged that there is a bug in perl itself > which means that the signature adding bit of MailScanner can end up > changing the line terminations throughout the whole message body. > This obviously affects digital signatures and the like. As far as I > know it has never been fixed. I'm having difficulty tracking down > the relevant threads on this list but it has been discussed a couple > of times. > > Either you have secure digital signatures, OR you add a corporate > sig onto each message. You can't have both. > > Of course you can add a rule-set for adding/not adding the corporate > sig. > > GREG > > > > How should I do to make mailscanner don't scan this kind a file? > Already try to put this in /etc/MailScanner/filnename.rules.conf > Something like this: > > allow \.agp$ - - > > But still getting corrupted. > > What should I do? > > Thanks for the help! > Regards > Pedro > > > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From james at gray.net.au Fri Jun 6 10:17:34 2008 From: james at gray.net.au (James Gray) Date: Sat Jun 7 00:22:46 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > James > > How many viruses are you seeing? Ie whats the size of the problem? > For me i see very few (1 a day maybe), so this option wouldn;t gain > me much. Not that many - probably accounting for about 50% of all virus detections, which in turn is less than 1% of total mail volume. However, the work involved explaining that an email can be BOTH a virus and spam is chewing up significantly more than 0.5% of our support desk's resources (probably 1-2 man hours per day!). Consequently I've been asked to investigate ways to mitigate the confusion from a technical perspective, by avoiding the double classification (if possible). Failing that, we'll try to educate the users in a formal training scheme (probably just one of the support people spending a few minutes with each business unit and backed up with some documentation etc.) .... but as they say, "you can lead a (l)user to a clue, but you can't make them think". I also think Phil's comments regarding learning the viruses as spam can have a positive effect when the viruses inevitably morph is another bonus to throw at the "powers that be". However, protection from a *possible* future threat doesn't solve the immediate problem of disproportionate resource consumption of our support team. Frankly, I don't really care about the processing overhead (the time is negligible). I just want to avoid the double classification of spam +virus. One classification or the other seems to be about all our users are capable of processing in a single message :P Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/05705ca3/smime.bin From ssilva at sgvwater.com Sat Jun 7 00:42:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jun 7 00:42:42 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: on 6-6-2008 2:17 AM James Gray spake the following: > > On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > >> James >> >> How many viruses are you seeing? Ie whats the size of the problem? For >> me i see very few (1 a day maybe), so this option wouldn;t gain me much. > > Not that many - probably accounting for about 50% of all virus > detections, which in turn is less than 1% of total mail volume. > However, the work involved explaining that an email can be BOTH a virus > and spam is chewing up significantly more than 0.5% of our support > desk's resources (probably 1-2 man hours per day!). Consequently I've > been asked to investigate ways to mitigate the confusion from a > technical perspective, by avoiding the double classification (if > possible). Failing that, we'll try to educate the users in a formal > training scheme (probably just one of the support people spending a few > minutes with each business unit and backed up with some documentation > etc.) .... but as they say, "you can lead a (l)user to a clue, but you > can't make them think". > > I also think Phil's comments regarding learning the viruses as spam can > have a positive effect when the viruses inevitably morph is another > bonus to throw at the "powers that be". However, protection from a > *possible* future threat doesn't solve the immediate problem of > disproportionate resource consumption of our support team. Frankly, I > don't really care about the processing overhead (the time is > negligible). I just want to avoid the double classification of > spam+virus. One classification or the other seems to be about all our > users are capable of processing in a single message :P > > Cheers, > > James > Just don't notify your users of viruses. I don't notify my users of either viruses or high scoring spam. I quarantine for a short while high spam that scores less than 30, and dump the rest. Low spam is the only thing that gets passed and tagged. If you let the users know that something was blocked, they are going to want to see it because they always assume they know better. I don't even have exec's complaining about it. Sure I have had a few FP's, but I get notified of everything, and usually release the FP's before they know what happened. Their time is too valuable to mess with the crap, and they pay me to watch out for them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080606/4fd4e2f1/signature.bin From alex at nkpanama.com Sat Jun 7 00:43:14 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 7 00:43:51 2008 Subject: Viruses flagged as spam too In-Reply-To: References: Message-ID: <200806062343.m56NhfHA031965@safir.blacknight.ie> Have you tried using clamav-milter? On Jun 6, 2008, at 4:17 AM, James Gray wrote: > > On 06/06/2008, at 5:03 PM, Martin.Hepworth wrote: > >> James >> >> How many viruses are you seeing? Ie whats the size of the problem? >> For me i see very few (1 a day maybe), so this option wouldn;t gain >> me much. > > Not that many - probably accounting for about 50% of all virus > detections, which in turn is less than 1% of total mail volume. > However, the work involved explaining that an email can be BOTH a > virus and spam is chewing up significantly more than 0.5% of our > support desk's resources (probably 1-2 man hours per day!). > Consequently I've been asked to investigate ways to mitigate the > confusion from a technical perspective, by avoiding the double > classification (if possible). Failing that, we'll try to educate > the users in a formal training scheme (probably just one of the > support people spending a few minutes with each business unit and > backed up with some documentation etc.) .... but as they say, "you > can lead a (l)user to a clue, but you can't make them think". > > I also think Phil's comments regarding learning the viruses as spam > can have a positive effect when the viruses inevitably morph is > another bonus to throw at the "powers that be". However, protection > from a *possible* future threat doesn't solve the immediate problem > of disproportionate resource consumption of our support team. > Frankly, I don't really care about the processing overhead (the time > is negligible). I just want to avoid the double classification of > spam+virus. One classification or the other seems to be about all > our users are capable of processing in a single message :P > > Cheers, > > James-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rob at kettle.org.uk Sun Jun 8 12:10:49 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 12:11:03 2008 Subject: Stop Virus Scanning In-Reply-To: References: Message-ID: <484BBE39.1040709@kettle.org.uk> Hi, I want to be able to ignore certain users and not do any virus scanning for them. I have set Mailscanner to show Virus Scanning = /etc/MailScanner/rules/scan.messages.rules and then in that file put: From: someuser@thedomain.org.uk no FromOrTo: default yes It still scans for virus according the the logfile. Am I missing the obvious ? If so apoogies up front. thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Jun 8 14:24:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 8 14:24:22 2008 Subject: Stop Virus Scanning In-Reply-To: <484BBE39.1040709@kettle.org.uk> References: <484BBE39.1040709@kettle.org.uk> Message-ID: <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> 2008/6/8 Rob Kettle : > Hi, > > I want to be able to ignore certain users and not do any virus scanning for > them. > > I have set Mailscanner to show Virus Scanning = > /etc/MailScanner/rules/scan.messages.rules > > and then in that file put: > From: someuser@thedomain.org.uk no > FromOrTo: default yes > > It still scans for virus according the the logfile. > > Am I missing the obvious ? If so apoogies up front. > > thanks > Rob > Did your reload/restart MailScanner after the edit? BTW, why would you do this? Avoiding all scanning, or spam sanning...that I might understand, but only AV? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at kettle.org.uk Sun Jun 8 15:14:58 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 15:15:20 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> Message-ID: <484BE962.7020200@kettle.org.uk> Glenn Steen wrote: > 2008/6/8 Rob Kettle : > >> Hi, >> >> I want to be able to ignore certain users and not do any virus scanning for >> them. >> >> I have set Mailscanner to show Virus Scanning = >> /etc/MailScanner/rules/scan.messages.rules >> >> and then in that file put: >> From: someuser@thedomain.org.uk no >> FromOrTo: default yes >> >> It still scans for virus according the the logfile. >> >> Am I missing the obvious ? If so apoogies up front. >> >> thanks >> Rob >> >> > Did your reload/restart MailScanner after the edit? > > BTW, why would you do this? Avoiding all scanning, or spam > sanning...that I might understand, but only AV? > > Cheers > Hi, I did reload Mailscanner. I was aksing about stopping virus scanning at this stage but the real goal is to bypass all scanning for certain users as their mail needs to be scanned/quarantined etc. on a server that this server hands the mail over to. So in reality I actually want to bypass all scanning for certain from or to addresses and just have Mailscanner take the mail in and pass it off to another server. thanks Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Sun Jun 8 15:25:48 2008 From: steve at fsl.com (Stephen Swaney) Date: Sun Jun 8 15:26:00 2008 Subject: Stop Virus Scanning In-Reply-To: <484BE962.7020200@kettle.org.uk> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> Message-ID: <484BEBEC.9000206@fsl.com> Rob Kettle wrote: > Glenn Steen wrote: >> 2008/6/8 Rob Kettle : >> >>> Hi, >>> >>> I want to be able to ignore certain users and not do any virus >>> scanning for >>> them. >>> >>> I have set Mailscanner to show Virus Scanning = >>> /etc/MailScanner/rules/scan.messages.rules >>> >>> and then in that file put: >>> From: someuser@thedomain.org.uk no >>> FromOrTo: default yes >>> >>> It still scans for virus according the the logfile. >>> >>> Am I missing the obvious ? If so apoogies up front. >>> >>> thanks >>> Rob >>> >>> >> Did your reload/restart MailScanner after the edit? >> >> BTW, why would you do this? Avoiding all scanning, or spam >> sanning...that I might understand, but only AV? >> >> Cheers >> > > Hi, > > I did reload Mailscanner. > > I was aksing about stopping virus scanning at this stage but the real > goal is to bypass all scanning for certain users as their mail needs > to be scanned/quarantined etc. on a server that this server hands the > mail over to. > > So in reality I actually want to bypass all scanning for certain from > or to addresses and just have Mailscanner take the mail in and pass it > off to another server. > > thanks > Rob > Simple. In Mailscanner.conf: Scan Messages = %rules-dir%/scan.messages.rules # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest. # A sample ruleset would look like this: # To: bad.customer.com no # From: ignore.domain.com no # FromOrTo: default yes # That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above). Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From glenn.steen at gmail.com Sun Jun 8 15:57:37 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 8 15:57:48 2008 Subject: Stop Virus Scanning In-Reply-To: <484BEBEC.9000206@fsl.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> Message-ID: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> 2008/6/8 Stephen Swaney : > Rob Kettle wrote: >> >> Glenn Steen wrote: >>> >>> 2008/6/8 Rob Kettle : >>> >>>> >>>> Hi, >>>> >>>> I want to be able to ignore certain users and not do any virus scanning >>>> for >>>> them. >>>> >>>> I have set Mailscanner to show Virus Scanning = >>>> /etc/MailScanner/rules/scan.messages.rules >>>> >>>> and then in that file put: >>>> From: someuser@thedomain.org.uk no >>>> FromOrTo: default yes >>>> >>>> It still scans for virus according the the logfile. >>>> >>>> Am I missing the obvious ? If so apoogies up front. >>>> >>>> thanks >>>> Rob >>>> >>>> >>> >>> Did your reload/restart MailScanner after the edit? >>> >>> BTW, why would you do this? Avoiding all scanning, or spam >>> sanning...that I might understand, but only AV? >>> >>> Cheers >>> >> >> Hi, >> >> I did reload Mailscanner. >> >> I was aksing about stopping virus scanning at this stage but the real goal >> is to bypass all scanning for certain users as their mail needs to be >> scanned/quarantined etc. on a server that this server hands the mail over >> to. >> >> So in reality I actually want to bypass all scanning for certain from or >> to addresses and just have Mailscanner take the mail in and pass it off to >> another server. >> >> thanks >> Rob >> > Simple. In Mailscanner.conf: > > Scan Messages = %rules-dir%/scan.messages.rules > > # can skip all scanning of mail destined for some of your users/customers > # and still scan all the rest. > # A sample ruleset would look like this: > # To: bad.customer.com no > # From: ignore.domain.com no > # FromOrTo: default yes > # That will scan all mail except mail to bad.customer.com and mail from > # ignore.domain.com. To set this up, put the 3 lines above into a file > # called /etc/MailScanner/rules/scan.messages.rules and set the next line to > # Scan Messages = %rules-dir%/scan.messages.rules > # This can also be the filename of a ruleset (as illustrated above). > > Best regards, > > Steve > > Steve Swaney > steve@fsl.com > www.fsl.com > CC If you do as Steve suggest, try use something more than just the recipient address, since that is easily spoofed. Then again, if you trust the "destination server" to do a good job... it wouldn't matter much that some things would be spoofed:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at kettle.org.uk Sun Jun 8 16:54:11 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sun Jun 8 16:54:22 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> Message-ID: <484C00A3.2030605@kettle.org.uk> Glenn Steen wrote: > 2008/6/8 Stephen Swaney : > >> Rob Kettle wrote: >> >>> Glenn Steen wrote: >>> >>>> 2008/6/8 Rob Kettle : >>>> >>>> >>>>> Hi, >>>>> >>>>> I want to be able to ignore certain users and not do any virus scanning >>>>> for >>>>> them. >>>>> >>>>> I have set Mailscanner to show Virus Scanning = >>>>> /etc/MailScanner/rules/scan.messages.rules >>>>> >>>>> and then in that file put: >>>>> From: someuser@thedomain.org.uk no >>>>> FromOrTo: default yes >>>>> >>>>> It still scans for virus according the the logfile. >>>>> >>>>> Am I missing the obvious ? If so apoogies up front. >>>>> >>>>> thanks >>>>> Rob >>>>> >>>>> >>>>> >>>> Did your reload/restart MailScanner after the edit? >>>> >>>> BTW, why would you do this? Avoiding all scanning, or spam >>>> sanning...that I might understand, but only AV? >>>> >>>> Cheers >>>> >>>> >>> Hi, >>> >>> I did reload Mailscanner. >>> >>> I was aksing about stopping virus scanning at this stage but the real goal >>> is to bypass all scanning for certain users as their mail needs to be >>> scanned/quarantined etc. on a server that this server hands the mail over >>> to. >>> >>> So in reality I actually want to bypass all scanning for certain from or >>> to addresses and just have Mailscanner take the mail in and pass it off to >>> another server. >>> >>> thanks >>> Rob >>> >>> >> Simple. In Mailscanner.conf: >> >> Scan Messages = %rules-dir%/scan.messages.rules >> >> # can skip all scanning of mail destined for some of your users/customers >> # and still scan all the rest. >> # A sample ruleset would look like this: >> # To: bad.customer.com no >> # From: ignore.domain.com no >> # FromOrTo: default yes >> # That will scan all mail except mail to bad.customer.com and mail from >> # ignore.domain.com. To set this up, put the 3 lines above into a file >> # called /etc/MailScanner/rules/scan.messages.rules and set the next line to >> # Scan Messages = %rules-dir%/scan.messages.rules >> # This can also be the filename of a ruleset (as illustrated above). >> >> Best regards, >> >> Steve >> >> Steve Swaney >> steve@fsl.com >> www.fsl.com >> >> > CC > If you do as Steve suggest, try use something more than just the > recipient address, since that is easily spoofed. Then again, if you > trust the "destination server" to do a good job... it wouldn't matter > much that some things would be spoofed:-) > > Cheers > Much appreciated to all. That seems to give what I wanted. Thanks Rob From martinh at solidstatelogic.com Mon Jun 9 14:41:45 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 9 14:41:56 2008 Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 Message-ID: FYI -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 09 June 2008 13:46 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.93.1 > > Dear ClamAV users, > > This version improves handling of PDF, CAB, RTF, OLE2 and HTML files and > includes various bugfixes for 0.93 issues. > > -- > The ClamAV team (http://www.clamav.net/team) > > -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From davejenx at googlemail.com Mon Jun 9 14:48:21 2008 From: davejenx at googlemail.com (Dave Jenkins) Date: Mon Jun 9 14:48:31 2008 Subject: Mailscanner exiting every second. In-Reply-To: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> References: <21be6cae0806061327j91c32e7wfa88f717295e7dab@mail.gmail.com> Message-ID: 2008/6/6 Pedro Bordin Hoffmann - [M]orpheus : > I'm having this error on a Debian Etch 64 bits. > > ?Jun 6 17:19:35 observi_2008 MailScanner: Process did not exit cleanly, > returned 1 with signal 0 I had exactly the same error, also on a 64-bit machine (CentOS 5, AMD Phenom 9550) - see this thread: http://lists.mailscanner.info/pipermail/mailscanner/2008-June/085202.html If your symptoms match mine - see the detailed description in that thread- then the same workaround might get you going again: I temporarily disabled scanning (Scan Messages = no in MailScanner.conf) which cleared the queue (but of course let a load of spam through), then re-enabled it. It seems that a particular message tripped up MailScanner. As you'll see from that thread, the cause is currently unresolved, I'll post back if it happens again & I catch the offending message in the hold queue. Good luck, Dave From alex at nkpanama.com Mon Jun 9 15:06:57 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Jun 9 15:08:14 2008 Subject: Stop Virus Scanning In-Reply-To: <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> References: <484BBE39.1040709@kettle.org.uk> <223f97700806080624l7e018ccck961dfa1bf7986ad4@mail.gmail.com> <484BE962.7020200@kettle.org.uk> <484BEBEC.9000206@fsl.com> <223f97700806080757r157ef7f0tbd6100cdc699ccb5@mail.gmail.com> Message-ID: <200806091408.m59E85hU024035@safir.blacknight.ie> Except if you're not separating e-mails by recipient and one of your recipients receives an e-mail addressed to more than one person, it will still be scanned. On Jun 8, 2008, at 10:54 AM, Rob Kettle wrote: > > Much appreciated to all. > > That seems to give what I wanted. From prandal at herefordshire.gov.uk Mon Jun 9 15:16:43 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 9 15:17:11 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03F02382@HC-MBX02.herefordshire.gov.uk> Works fine here. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: 09 June 2008 14:42 To: mailscanner@lists.mailscanner.info Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 FYI -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce- bounces@lists.clamav.net] On Behalf Of Luca > Gibelli > Sent: 09 June 2008 13:46 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.93.1 > > Dear ClamAV users, > > This version improves handling of PDF, CAB, RTF, OLE2 and HTML files > and includes various bugfixes for 0.93 issues. > > -- > The ClamAV team (http://www.clamav.net/team) > > -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] > nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || > http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Mon Jun 9 15:21:28 2008 From: ka at pacific.net (Ken A) Date: Mon Jun 9 15:21:20 2008 Subject: 3rd party clamav sig false positive - securiteinfo.com Message-ID: <484D3C68.3010309@pacific.net> There was a bad 3rd party clamav sig from securiteinfo.com yesterday (securiteinfo.hdb.gz). It's been fixed now, but was marking all HTML mail as virus (HTML.Clamav.4808). If you use this sig, you might want to check your quarantine. Ken -- Ken Anderson Pacific.Net From peter at farrows.org Mon Jun 9 15:52:23 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jun 9 15:52:46 2008 Subject: 3rd party clamav sig false positive - securiteinfo.com In-Reply-To: <484D3C68.3010309@pacific.net> References: <484D3C68.3010309@pacific.net> Message-ID: <484D43A7.9060901@farrows.org> Ken A wrote: > There was a bad 3rd party clamav sig from securiteinfo.com yesterday > (securiteinfo.hdb.gz). It's been fixed now, but was marking all HTML > mail as virus (HTML.Clamav.4808). If you use this sig, you might want > to check your quarantine. > > Ken > > Thanks for letting us know Ken. Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From MailScanner at ecs.soton.ac.uk Mon Jun 9 16:04:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 16:04:43 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: Message-ID: <484D4671.6020902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great. I have updated my ClamAV+SpamAssassin package on www.mailscanner.info. Randal, Phil wrote: > Works fine here. > > Cheers, > > Phil > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 09 June 2008 14:42 > To: mailscanner@lists.mailscanner.info > Subject: FW: [Clamav-announce] announcing ClamAV 0.93.1 > > FYI > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: clamav-announce-bounces@lists.clamav.net >> [mailto:clamav-announce- bounces@lists.clamav.net] On Behalf Of Luca >> Gibelli >> Sent: 09 June 2008 13:46 >> To: ClamAV Announce >> Subject: [Clamav-announce] announcing ClamAV 0.93.1 >> >> Dear ClamAV users, >> >> This version improves handling of PDF, CAB, RTF, OLE2 and HTML files >> and includes various bugfixes for 0.93 issues. >> >> -- >> The ClamAV team (http://www.clamav.net/team) >> >> -- >> Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus >> > toolkit > >> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] >> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || >> http://www.clamav.net/gpg/luca.gpg >> _______________________________________________ >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error you > must take no action based on them, nor must you copy or show them to > anyone. Please advise the sender by replying to this e-mail immediately > and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 > 1RU, United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFITUZxEfZZRxQVtlQRAljTAKCMD+f0OoZ4V8OpDz8DoGMzIspIugCbBAH2 qJDvpwMsrtPbGLDpnUBFbKI= =PP3d -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 16:51:50 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 16:52:14 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D4671.6020902@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> Message-ID: on 6-9-2008 8:04 AM Julian Field spake the following: > Great. I have updated my ClamAV+SpamAssassin package on > www.mailscanner.info. > Julian, I still see the warning about the mail:clamav perl module. Do you think it stable yet in your easy package, or are you just being careful? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/694c0a82/signature.bin From MailScanner at ecs.soton.ac.uk Mon Jun 9 17:47:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 17:47:51 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: <484D4671.6020902@ecs.soton.ac.uk> Message-ID: <484D5E91.30808@ecs.soton.ac.uk> Scott Silva wrote: > on 6-9-2008 8:04 AM Julian Field spake the following: >> Great. I have updated my ClamAV+SpamAssassin package on >> www.mailscanner.info. >> > Julian, > I still see the warning about the mail:clamav perl module. Do you > think it stable yet in your easy package, or are you just being careful? > I have taken the warning off downloads.html. Thanks for letting me know it was still there. Next job is a new release with fully working Watermarking. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 9 17:55:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 17:55:39 2008 Subject: Beta release 4.70.3 Message-ID: <484D6078.90102@ecs.soton.ac.uk> I have just released a new beta version 4.70.3. Please try this version if you have been having any problems with Watermarks, or the spam handling of them. Download as usual from www.mailscanner.info. Please let me know if you still have any problems with this release, and also if it fixes the problems you have been having. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 18:48:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 18:49:01 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D5E91.30808@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> Message-ID: on 6-9-2008 9:47 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-9-2008 8:04 AM Julian Field spake the following: >>> Great. I have updated my ClamAV+SpamAssassin package on >>> www.mailscanner.info. >>> >> Julian, >> I still see the warning about the mail:clamav perl module. Do you >> think it stable yet in your easy package, or are you just being careful? >> > I have taken the warning off downloads.html. Thanks for letting me know > it was still there. > Next job is a new release with fully working Watermarking. > > Jules > Not to nitpick, but there is still the text (see the Others section below if you use "clamavmodule") in the stable section. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/e7a9181c/signature.bin From MailScanner at ecs.soton.ac.uk Mon Jun 9 18:57:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 18:57:24 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> Message-ID: <484D6EF0.3050300@ecs.soton.ac.uk> Scott Silva wrote: > on 6-9-2008 9:47 AM Julian Field spake the following: >> >> >> Scott Silva wrote: >>> on 6-9-2008 8:04 AM Julian Field spake the following: >>>> Great. I have updated my ClamAV+SpamAssassin package on >>>> www.mailscanner.info. >>>> >>> Julian, >>> I still see the warning about the mail:clamav perl module. Do you >>> think it stable yet in your easy package, or are you just being >>> careful? >>> >> I have taken the warning off downloads.html. Thanks for letting me >> know it was still there. >> Next job is a new release with fully working Watermarking. >> >> Jules >> > Not to nitpick, but there is still the text > (see the Others section below if you use "clamavmodule") > in the stable section. Better now? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Jun 9 19:19:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 9 19:20:24 2008 Subject: [Clamav-announce] announcing ClamAV 0.93.1 In-Reply-To: <484D6EF0.3050300@ecs.soton.ac.uk> References: <484D4671.6020902@ecs.soton.ac.uk> <484D5E91.30808@ecs.soton.ac.uk> <484D6EF0.3050300@ecs.soton.ac.uk> Message-ID: on 6-9-2008 10:57 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-9-2008 9:47 AM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-9-2008 8:04 AM Julian Field spake the following: >>>>> Great. I have updated my ClamAV+SpamAssassin package on >>>>> www.mailscanner.info. >>>>> >>>> Julian, >>>> I still see the warning about the mail:clamav perl module. Do you >>>> think it stable yet in your easy package, or are you just being >>>> careful? >>>> >>> I have taken the warning off downloads.html. Thanks for letting me >>> know it was still there. >>> Next job is a new release with fully working Watermarking. >>> >>> Jules >>> >> Not to nitpick, but there is still the text >> (see the Others section below if you use "clamavmodule") >> in the stable section. > Better now? > > Jules > I didn't want to bang on about it, I just assumed you missed it since you are so busy. But thanks! Your a peach! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080609/b64dd852/signature.bin From ajcartmell at fonant.com Mon Jun 9 21:24:35 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Jun 9 21:24:54 2008 Subject: Minor suggestion for Message-ID: Try as I might to sort out whitespace differences, I always get some appearing in my diff after upgrade_MailScanner_conf. Might it be an idea if upgrade_MailScanner_conf suggested using diff with "-w", to ignore whitespace changes? diff -w MailScanner.conf.rpmnew MailScanner.new Perhaps that's not platform-independant enough... Anthony -- www.fonant.com - Quality web sites From shuttlebox at gmail.com Mon Jun 9 21:42:37 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jun 9 21:42:46 2008 Subject: Minor suggestion for In-Reply-To: References: Message-ID: <625385e30806091342r37cf806bl50981d5d26d6cec5@mail.gmail.com> On Mon, Jun 9, 2008 at 10:24 PM, Anthony Cartmell wrote: > Try as I might to sort out whitespace differences, I always get some > appearing in my diff after upgrade_MailScanner_conf. > > Might it be an idea if upgrade_MailScanner_conf suggested using diff with > "-w", to ignore whitespace changes? > > diff -w MailScanner.conf.rpmnew MailScanner.new > > Perhaps that's not platform-independant enough... Good chance it is since it's supported in Solaris 8. :-) -- Emo Philips - "I was the kid next door's imaginary friend." From MailScanner at ecs.soton.ac.uk Mon Jun 9 21:47:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 9 21:47:25 2008 Subject: Minor suggestion for In-Reply-To: References: Message-ID: <484D96CA.5050404@ecs.soton.ac.uk> Anthony Cartmell wrote: > Try as I might to sort out whitespace differences, I always get some > appearing in my diff after upgrade_MailScanner_conf. > > Might it be an idea if upgrade_MailScanner_conf suggested using diff > with "-w", to ignore whitespace changes? > > diff -w MailScanner.conf.rpmnew MailScanner.new > > Perhaps that's not platform-independant enough... It's fine (it's in Solaris 8, so it will be in most things). I have added it. Good call! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at designmedia.com Tue Jun 10 20:05:08 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 10 20:05:37 2008 Subject: Hosting multiple domains on a MailScanner box? Message-ID: Hi, I almost have my MailScanner/Exchange setup complete but then I realized that I had a couple of secondary domains that I wanted to host the MX for as well. I thought I could setup a virtusertable entry to create a catchall that forwards to a mailbox on the Exchange box but it doesn't seem to be working. Whenever I send email to the secondary domains, I get a "dsn=5.1.1, stat=User unknown" and then a "savemail: cannot save rejected email anywhere" in maillog. Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner box is part of the designmedia.com domain. There is a mailertable entry that forwards the "designmedia.com" to the IP of the Exchange box. The domain "designmedia.com" is also in relay-domains. I enter all the valid mailboxes as "RELAY" in access and everything else is rejected. I thought that entering them in virtusertable as "@domain2.com catchall@designmedia.com" would remap the emails as they came in but evidently this isn't the case. Where is the proper place to stick all the information about the secondary domains? Thanks. From email at ace.net.au Tue Jun 10 20:54:16 2008 From: email at ace.net.au (Peter Nitschke) Date: Tue Jun 10 20:54:53 2008 Subject: Hosting multiple domains on a MailScanner box? In-Reply-To: References: Message-ID: <200806110524160199.4FE0D5BB@web.ace.net.au> Use "Domain Routing" not Virtuser as the users don't exist on the MS box. Also add the domains to "Relay Domains". *********** REPLY SEPARATOR *********** On 10/06/2008 at 7:05 PM Henry Kwan wrote: >Hi, > >I almost have my MailScanner/Exchange setup complete but then I realized >that I >had a couple of secondary domains that I wanted to host the MX for as >well. I >thought I could setup a virtusertable entry to create a catchall that >forwards >to a mailbox on the Exchange box but it doesn't seem to be working. >Whenever I >send email to the secondary domains, I get a "dsn=5.1.1, stat=User >unknown" and >then a "savemail: cannot save rejected email anywhere" in maillog. > >Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running >MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner >box >is part of the designmedia.com domain. There is a mailertable entry that >forwards the "designmedia.com" to the IP of the Exchange box. The domain >"designmedia.com" is also in relay-domains. I enter all the valid >mailboxes as >"RELAY" in access and everything else is rejected. > >I thought that entering them in virtusertable as "@domain2.com >catchall@designmedia.com" would remap the emails as they came in but >evidently >this isn't the case. Where is the proper place to stick all the >information >about the secondary domains? > >Thanks. > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ecasarero at gmail.com Tue Jun 10 20:57:01 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Jun 10 20:57:11 2008 Subject: Hosting multiple domains on a MailScanner box? In-Reply-To: References: Message-ID: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> 2008/6/10 Henry Kwan : > > Hi, > > I almost have my MailScanner/Exchange setup complete but then I realized that I > had a couple of secondary domains that I wanted to host the MX for as well. I > thought I could setup a virtusertable entry to create a catchall that forwards > to a mailbox on the Exchange box but it doesn't seem to be working. Whenever I > send email to the secondary domains, I get a "dsn=5.1.1, stat=User unknown" and > then a "savemail: cannot save rejected email anywhere" in maillog. > > Perhaps my Mailscanner/Exchange setup is incorrect? Right now, I'm running > MailScanner/Sendmail/SpamAssassin/ClamAV on the frontend. The Mailscanner box > is part of the designmedia.com domain. There is a mailertable entry that > forwards the "designmedia.com" to the IP of the Exchange box. The domain > "designmedia.com" is also in relay-domains. I enter all the valid mailboxes as > "RELAY" in access and everything else is rejected. > in your /etc/mail/mailertable should se this for each domain: domain1.com smtp:[1.2.3.4] domain2.com smtp:[exchange.domain2.com] domain3.com smtp:[alterserver.domain3.com] and in your /etc/mail/access this: To:domain1.com RELAY To:domain2.com RELAY To:domain3.com RELAY > I thought that entering them in virtusertable as "@domain2.com > catchall@designmedia.com" would remap the emails as they came in but evidently > this isn't the case. Where is the proper place to stick all the information > about the secondary domains? > > Thanks. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From julien.buratto at gmail.com Tue Jun 10 22:52:16 2008 From: julien.buratto at gmail.com (Julien Buratto) Date: Tue Jun 10 22:52:26 2008 Subject: Tag in subject, header present but score is 0 Message-ID: Quite strange, however since a while I started to get email's subject changed to {Spam? X} where X can be 0 or negative values, headers in the email show the Spam-Status: Yes but then there is no details about any other tags. Other emails which are "clean" are just clean, some others don't even get it as the score is high ... so the point is that all those emails with negative scores where "ok" emails for me... I don't know where to double check this behavior as the mailscanner is running spamassassin. I think that maybe one of the spamlists return negative values ...any hint ? -- Julien Buratto From ssilva at sgvwater.com Tue Jun 10 23:04:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 10 23:05:16 2008 Subject: Tag in subject, header present but score is 0 In-Reply-To: References: Message-ID: on 6-10-2008 2:52 PM Julien Buratto spake the following: > Quite strange, however since a while I started to get email's subject > changed to {Spam? X} where X can be 0 or negative values, headers in > the email show the Spam-Status: Yes but then there is no details about > any other tags. > > Other emails which are "clean" are just clean, some others don't even > get it as the score is high ... so the point is that all those emails > with negative scores where "ok" emails for me... I don't know where to > double check this behavior as the mailscanner is running spamassassin. > > I think that maybe one of the spamlists return negative values ...any hint ? > Hitting blacklists can set the spam tag without changing the score. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080610/45766e89/signature.bin From FStein at thehill.org Wed Jun 11 03:47:27 2008 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed Jun 11 03:48:30 2008 Subject: Beta release 4.70.3 References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" Fred Stein Network Administrator The Hill School 717 High Street Pottstown, PA 19464 610-326-1000 ext. 7356 fstein@thehill.org www.thehill.org ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Mon 6/9/2008 12:55 PM To: MailScanner discussion Subject: Beta release 4.70.3 I have just released a new beta version 4.70.3. Please try this version if you have been having any problems with Watermarks, or the spam handling of them. Download as usual from www.mailscanner.info. Please let me know if you still have any problems with this release, and also if it fixes the problems you have been having. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gdoris at rogers.com Wed Jun 11 06:03:30 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 06:03:42 2008 Subject: Problems with beta 4.70.4-2 Message-ID: <484F5CA2.5010200@rogers.com> I installed the Fedora beta 4.70.4-2 and immediately ran into problems. All emails were marked as spam with a default score of 5 which allowed everything through. The reason given was "spam(no watermark or sender address)". I couldn't figure out what to change so I went back to the stable version and all is working again. From neilw at dcdata.co.za Wed Jun 11 07:25:46 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Wed Jun 11 07:29:51 2008 Subject: install-Clam-0.93.1-SA-3.2.4.tar.gz Message-ID: <484F6FEA.103@dcdata.co.za> Hi guys. I'm trying to install the latest Clam/SA package that is available under SLES 9, and I'm getting the following compile errors, and then the install just hangs, and I have to stop it with Ctrl-C. Anyone else ever seen this before? t/overload_threads........ok 1/5 skipped: not really skipped, testing overloaded reason t/plan....................ok t/plan_bad................ok t/plan_is_noplan..........ok t/plan_no_plan............ok 1/6 skipped: Just testing skip with no_plan t/plan_shouldnt_import....ok t/plan_skip_all...........skipped all skipped: Just testing plan & skip_all t/pod-coverage............skipped all skipped: Test::Pod::Coverage 1.08 required for testing POD coverage t/pod.....................skipped all skipped: Test::Pod 1.00 required for testing POD t/require_ok..............ok t/reset...................ok t/simple..................ok t/skip....................ok 8/17 skipped: various reasons t/skipall.................ok t/sort_bug................ok 1/2*** glibc detected *** corrupted double-linked list: 0x000000000076c100 *** *** glibc detected *** corrupted double-linked list: 0x000000000076c380 *** *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** Thanks. Neil This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From martinh at solidstatelogic.com Wed Jun 11 07:58:04 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 07:57:31 2008 Subject: Problems with beta 4.70.4-2 Message-ID: Gerry What Mta? No problems here with exim -- martin -----Original Message----- From: Gerry Doris Sent: Wednesday, June 11, 2008 6:09 AM To: MailScanner discussion Subject: Problems with beta 4.70.4-2 I installed the Fedora beta 4.70.4-2 and immediately ran into problems. All emails were marked as spam with a default score of 5 which allowed everything through. The reason given was "spam(no watermark or sender address)". I couldn't figure out what to change so I went back to the stable version and all is working again. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From john at tradoc.fr Wed Jun 11 08:38:55 2008 From: john at tradoc.fr (John Wilcock) Date: Wed Jun 11 08:39:17 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484F810F.7010000@tradoc.fr> Martin.Hepworth a ?crit : > Gerry > > What Mta? No problems here with exim > I'm seeing the same symptoms as Gerry, running postfix. I've been working with Julian to solve some problems with the watermarking code, but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian a new beta will be forthcoming later today. The workaround in the meantime if you want to stay on 4.70 is to turn off the watermarking checks. Unfortunately "Use Watermarking = no" seems to be at least partly ignored currently, but "Treat Invalid Watermarks With No Sender as Spam = nothing" does the trick. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From neilw at dcdata.co.za Wed Jun 11 09:01:46 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Wed Jun 11 09:06:00 2008 Subject: install-Clam-0.93.1-SA-3.2.4.tar.gz In-Reply-To: <484F6FEA.103@dcdata.co.za> References: <484F6FEA.103@dcdata.co.za> Message-ID: <484F866A.8000403@dcdata.co.za> Neil Wilson wrote: > *** glibc detected *** corrupted double-linked list: 0x000000000076c380 *** > *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** > *** glibc detected *** corrupted double-linked list: 0x0000002a95d380d8 *** Well, attempted a second install and the error didn't appear this time, so don't worry about this :) Thanks. Neil. This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From gdoris at rogers.com Wed Jun 11 09:07:37 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 09:07:49 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F810F.7010000@tradoc.fr> References: <484F810F.7010000@tradoc.fr> Message-ID: <484F87C9.5090701@rogers.com> John Wilcock wrote: > Martin.Hepworth a ?crit : >> Gerry >> >> What Mta? No problems here with exim >> > > I'm seeing the same symptoms as Gerry, running postfix. I've been > working with Julian to solve some problems with the watermarking code, > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian a > new beta will be forthcoming later today. > > The workaround in the meantime if you want to stay on 4.70 is to turn > off the watermarking checks. Unfortunately "Use Watermarking = no" seems > to be at least partly ignored currently, but "Treat Invalid Watermarks > With No Sender as Spam = nothing" does the trick. > > John. > I'm using sendmail. I tried "Use Watermarking = no". When that didn't work I went back to the stable release. From MailScanner at ecs.soton.ac.uk Wed Jun 11 09:54:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 09:55:00 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484F92C5.5040401@ecs.soton.ac.uk> John Wilcock wrote: > Martin.Hepworth a ?crit : >> Gerry >> >> What Mta? No problems here with exim >> > > I'm seeing the same symptoms as Gerry, running postfix. I've been > working with Julian to solve some problems with the watermarking code, > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > a new beta will be forthcoming later today. > > The workaround in the meantime if you want to stay on 4.70 is to turn > off the watermarking checks. Unfortunately "Use Watermarking = no" > seems to be at least partly ignored currently, but "Treat Invalid > Watermarks With No Sender as Spam = nothing" does the trick. Here's a new Message.pm to try. Let me know if this helps. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.zip Type: application/zip Size: 68935 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/9be9b107/Message.pm-0001.zip From martinh at solidstatelogic.com Wed Jun 11 10:09:07 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 10:09:18 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F92C5.5040401@ecs.soton.ac.uk> Message-ID: <772c934bfbd5be44a8c22cc26dd2cc49@solidstatelogic.com> Jules Ok - give me a couple of minutes, looks like you snook out a .4 beta yesterday so I'll install that first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 11 June 2008 09:54 > To: MailScanner discussion > Subject: Re: Problems with beta 4.70.4-2 > > John Wilcock wrote: > > Martin.Hepworth a ?crit : > >> Gerry > >> > >> What Mta? No problems here with exim > >> > > > > I'm seeing the same symptoms as Gerry, running postfix. I've been > > working with Julian to solve some problems with the watermarking code, > > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > > a new beta will be forthcoming later today. > > > > The workaround in the meantime if you want to stay on 4.70 is to turn > > off the watermarking checks. Unfortunately "Use Watermarking = no" > > seems to be at least partly ignored currently, but "Treat Invalid > > Watermarks With No Sender as Spam = nothing" does the trick. > Here's a new Message.pm to try. Let me know if this helps. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed Jun 11 10:31:13 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 11 10:31:24 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <772c934bfbd5be44a8c22cc26dd2cc49@solidstatelogic.com> Message-ID: No problems here. But then I didn't notice any with the old code. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 11 June 2008 10:09 > To: MailScanner discussion > Subject: RE: Problems with beta 4.70.4-2 > > Jules > > Ok - give me a couple of minutes, looks like you snook out a .4 beta > yesterday so I'll install that first.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 11 June 2008 09:54 > > To: MailScanner discussion > > Subject: Re: Problems with beta 4.70.4-2 > > > > John Wilcock wrote: > > > Martin.Hepworth a ?crit : > > >> Gerry > > >> > > >> What Mta? No problems here with exim > > >> > > > > > > I'm seeing the same symptoms as Gerry, running postfix. I've been > > > working with Julian to solve some problems with the watermarking code, > > > but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian > > > a new beta will be forthcoming later today. > > > > > > The workaround in the meantime if you want to stay on 4.70 is to turn > > > off the watermarking checks. Unfortunately "Use Watermarking = no" > > > seems to be at least partly ignored currently, but "Treat Invalid > > > Watermarks With No Sender as Spam = nothing" does the trick. > > Here's a new Message.pm to try. Let me know if this helps. > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 11 10:56:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 10:56:40 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: References: Message-ID: <484FA13C.4010802@ecs.soton.ac.uk> 4.70.5-1 is out there for you guys. Please let me know how you get on with it. Thanks! Jules. Martin.Hepworth wrote: > No problems here. But then I didn't notice any with the old code. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth >> Sent: 11 June 2008 10:09 >> To: MailScanner discussion >> Subject: RE: Problems with beta 4.70.4-2 >> >> Jules >> >> Ok - give me a couple of minutes, looks like you snook out a .4 beta >> yesterday so I'll install that first.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Julian Field >>> Sent: 11 June 2008 09:54 >>> To: MailScanner discussion >>> Subject: Re: Problems with beta 4.70.4-2 >>> >>> John Wilcock wrote: >>> >>>> Martin.Hepworth a ?crit : >>>> >>>>> Gerry >>>>> >>>>> What Mta? No problems here with exim >>>>> >>>>> >>>> I'm seeing the same symptoms as Gerry, running postfix. I've been >>>> working with Julian to solve some problems with the watermarking code, >>>> but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian >>>> a new beta will be forthcoming later today. >>>> >>>> The workaround in the meantime if you want to stay on 4.70 is to turn >>>> off the watermarking checks. Unfortunately "Use Watermarking = no" >>>> seems to be at least partly ignored currently, but "Treat Invalid >>>> Watermarks With No Sender as Spam = nothing" does the trick. >>>> >>> Here's a new Message.pm to try. Let me know if this helps. >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> PGP public key: http://www.jules.fm/julesfm.asc >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Wed Jun 11 13:49:10 2008 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 11 13:49:25 2008 Subject: Problems with beta 4.70.4-2 In-Reply-To: <484F92C5.5040401@ecs.soton.ac.uk> References: <484F92C5.5040401@ecs.soton.ac.uk> Message-ID: <484FC9C6.70702@rogers.com> Julian Field wrote: > John Wilcock wrote: >> Martin.Hepworth a ?crit : >>> Gerry >>> >>> What Mta? No problems here with exim >>> >> >> I'm seeing the same symptoms as Gerry, running postfix. I've been >> working with Julian to solve some problems with the watermarking code, >> but he's managed to introduce a bug in 4.70.4-1 and -2. Knowing Julian >> a new beta will be forthcoming later today. >> >> The workaround in the meantime if you want to stay on 4.70 is to turn >> off the watermarking checks. Unfortunately "Use Watermarking = no" >> seems to be at least partly ignored currently, but "Treat Invalid >> Watermarks With No Sender as Spam = nothing" does the trick. > Here's a new Message.pm to try. Let me know if this helps. > > Jules > I can't get to it until later today. I'll let you know how it works then. From dominian at slackadelic.com Wed Jun 11 14:32:22 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 14:32:38 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: <484FD3E6.7080802@slackadelic.com> Stein, Mr. Fred wrote: > Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" > > Fred Stein > Network Administrator > The Hill School > 717 High Street > Pottstown, PA 19464 > 610-326-1000 ext. 7356 > fstein@thehill.org > www.thehill.org > I too can confirm this. I had to roll back to the previous release. I used watermarking in the previous release.. worked fine. HOwever, rolled to the latest beta and it started marking EVERYTHING as a potential virus because of no watermark. Rolled back, everything is fine now. -Matt From MailScanner at ecs.soton.ac.uk Wed Jun 11 14:56:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 14:56:21 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> Message-ID: <484FD973.6060004@ecs.soton.ac.uk> Matt Hayes wrote: > Stein, Mr. Fred wrote: >> Beta release 4,70.4-2 no longer turns all Watermarking off with "Use >> Watermarking = no" >> >> Fred Stein >> Network Administrator >> The Hill School >> 717 High Street >> Pottstown, PA 19464 >> 610-326-1000 ext. 7356 >> fstein@thehill.org >> www.thehill.org >> > > I too can confirm this. I had to roll back to the previous release. > I used watermarking in the previous release.. worked fine. HOwever, > rolled to the latest beta and it started marking EVERYTHING as a > potential virus because of no watermark. Rolled back, everything is > fine now. And 4.70.5-1? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From FStein at thehill.org Wed Jun 11 14:57:50 2008 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed Jun 11 14:58:29 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FD3E6.7080802@slackadelic.com> References: <484D6078.90102@ecs.soton.ac.uk> <484FD3E6.7080802@slackadelic.com> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hayes Sent: Wednesday, June 11, 2008 9:32 AM To: MailScanner discussion Subject: Re: Beta release 4.70.3 Stein, Mr. Fred wrote: > Beta release 4,70.4-2 no longer turns all Watermarking off with "Use Watermarking = no" > > Fred Stein > Network Administrator > The Hill School > 717 High Street > Pottstown, PA 19464 > 610-326-1000 ext. 7356 > fstein@thehill.org > www.thehill.org > I too can confirm this. I had to roll back to the previous release. I used watermarking in the previous release.. worked fine. HOwever, rolled to the latest beta and it started marking EVERYTHING as a potential virus because of no watermark. Rolled back, everything is fine now. -Matt -- This has been corrected with the latest 4.70.5 release. Fred MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dominian at slackadelic.com Wed Jun 11 15:05:43 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 15:05:55 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FD973.6060004@ecs.soton.ac.uk> References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> Message-ID: <484FDBB7.7010004@slackadelic.com> Julian Field wrote: > > > Matt Hayes wrote: >> Stein, Mr. Fred wrote: >>> Beta release 4,70.4-2 no longer turns all Watermarking off with "Use >>> Watermarking = no" >>> >>> Fred Stein >>> Network Administrator >>> The Hill School >>> 717 High Street >>> Pottstown, PA 19464 >>> 610-326-1000 ext. 7356 >>> fstein@thehill.org >>> www.thehill.org >>> >> >> I too can confirm this. I had to roll back to the previous release. >> I used watermarking in the previous release.. worked fine. HOwever, >> rolled to the latest beta and it started marking EVERYTHING as a >> potential virus because of no watermark. Rolled back, everything is >> fine now. > And 4.70.5-1? > > Jules > I take that back.. I used 4.70.4 then rolled back to 4.70.1. I apologize. I didn't test anything in between Jules. -Matt From MailScanner at ecs.soton.ac.uk Wed Jun 11 16:18:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 16:18:28 2008 Subject: Beta release 4.70.3 In-Reply-To: References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> Message-ID: <484FECAF.1080202@ecs.soton.ac.uk> Matt Hayes wrote: > Julian Field wrote: >> >> >> Matt Hayes wrote: >>> Stein, Mr. Fred wrote: >>>> Beta release 4,70.4-2 no longer turns all Watermarking off with >>>> "Use Watermarking = no" >>>> >>>> Fred Stein >>>> Network Administrator >>>> The Hill School >>>> 717 High Street >>>> Pottstown, PA 19464 >>>> 610-326-1000 ext. 7356 >>>> fstein@thehill.org >>>> www.thehill.org >>>> >>> >>> I too can confirm this. I had to roll back to the previous >>> release. I used watermarking in the previous release.. worked >>> fine. HOwever, rolled to the latest beta and it started marking >>> EVERYTHING as a potential virus because of no watermark. Rolled >>> back, everything is fine now. >> And 4.70.5-1? >> >> Jules >> > > I take that back.. I used 4.70.4 then rolled back to 4.70.1. I > apologize. I didn't test anything in between Jules. Please can you try 4.70.5-1, I am pretty confident that this version should work as advertised. Thank you for your patience while I got this issue fixed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doepain at gmail.com Wed Jun 11 16:47:58 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 16:48:07 2008 Subject: MailWatch Message-ID: Has anyone installed MailWatch as a webUI for their MailScanner service? Where can I find installation documentaion for MailWatch? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/4dcef388/attachment.html From hvdkooij at vanderkooij.org Wed Jun 11 16:57:18 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 11 16:57:27 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF5DE.2090702@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dOE wrote: | Has anyone installed MailWatch as a webUI for their MailScanner | service? Where can I find installation documentaion for MailWatch? Have you tried something simple as a search engine? http://www.google.com/search?q=mailwatch Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIT/XWBvzDRVjxmYERAswwAJ99tNAoIHvT6rVXHhxmbBlFVtw5TwCfU31S O5hjgaW0QlktZFYi5Uwe4ho= =i2vR -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Jun 11 16:57:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 11 16:57:51 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF5EB.2060504@ecs.soton.ac.uk> Have you tried typing in "MailWatch" to Google? This is not the correct place to ask for help about MailWatch, it has its own mailing list(s) which are all documented on the web: see my previous sentence for pointers to it. dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner > service? Where can I find installation documentaion for MailWatch? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jun 11 16:58:30 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jun 11 16:58:50 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <200806111158.30817.dyioulos@firstbhph.com> On Wednesday 11 June 2008 11:47 am, dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner service? > Where can I find installation documentaion for MailWatch? There's documentation with the program itself (INSTALL, UPGRADING, etc.). The MailWatch wiki is useful (mailwatch.sourceforge.net/doku.php). You may also want to subscribe to the mailing list. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dominian at slackadelic.com Wed Jun 11 17:12:05 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Wed Jun 11 17:12:20 2008 Subject: Beta release 4.70.3 In-Reply-To: <484FECAF.1080202@ecs.soton.ac.uk> References: <484D6078.90102@ecs.soton.ac.uk> <484FD973.6060004@ecs.soton.ac.uk> <484FECAF.1080202@ecs.soton.ac.uk> Message-ID: <484FF955.8080203@slackadelic.com> Julian Field wrote: > > > Matt Hayes wrote: >> Julian Field wrote: >>> >>> >>> Matt Hayes wrote: >>>> Stein, Mr. Fred wrote: >>>>> Beta release 4,70.4-2 no longer turns all Watermarking off with >>>>> "Use Watermarking = no" >>>>> >>>>> Fred Stein >>>>> Network Administrator >>>>> The Hill School >>>>> 717 High Street >>>>> Pottstown, PA 19464 >>>>> 610-326-1000 ext. 7356 >>>>> fstein@thehill.org >>>>> www.thehill.org >>>>> >>>> >>>> I too can confirm this. I had to roll back to the previous >>>> release. I used watermarking in the previous release.. worked >>>> fine. HOwever, rolled to the latest beta and it started marking >>>> EVERYTHING as a potential virus because of no watermark. Rolled >>>> back, everything is fine now. >>> And 4.70.5-1? >>> >>> Jules >>> >> >> I take that back.. I used 4.70.4 then rolled back to 4.70.1. I >> apologize. I didn't test anything in between Jules. > Please can you try 4.70.5-1, I am pretty confident that this version > should work as advertised. > Thank you for your patience while I got this issue fixed. > > Jules > Jules, The 4.70.5 fixed my issue with the watermarking incorrectly marking emails as bad. Working like a charm now. -matt From peter at farrows.org Wed Jun 11 17:13:49 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 11 17:14:31 2008 Subject: MailWatch In-Reply-To: References: Message-ID: <484FF9BD.4090203@farrows.org> Hi There, Since everyone else seems intent on telling you to use google, and generally not being too kind, I thought I would help you out. Try this: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation Its not unreasonable to start asking your question here, and there is another list for mailwatch, and it is related to subject matter here, Feel free ask me off the list if you have any problems, I done quite a few of these, Regards Pete dOE wrote: > Has anyone installed MailWatch as a webUI for their MailScanner > service? Where can I find installation documentaion for MailWatch? > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [1]. http://www.inexcom.co.uk From doepain at gmail.com Wed Jun 11 17:31:58 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:32:07 2008 Subject: MailWatch In-Reply-To: <200806111158.30817.dyioulos@firstbhph.com> References: <200806111158.30817.dyioulos@firstbhph.com> Message-ID: I just discovered the mailing list and have subscribed. On Wed, Jun 11, 2008 at 11:58 AM, Dimitri Yioulos wrote: > On Wednesday 11 June 2008 11:47 am, dOE wrote: > > Has anyone installed MailWatch as a webUI for their MailScanner service? > > Where can I find installation documentaion for MailWatch? > > There's documentation with the program itself (INSTALL, UPGRADING, etc.). > The > MailWatch wiki is useful (mailwatch.sourceforge.net/doku.php). You may > also > want to subscribe to the mailing list. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/d5aa5289/attachment.html From doepain at gmail.com Wed Jun 11 17:33:23 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:33:32 2008 Subject: MailWatch In-Reply-To: <484FF9BD.4090203@farrows.org> References: <484FF9BD.4090203@farrows.org> Message-ID: Thank you, Peter Sorry for inconveniencing everyone else with my "complicated" question. I will direct any future MailWatch question to its mailing-list from now. On Wed, Jun 11, 2008 at 12:13 PM, Peter Farrow wrote: > Hi There, > > Since everyone else seems intent on telling you to use google, and > generally not being too kind, I thought I would help you out. > > Try this: > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation > > Its not unreasonable to start asking your question here, and there is > another list for mailwatch, and it is related to subject matter here, > > Feel free ask me off the list if you have any problems, I done quite a few > of these, > > Regards > > Pete > > dOE wrote: > >> Has anyone installed MailWatch as a webUI for their MailScanner service? >> Where can I find installation documentaion for MailWatch? >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* system >> scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [0]. >> > > > -- > This message has been scanned for viruses and > dangerous content by the Inexcom system Scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [1]. > http://www.inexcom.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/e31db876/attachment.html From doepain at gmail.com Wed Jun 11 17:34:23 2008 From: doepain at gmail.com (dOE) Date: Wed Jun 11 17:34:31 2008 Subject: MailWatch In-Reply-To: <484FF5DE.2090702@vanderkooij.org> References: <484FF5DE.2090702@vanderkooij.org> Message-ID: Hugo, you are very intelligent it seems. On Wed, Jun 11, 2008 at 11:57 AM, Hugo van der Kooij < hvdkooij@vanderkooij.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > dOE wrote: > | Has anyone installed MailWatch as a webUI for their MailScanner > | service? Where can I find installation documentaion for MailWatch? > > Have you tried something simple as a search engine? > http://www.google.com/search?q=mailwatch > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIT/XWBvzDRVjxmYERAswwAJ99tNAoIHvT6rVXHhxmbBlFVtw5TwCfU31S > O5hjgaW0QlktZFYi5Uwe4ho= > =i2vR > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/a985b1b2/attachment.html From rick at duvals.ca Wed Jun 11 17:42:57 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Wed Jun 11 17:43:08 2008 Subject: Interfaces - off topic - sorry References: <484FF9BD.4090203@farrows.org> Message-ID: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> This is not a MailScanner question but since we're all involved in providing email services I thinks its still a somewhat appropriate place to ask... Any opinions on what is the best front end for end users? We've been running MDaemon Pro and our users are really used to that kind of high-end interface. Is there a comparable beast for linux systems that's either GPL or doesn;t cost both arms and both legs like MDaemon? Thanks much.... Rick "Imagination is more important than Knowledge" --Albert Einstein-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/91bc82fe/attachment.html From rick at duvals.ca Wed Jun 11 18:06:56 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Wed Jun 11 18:07:06 2008 Subject: Yahoogroups Bad Centent Message-ID: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> Every time and emial comes in from yahoogroups I get a message that it contains a script and then a Bad Content message. How are other people handling this? R "Imagination is more important than Knowledge" --Albert Einstein-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/3403929b/attachment.html From ssilva at sgvwater.com Wed Jun 11 18:29:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 11 18:29:08 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> References: <484FF9BD.4090203@farrows.org> <001e01c8cbe2$341fb600$6b01a8c0@csmrick> Message-ID: on 6-11-2008 9:42 AM rick@duvals.ca spake the following: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate place > to ask... It would be more appropriate to start a new thread when asking a new question. > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn't cost both arms and both legs like MDaemon? High end interfaces usually cost $$$. By the time someone does that much coding, they sure want to have some profit from their work. You can set up many free applications that will do what you want, but I haven't seen anything for free that does all of that. Maybe Scalix community version does a lot of it. MDaemon Pro has got to be cheaper than an Exchange setup. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/4b90d281/signature.bin From ssilva at sgvwater.com Wed Jun 11 18:36:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 11 18:36:14 2008 Subject: Yahoogroups Bad Centent In-Reply-To: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> References: <007701c8cbe5$8e054b00$6b01a8c0@csmrick> Message-ID: on 6-11-2008 10:06 AM rick@duvals.ca spake the following: > Every time and emial comes in from yahoogroups I get a message that it > contains a script and then a Bad Content message. > > How are other people handling this? > > R I disarm most of the bad content and don't mark the subject. If a user complains, I can release the original from the cache. No complaints in over a year and a half though. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080611/844fdfaf/signature.bin From lists at designmedia.com Wed Jun 11 19:28:16 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 11 19:28:32 2008 Subject: Hosting multiple domains on a MailScanner box? References: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> Message-ID: Eduardo Casarero gmail.com> writes: > in your /etc/mail/mailertable should se this for each domain: > > domain1.com smtp:[1.2.3.4] > domain2.com smtp:[exchange.domain2.com] > domain3.com smtp:[alterserver.domain3.com] > > and in your /etc/mail/access this: > To:domain1.com RELAY > To:domain2.com RELAY > To:domain3.com RELAY Hi, Is there a way forward all the emails to one account on the primary domain? Right now, what I ended up doing was to deliver the email locally. In /etc/mail/virtusertable: @domain2.com localaccount1 @domain3.com localaccount2 So all those emails are delivered locally on the Mailscanner box and I end up reading them using mutt or pine. Ideally, what I would like to do is to route all those emails to a catchall account on the primary domain (something like domain2.catchall@designmedia.com). But if I modify the virtusertable or even add a .forward to localaccount1 so that email gets forwarded to the primary domain, I get a "DSN: User unknown". Thanks. From lists at designmedia.com Wed Jun 11 19:50:03 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 11 19:50:21 2008 Subject: Hosting multiple domains on a MailScanner box? References: <7d9b3cf20806101257r48703a7ei8ff4c74b9b692123@mail.gmail.com> Message-ID: Henry Kwan designmedia.com> writes: > Ideally, what I would like to do is to route all those emails to a catchall > account on the primary domain (something like domain2.catchall > designmedia.com). > But if I modify the virtusertable or even add a .forward to localaccount1 so > that email gets forwarded to the primary domain, I get a "DSN: User unknown". Whoops. The reason that it wasn't working was because I had borked the routing by entering the primary domain into local-host-names. Once I removed the primary domain, all emails to the secondary domains are routed properly into the catchall account on the primary domain. Thanks to Peter and Eduardo for the ideas. From rich at mail.wvnet.edu Thu Jun 12 11:59:43 2008 From: rich at mail.wvnet.edu (Richard Lynch) Date: Thu Jun 12 11:59:58 2008 Subject: Warning: latest RH perl update breaks MailScanner Message-ID: <4851019F.4040106@mail.wvnet.edu> Just a quick warning to everyone. A Redhat update for perl was released yesterday. Once applied a restart of MailScanner fails with... Starting MailScanner... **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! Failed. The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's perl-5.8.0-98.EL3. I don't know about the other releases. The fix for us was to re-install MailScanner (i.e. ./install.sh fast). Richard Lynch WVNET -- From martinh at solidstatelogic.com Thu Jun 12 12:11:01 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 12:11:14 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <4851019F.4040106@mail.wvnet.edu> Message-ID: <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> Heh another broken perl RPM from RH, there's a thing ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Lynch > Sent: 12 June 2008 12:00 > To: MailScanner discussion > Subject: Warning: latest RH perl update breaks MailScanner > > > Just a quick warning to everyone. A Redhat update for perl was released > yesterday. Once applied a restart of MailScanner fails with... > > Starting MailScanner... > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > Failed. > > > The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's > perl-5.8.0-98.EL3. I don't know about the other releases. The fix for > us was to re-install MailScanner (i.e. ./install.sh fast). > > Richard Lynch > WVNET > > -- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From peter at farrows.org Thu Jun 12 12:13:00 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jun 12 12:13:22 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <4851019F.4040106@mail.wvnet.edu> References: <4851019F.4040106@mail.wvnet.edu> Message-ID: <485104BC.4090005@farrows.org> Richard Lynch wrote: > > Just a quick warning to everyone. A Redhat update for perl was > released yesterday. Once applied a restart of MailScanner fails with... > > Starting MailScanner... > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > Failed. > > > The new perl rpm for RHEL4 is perl-5.8.5-36.el4_6.3. For RHEL3 it's > perl-5.8.0-98.EL3. I don't know about the other releases. The fix > for us was to re-install MailScanner (i.e. ./install.sh fast). > > Richard Lynch > WVNET > You can probably just re-install the perl io rpm back to a working version, or do it through the CPAN command line interface rather than jumping through the whole install again.. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From shuttlebox at gmail.com Thu Jun 12 12:31:23 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jun 12 12:31:31 2008 Subject: Warning: latest RH perl update breaks MailScanner In-Reply-To: <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> References: <4851019F.4040106@mail.wvnet.edu> <926eb4f9f0448d469500714d9c118c82@solidstatelogic.com> Message-ID: <625385e30806120431r416300e2i97facb1f709e0ab9@mail.gmail.com> On Thu, Jun 12, 2008 at 1:11 PM, Martin.Hepworth wrote: > Heh another broken perl RPM from RH, there's a thing ;-) It's not broken, it's MS that forces its modules to overwrite the systems so when you update the system the version is too old again. This happens because RH backports security patches instead of just providing a newer version of the module. -- PJ O'Rourke - "You can't get rid of poverty by giving people money." From uxbod at splatnix.net Thu Jun 12 12:45:43 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 12 12:46:07 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <001e01c8cbe2$341fb600$6b01a8c0@csmrick> Message-ID: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> http://www.zimbra.com - they provide a FOSS release. Try the demo :) I am biast though as I am a moderator ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- rick@duvals.ca wrote: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate > place to ask... > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn;t cost both arms and both legs like MDaemon? > > Thanks much.... > > Rick > > > "Imagination is more important than Knowledge" --Albert Einstein-- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jan-peter at koopmann.eu Thu Jun 12 13:13:08 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Jun 12 13:13:36 2008 Subject: Exim bounces and MailScanner Message-ID: Hi, I just noticed something for the first time. A user is sending a message which is accepted by the inbound exim, processed by MailScanner and then sent out by the outbound exim. This outbound exim is not able to successfully transfer the message since the other side responds with 5xx attachment type is not allowed. So far so good. The outbound exim now creates a NDR. This NDR however is delivered to the user directly without being processed through mailscanner. It all makes sense but is there a way to force the NDRs of the outbound exim process to be delivered through Mailscanner as well? Why you may ask? :-) Because the admin would like to see the NDA in mailwatch as well. Any thoughts appreciated. Regards, JP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/2eee042c/attachment.html From martinh at solidstatelogic.com Thu Jun 12 14:26:40 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 14:26:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Message-ID: <1794543400192d41b27b7ccf0dfd0276@solidstatelogic.com> -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] On Behalf Of Justin Mason > Sent: 12 June 2008 14:24 > To: users@SpamAssassin.apache.org; > dev@SpamAssassin.apache.org; announce@SpamAssassin.apache.org > Subject: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Apache SpamAssassin 3.2.5 is now available! This is a > maintenance release of the 3.2.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2 > 7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz > 663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip > > sha1sum of archive files: > 32b701ffc68f7975eded107c456b902bc710d8b2 > Mail-SpamAssassin-3.2.5.tar.bz2 > 14b1f6eae0221a152176f7f597f55581445e800a > Mail-SpamAssassin-3.2.5.tar.gz > b333acfdaf2289e37f72f1f1a18449645ee532d0 > Mail-SpamAssassin-3.2.5.zip > > > The release files also have a .asc file accompanying them. > The file serves as an external GPG signature for the given > release file. The signing key is available via the > wwwkeys.pgp.net key server, as well as at: > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 > 1987 265F A05B > > > 3.2.5 is a minor bug-fix release. Summary of changes: > > - bug 5775: newer gpg versions require keys to be > cross-certified (backsig). Did a cross-verify on our > sa-update public key and re-exported. (If you are already > seeing "GPG validation failed" errors from sa-update, see > http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .) > > - bug 5899: add perl version string to the storage area for > compiled rulesets, to avoid crashes when perl is upgraded > between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks > > - bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false > positives, particularly on the new-format Message-ID > generated by the Outlook Express version used in Windows XP > service pack 3 > > - bug 5730: when using Postgres >= 8.1.0 with Bayes, this > error occurs: 'WARNING: nonstandard use of \ in a string > literal at character'. fix, thanks to Tomasz Ostrowski > > - bug 5769: fix 'sa-compile: eval failed: Can't find label > NO' error, caused in rare circumstances when sa-compile > attempted to deal with rules written using 'replace_rules' features > > - bug 5858: fix circular reference memory leak caused by some messages > > - bug 5815: update 2TLD list to include .rs CCTLD > > - bug 4706: remove HG_HORMOME rules due to poor performance > > - bug 5835: typo in POD docs for SPF plugin; thanks to Benny > Pedersen for fix > > - bug 5839: a missing or failed eval rule function could > mistakenly count as a rule hit, fixed > > - trivial bugfix for the VBounce ruleset: > __BOUNCE_FROM_DAEMON incorrectly used + instead of *, so some > From addresses were not being recognised as bounce senders > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Thu Jun 12 14:33:42 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 12 14:33:53 2008 Subject: Exim bounces and MailScanner In-Reply-To: References: Message-ID: <485125B6.4010802@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Koopmann, Jan-Peter wrote: | I just noticed something for the first time. A user is sending a message | which is accepted by the inbound exim, processed by MailScanner and then | sent out by the outbound exim. This outbound exim is not able to | successfully transfer the message since the other side responds with 5xx | attachment type is not allowed. So far so good. The outbound exim now | creates a NDR. This NDR however is delivered to the user directly | without being processed through mailscanner. It all makes sense but is | there a way to force the NDRs of the outbound exim process to be | delivered through Mailscanner as well? Why you may ask? :-) Because the | admin would like to see the NDA in mailwatch as well. If that is the whole purpose I would suggest you use SEC and just filter the proper log lines for these NDR's and add the events to the MailWatch log. I do a similar thing with RBL events in postfix: http://hugo.vanderkooij.org/email/mailscanner.htm?lang=en#SEC I suppose that if you have the MSGID still available you can add the details to the outgoing message itself. Feeding NDR's through MS will just add new lines. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUSWrBvzDRVjxmYERArnPAKCd4RxGNGJTZkdUNyvdLD+jk92XewCfdcfo tFsuloyF2Myx/oZ6F/CVBsQ= =TYUd -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Jun 12 14:51:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 14:52:01 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: Message-ID: <485129EE.9080106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated my easy-to-install ClamAV + SpamAssassin package on www.mailscanner.info. Martin.Hepworth wrote: > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: jm@jmason.org [mailto:jm@jmason.org] On Behalf Of Justin Mason >> Sent: 12 June 2008 14:24 >> To: users@SpamAssassin.apache.org; >> dev@SpamAssassin.apache.org; announce@SpamAssassin.apache.org >> Subject: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Apache SpamAssassin 3.2.5 is now available! This is a >> maintenance release of the 3.2.x branch. >> >> Downloads are available from: >> http://spamassassin.apache.org/downloads.cgi >> >> The release file will also be available via CPAN in the near future. >> >> md5sum of archive files: >> 695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2 >> 7fdc1651d0371c4a7f95ac9ae6f828a6 Mail-SpamAssassin-3.2.5.tar.gz >> 663fe705e608e16fee280f7539ab9382 Mail-SpamAssassin-3.2.5.zip >> >> sha1sum of archive files: >> 32b701ffc68f7975eded107c456b902bc710d8b2 >> Mail-SpamAssassin-3.2.5.tar.bz2 >> 14b1f6eae0221a152176f7f597f55581445e800a >> Mail-SpamAssassin-3.2.5.tar.gz >> b333acfdaf2289e37f72f1f1a18449645ee532d0 >> Mail-SpamAssassin-3.2.5.zip >> >> >> The release files also have a .asc file accompanying them. >> The file serves as an external GPG signature for the given >> release file. The signing key is available via the >> wwwkeys.pgp.net key server, as well as at: >> http://spamassassin.apache.org/released/GPG-SIGNING-KEY >> >> The key information is: >> >> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key >> >> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 >> 1987 265F A05B >> >> >> 3.2.5 is a minor bug-fix release. Summary of changes: >> >> - bug 5775: newer gpg versions require keys to be >> cross-certified (backsig). Did a cross-verify on our >> sa-update public key and re-exported. (If you are already >> seeing "GPG validation failed" errors from sa-update, see >> http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .) >> >> - bug 5899: add perl version string to the storage area for >> compiled rulesets, to avoid crashes when perl is upgraded >> between major versions (e.g perl 5.8.x to 5.10.0) and the ABI breaks >> >> - bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false >> positives, particularly on the new-format Message-ID >> generated by the Outlook Express version used in Windows XP >> service pack 3 >> >> - bug 5730: when using Postgres >= 8.1.0 with Bayes, this >> error occurs: 'WARNING: nonstandard use of \ in a string >> literal at character'. fix, thanks to Tomasz Ostrowski >> >> - bug 5769: fix 'sa-compile: eval failed: Can't find label >> NO' error, caused in rare circumstances when sa-compile >> attempted to deal with rules written using 'replace_rules' features >> >> - bug 5858: fix circular reference memory leak caused by some messages >> >> - bug 5815: update 2TLD list to include .rs CCTLD >> >> - bug 4706: remove HG_HORMOME rules due to poor performance >> >> - bug 5835: typo in POD docs for SPF plugin; thanks to Benny >> Pedersen for fix >> >> - bug 5839: a missing or failed eval rule function could >> mistakenly count as a rule hit, fixed >> >> - trivial bugfix for the VBounce ruleset: >> __BOUNCE_FROM_DAEMON incorrectly used + instead of *, so some >> From addresses were not being recognised as bounce senders >> >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUSnvEfZZRxQVtlQRAvbSAJ42HnYu+yNs6FnNtqeORmgcekh+9ACfU58x 3bh4e6EUo7notoSkDfzgRrs= =FSfi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stef at aoc-uk.com Thu Jun 12 16:53:31 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jun 12 17:01:42 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: Message-ID: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> mailscanner-bounces@lists.mailscanner.info wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just updated my easy-to-install ClamAV + SpamAssassin > package on www.mailscanner.info. > It might just be me, but after upgrading, spamassassin just stopped working completely, no real problems I could see in a -D --lint either - just scored everything zero. I had to manually downgrade back to 3.2.4 to get it working again. You folks may wish to test before running ahead. Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From submit at zuka.net Thu Jun 12 17:05:15 2008 From: submit at zuka.net (Dave Filchak) Date: Thu Jun 12 17:05:32 2008 Subject: MailWatch In-Reply-To: <484FF9BD.4090203@farrows.org> References: <484FF9BD.4090203@farrows.org> Message-ID: <4851493B.3090504@zuka.net> You know .. Peter is right here ... there are better ways to direct a person with shall we say, less experience than the general population of this list than the use of sarcasm. A simple answer like "The best place to find this info is ... ". I know everyone is busy and sometimes there are a lot of questions by new users .... but everyone started somewhere .... right? I do not want (and probably won't) to start a discussion of this in any way but I see this behavior on so many lists that I thought I would just put my 2 cents in here. Dave You Peter Farrow wrote: >
Hi There, > > Since everyone else seems intent on telling you to use google, and > generally not being too kind, I thought I would help you out. > > Try this: > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation > > Its not unreasonable to start asking your question here, and there is > another list for mailwatch, and it is related to subject matter here, > > Feel free ask me off the list if you have any problems, I done quite a > few of these, > > Regards > > Pete > > dOE wrote: >> Has anyone installed MailWatch as a webUI for their MailScanner >> service? Where can I find installation documentaion for MailWatch? >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* system >> scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [0]. > > From doc at maddoc.net Thu Jun 12 17:10:36 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 17:10:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> Message-ID: <48514A7C.8060900@maddoc.net> Stef Morrell wrote: > mailscanner-bounces@lists.mailscanner.info wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just updated my easy-to-install ClamAV + SpamAssassin >> package on www.mailscanner.info. >> > > It might just be me, but after upgrading, spamassassin just stopped > working completely, no real problems I could see in a -D --lint either - > just scored everything zero. > > I had to manually downgrade back to 3.2.4 to get it working again. You > folks may wish to test before running ahead. Did you run sa-update to grab the base rules? Also sa-compile may also need to be run if you're using the compiled SA. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From johnnyb at marlboro.edu Thu Jun 12 17:15:20 2008 From: johnnyb at marlboro.edu (John Baker) Date: Thu Jun 12 17:15:46 2008 Subject: Nigerian fraud email Message-ID: <48514B98.5080204@marlboro.edu> Hi all, I've noticed a huge increase in Nigerian fraud type emails for the last moths or so. I'm using everything I can from rules emporium and well as kam and they all get some hits but nothing adds up to a "is spam" score for most of them. Would anybody have any suggestions for getting at more of these? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From rick at duvals.ca Thu Jun 12 17:26:07 2008 From: rick at duvals.ca (rick@duvals.ca) Date: Thu Jun 12 17:26:22 2008 Subject: Interfaces - off topic - sorry References: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> Message-ID: <004f01c8cca9$0463d550$6b01a8c0@csmrick> Thanks for the comeback... Whats a FOSS release? R "Imagination is more important than Knowledge" --Albert Einstein-- ----- Original Message ----- From: --[ UxBoD ]-- To: MailScanner discussion Sent: Thursday, June 12, 2008 7:45 AM Subject: Re: Interfaces - off topic - sorry http://www.zimbra.com - they provide a FOSS release. Try the demo :) I am biast though as I am a moderator ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- rick@duvals.ca wrote: > This is not a MailScanner question but since we're all involved in > providing email services I thinks its still a somewhat appropriate > place to ask... > > Any opinions on what is the best front end for end users? > > We've been running MDaemon Pro and our users are really used to that > kind of high-end interface. > > Is there a comparable beast for linux systems that's either GPL or > doesn;t cost both arms and both legs like MDaemon? > > Thanks much.... > > Rick > > > "Imagination is more important than Knowledge" --Albert Einstein-- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Accurate Anti-Spam Technologies and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/b17ff347/attachment.html From Hostmaster at computerservicecentre.com Thu Jun 12 17:28:50 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Thu Jun 12 17:29:06 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7AC5@commssrv01.computerservicecentre.com> >Hi all, > >I've noticed a huge increase in Nigerian fraud type emails for the last >moths or so. I'm using everything I can from rules emporium and well as >kam and they all get some hits but nothing adds up to a "is spam" score >for most of them. Would anybody have any suggestions for getting at more >of these? We found that RBL blocking at MTA time killed almost all of these, spamcop+njabl+zen.spamhaus (if you are not-for-profit or on a feed) does the job beautifully. Slightly O-T, you might be interested in thescambaiter.com (to whom I have no connection), where people get revenge on these 419 scammers. -- Richard All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From mkercher at nfsmith.com Thu Jun 12 17:47:10 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 17:48:25 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48514A7C.8060900@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 11:11 AM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Stef Morrell wrote: > mailscanner-bounces@lists.mailscanner.info wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just updated my easy-to-install ClamAV + SpamAssassin package >> on www.mailscanner.info. >> > > It might just be me, but after upgrading, spamassassin just stopped > working completely, no real problems I could see in a -D --lint either > - just scored everything zero. > > I had to manually downgrade back to 3.2.4 to get it working again. You > folks may wish to test before running ahead. Did you run sa-update to grab the base rules? Also sa-compile may also need to be run if you're using the compiled SA. -- -Doc Lincoln, NE. I just installed the latest Easy Install ClamAV/SA package and am now seeing this in my logs: Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm line 120. I'm reinstalling right now just to make sure something didn't get funky last time. Mike From hvdkooij at vanderkooij.org Thu Jun 12 17:58:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 12 17:58:12 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <4851559A.2010205@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Baker wrote: | Hi all, | | I've noticed a huge increase in Nigerian fraud type emails for the last | moths or so. I'm using everything I can from rules emporium and well as | kam and they all get some hits but nothing adds up to a "is spam" score | for most of them. Would anybody have any suggestions for getting at more | of these? You need to show a bit more details if you want useful suggestions. What are your values for normal and high scoring spam? How spamlike are they if you look at the bayesian scores? What other measures have you taken to stop them? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUVWOBvzDRVjxmYERAjMPAJ9QLXnwFWexd/kNDmmF9O2AKDOB2wCgiFEI 4C4ceYNzZODVVdJAHi5zlbw= =L7TK -----END PGP SIGNATURE----- From doc at maddoc.net Thu Jun 12 18:02:23 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 18:02:39 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> Message-ID: <4851569F.5090503@maddoc.net> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get funky > last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From stef at aoc-uk.com Thu Jun 12 17:44:26 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jun 12 18:02:53 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> Message-ID: <200806121702.m5CH2jh2029736@safir.blacknight.ie> doc@maddoc.net wrote: > Did you run sa-update to grab the base rules? Also sa-compile > may also need to be run if you're using the compiled SA. Oh... now then... hmmm.. I know I did run sa-update for SARE and sought.cf - and I did sa-compile. And it turns out I didn't do the main ruleset - what a muppet. Many thanks for the brain assist. It's clearly too hot in here and I should repair to the nearest hostelry for some suitably soothing libation. Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From mkercher at nfsmith.com Thu Jun 12 18:08:10 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 18:08:47 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <4851569F.5090503@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BC4@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 12:02 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint >> either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. >> You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST > at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get > funky last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- Roger that...downloading. Thanks! From campbell at cnpapers.com Thu Jun 12 18:14:15 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 12 18:14:32 2008 Subject: MailWatch In-Reply-To: <4851493B.3090504@zuka.net> References: <484FF9BD.4090203@farrows.org> <4851493B.3090504@zuka.net> Message-ID: <48515967.10406@cnpapers.com> I always thought it was funny that people would bluntly tell you to look in the archives instead of just pointing you there or telling you the answer. So when you went and searched the archives, all you ever found was 30 or so "Search the archives" responses and maybe one real answer. Steve Campbell >> From campbell at cnpapers.com Thu Jun 12 18:16:13 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 12 18:16:32 2008 Subject: Nigerian fraud email In-Reply-To: <48514B98.5080204@marlboro.edu> References: <48514B98.5080204@marlboro.edu> Message-ID: <485159DD.6080903@cnpapers.com> Is re-evaluating your score thresholds out of line? Steve Campbell John Baker wrote: > Hi all, > > I've noticed a huge increase in Nigerian fraud type emails for the > last moths or so. I'm using everything I can from rules emporium and > well as kam and they all get some hits but nothing adds up to a "is > spam" score for most of them. Would anybody have any suggestions for > getting at more of these? > > Thanks From mkercher at nfsmith.com Thu Jun 12 18:25:11 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 12 18:25:44 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <4851569F.5090503@maddoc.net> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, June 12, 2008 12:02 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 11:11 AM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Stef Morrell wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>> on www.mailscanner.info. >>> >> It might just be me, but after upgrading, spamassassin just stopped >> working completely, no real problems I could see in a -D --lint >> either > >> - just scored everything zero. >> >> I had to manually downgrade back to 3.2.4 to get it working again. >> You > >> folks may wish to test before running ahead. > > Did you run sa-update to grab the base rules? Also sa-compile may also > need to be run if you're using the compiled SA. > > -- > -Doc > Lincoln, NE. > > > I just installed the latest Easy Install ClamAV/SA package and am now > seeing this in my logs: > > Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker > failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST > at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 120. > > I'm reinstalling right now just to make sure something didn't get > funky last time. > > Mike > Those would be errors coming from clamavmodule due to an older version of MailScanner. You'll need to update to at least 4.70.x I believe. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- I just remembered that 4.70 is still beta and I'd prefer NOT to run that in production yet. I'll go downgrade my Mail-ClamAV for now. Mike From doc at maddoc.net Thu Jun 12 18:37:42 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 18:38:00 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> Message-ID: <48515EE6.3090802@maddoc.net> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, June 12, 2008 12:02 PM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available > > Mike Kercher wrote: >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >> Schneider >> Sent: Thursday, June 12, 2008 11:11 AM >> To: MailScanner discussion >> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Stef Morrell wrote: >>> mailscanner-bounces@lists.mailscanner.info wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> I have just updated my easy-to-install ClamAV + SpamAssassin package > >>>> on www.mailscanner.info. >>>> >>> It might just be me, but after upgrading, spamassassin just stopped >>> working completely, no real problems I could see in a -D --lint >>> either >>> - just scored everything zero. >>> >>> I had to manually downgrade back to 3.2.4 to get it working again. >>> You >>> folks may wish to test before running ahead. >> Did you run sa-update to grab the base rules? Also sa-compile may also > >> need to be run if you're using the compiled SA. >> >> -- >> -Doc >> Lincoln, NE. >> >> >> I just installed the latest Easy Install ClamAV/SA package and am now >> seeing this in my logs: >> >> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >> at >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >> line 120. >> >> I'm reinstalling right now just to make sure something didn't get >> funky last time. >> >> Mike >> > > Those would be errors coming from clamavmodule due to an older version > of MailScanner. You'll need to update to at least 4.70.x I believe. > > > -- > -Doc > Lincoln, NE. > http://www.fsl.com/ > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > > I just remembered that 4.70 is still beta and I'd prefer NOT to run that > in production yet. I'll go downgrade my Mail-ClamAV for now. > > Mike You'll also need to downgrade clamav or you can go to using clamd which works--until Jules releases a new version that supports the newest Mail::ClamAV. See the wiki for details on making that work. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jodedor at gmail.com Thu Jun 12 18:41:06 2008 From: jodedor at gmail.com (David Guillermo) Date: Thu Jun 12 18:41:18 2008 Subject: is too big for spam checks Message-ID: Hellow List. im a user dummie whitch MailScanner and have this problem, my conf is: Max SpamAssassin Size = 5000000 Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks (3017954 > 150000 bytes) Thanks. -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From MailScanner at ecs.soton.ac.uk Thu Jun 12 18:56:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 18:56:32 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> Message-ID: <48516337.2020203@ecs.soton.ac.uk> Doc Schneider wrote: > Mike Kercher wrote: > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >> Schneider >> Sent: Thursday, June 12, 2008 12:02 PM >> To: MailScanner discussion >> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >> >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 11:11 AM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>> >>> Stef Morrell wrote: >>> >>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>>>> >>>>> on www.mailscanner.info. >>>>> >>>>> >>>> It might just be me, but after upgrading, spamassassin just stopped >>>> working completely, no real problems I could see in a -D --lint >>>> either >>>> - just scored everything zero. >>>> >>>> I had to manually downgrade back to 3.2.4 to get it working again. >>>> You >>>> folks may wish to test before running ahead. >>>> >>> Did you run sa-update to grab the base rules? Also sa-compile may also >>> >>> need to be run if you're using the compiled SA. >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> >>> >>> I just installed the latest Easy Install ClamAV/SA package and am now >>> seeing this in my logs: >>> >>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >>> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >>> at >>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>> line 120. >>> >>> I'm reinstalling right now just to make sure something didn't get >>> funky last time. >>> >>> Mike >>> >>> >> Those would be errors coming from clamavmodule due to an older version >> of MailScanner. You'll need to update to at least 4.70.x I believe. >> >> >> -- >> -Doc >> Lincoln, NE. >> http://www.fsl.com/ >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> -- >> >> I just remembered that 4.70 is still beta and I'd prefer NOT to run that >> in production yet. I'll go downgrade my Mail-ClamAV for now. >> >> Mike >> > > You'll also need to downgrade clamav or you can go to using clamd which > works--until Jules releases a new version that supports the newest > Mail::ClamAV. See the wiki for details on making that work. > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? I've been holding off from a stable release waiting for F-Secure 7.0.1 keys, but they haven't appeared so I think I'll just put out a stable release now unless anyone has any strong objections. Speak now or forever hold thy pieces. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jun 12 18:58:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 18:59:12 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: <485163DE.4030102@ecs.soton.ac.uk> David Guillermo wrote: > Hellow List. > > im a user dummie whitch MailScanner and have this problem, my conf is: > > Max SpamAssassin Size = 5000000 > > > Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 > from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks > (3017954 > 150000 bytes) You have set the Max *SpamAssassin* Size, while the error is about the Max *Spam Check* Size. You need to set that too. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Thu Jun 12 19:01:13 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 12 19:01:29 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <48516469.2040209@maddoc.net> Julian Field wrote: > > > Doc Schneider wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 12:02 PM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>> >>> Mike Kercher wrote: >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >>>> Schneider >>>> Sent: Thursday, June 12, 2008 11:11 AM >>>> To: MailScanner discussion >>>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available >>>> >>>> Stef Morrell wrote: >>>> >>>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> I have just updated my easy-to-install ClamAV + SpamAssassin package >>>>>> on www.mailscanner.info. >>>>>> >>>>>> >>>>> It might just be me, but after upgrading, spamassassin just stopped >>>>> working completely, no real problems I could see in a -D --lint either >>>>> - just scored everything zero. >>>>> >>>>> I had to manually downgrade back to 3.2.4 to get it working again. You >>>>> folks may wish to test before running ahead. >>>>> >>>> Did you run sa-update to grab the base rules? Also sa-compile may also >>>> need to be run if you're using the compiled SA. >>>> >>>> -- >>>> -Doc >>>> Lincoln, NE. >>>> >>>> >>>> I just installed the latest Easy Install ClamAV/SA package and am >>>> now seeing this in my logs: >>>> >>>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial virus checker >>>> failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST >>>> at >>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>>> line 120. >>>> I'm reinstalling right now just to make sure something didn't get >>>> funky last time. >>>> >>>> Mike >>>> >>>> >>> Those would be errors coming from clamavmodule due to an older version >>> of MailScanner. You'll need to update to at least 4.70.x I believe. >>> >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> http://www.fsl.com/ >>> http://www.genealogyforyou.com/ >>> http://www.cairnproductions.com/ >>> >>> -- >>> >>> I just remembered that 4.70 is still beta and I'd prefer NOT to run that >>> in production yet. I'll go downgrade my Mail-ClamAV for now. >>> >>> Mike >>> >> >> You'll also need to downgrade clamav or you can go to using clamd which >> works--until Jules releases a new version that supports the newest >> Mail::ClamAV. See the wiki for details on making that work. >> > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? > I've been holding off from a stable release waiting for F-Secure 7.0.1 > keys, but they haven't appeared so I think I'll just put out a stable > release now unless anyone has any strong objections. Speak now or > forever hold thy pieces. > > Jules > I've been using 4.70.5 since the day you added it without any problems. So +1 on releasing the hounds! 8*) -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From rob at robhq.com Thu Jun 12 19:03:34 2008 From: rob at robhq.com (Rob Freeman) Date: Thu Jun 12 19:03:50 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: You need to change this in the MailScanner.conf file: # Spammers do not have the power to send out huge messages to everyone as # it costs them too much (more smaller messages makes more profit than less # very large messages). So if a message is bigger than a certain size, it # is highly unlikely to be spam. Limiting this saves a lot of time checking # huge messages. # This can also be the filename of a ruleset. Max Spam Check Size = 150000 On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: > Hellow List. > > im a user dummie whitch MailScanner and have this problem, my conf is: > > Max SpamAssassin Size = 5000000 > > > Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 > from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks > (3017954 > 150000 bytes) > > > Thanks. > > -- > -:- j0d3 > David Guillermo Rodriguez > Debian Unstable/Sid GNU/Linux > e-mail: davocasc98@gmail.com > http://j0d3.blogspot.com > Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ > Kernel: 2.6.24.2 > Linux user #408522 > -:- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/8317e44a/attachment.html From ssilva at sgvwater.com Thu Jun 12 20:01:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 20:01:46 2008 Subject: Interfaces - off topic - sorry In-Reply-To: <004f01c8cca9$0463d550$6b01a8c0@csmrick> References: <6412527.15571213271143416.JavaMail.root@office.splatnix.net> <004f01c8cca9$0463d550$6b01a8c0@csmrick> Message-ID: on 6-12-2008 9:26 AM rick@duvals.ca spake the following: > Thanks for the comeback... Whats a FOSS release? > Free and Open Source Software. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/c138d8b2/signature.bin From martinh at solidstatelogic.com Thu Jun 12 20:25:17 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 12 20:25:27 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: On Thu, 12 Jun 2008 18:56:07 +0100 Julian Field wrote: > > > Doc Schneider wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>Behalf Of Doc >>> Schneider >>> Sent: Thursday, June 12, 2008 12:02 PM >>> To: MailScanner discussion >>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 >>>available >>> >>> Mike Kercher wrote: >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>>Behalf Of Doc >>>> Schneider >>>> Sent: Thursday, June 12, 2008 11:11 AM >>>> To: MailScanner discussion >>>> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 >>>>available >>>> >>>> Stef Morrell wrote: >>>> >>>>> mailscanner-bounces@lists.mailscanner.info wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> I have just updated my easy-to-install ClamAV + >>>>>>SpamAssassin package >>>>>> >>>>>> on www.mailscanner.info. >>>>>> >>>>>> >>>>> It might just be me, but after upgrading, spamassassin >>>>>just stopped >>>>> working completely, no real problems I could see in a -D >>>>>--lint >>>>> either >>>>> - just scored everything zero. >>>>> >>>>> I had to manually downgrade back to 3.2.4 to get it >>>>>working again. >>>>> You >>>>> folks may wish to test before running ahead. >>>>> >>>> Did you run sa-update to grab the base rules? Also >>>>sa-compile may also >>>> >>>> need to be run if you're using the compiled SA. >>>> >>>> -- >>>> -Doc >>>> Lincoln, NE. >>>> >>>> >>>> I just installed the latest Easy Install ClamAV/SA >>>>package and am now >>>> seeing this in my logs: >>>> >>>> Jun 12 11:45:18 HOUPMS01 MailScanner[9616]: Commercial >>>>virus checker >>>> failed with real error: Invalid function >>>>CL_SCAN_PHISHING_DOMAINLIST >>>> at >>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm >>>> line 120. >>>> >>>> I'm reinstalling right now just to make sure something >>>>didn't get >>>> funky last time. >>>> >>>> Mike >>>> >>>> >>> Those would be errors coming from clamavmodule due to an >>>older version >>> of MailScanner. You'll need to update to at least 4.70.x >>>I believe. >>> >>> >>> -- >>> -Doc >>> Lincoln, NE. >>> http://www.fsl.com/ >>> http://www.genealogyforyou.com/ >>> http://www.cairnproductions.com/ >>> >>> -- >>> >>> I just remembered that 4.70 is still beta and I'd prefer >>>NOT to run that >>> in production yet. I'll go downgrade my Mail-ClamAV for >>>now. >>> >>> Mike >>> >> >> You'll also need to downgrade clamav or you can go to >>using clamd which >> works--until Jules releases a new version that supports >>the newest >> Mail::ClamAV. See the wiki for details on making that >>work. >> > 4.70.5 should support the newest Mail::ClamAV. It does, >doesn't it? > I've been holding off from a stable release waiting for >F-Secure 7.0.1 keys, but they haven't appeared so I think >I'll just put out a stable release now unless anyone has >any strong objections. Speak now or forever hold thy >pieces. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info we had someone on the IRC channel informing of problems with the watermark stuff (still) on 40.70.5 we asked them to post here, but I've not seem anything so far. Might want the 4.70.5 to live a beta for a few more days yet. -- martin ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From donnieq at quindardonet.net Thu Jun 12 20:27:30 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Thu Jun 12 20:27:39 2008 Subject: Watermark and User Notification Message-ID: <485178A2.2050606@quindardonet.net> Hello, I have MS 4.70.5 in a test lab right now and I was not able to find that the notices to users (when an attachment is blocked) were being passed as non-spam. Is anyone else able to notice this? Will there be a fix? Don Q. From ssilva at sgvwater.com Thu Jun 12 20:49:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 20:50:28 2008 Subject: Watermark and User Notification In-Reply-To: <485178A2.2050606@quindardonet.net> References: <485178A2.2050606@quindardonet.net> Message-ID: on 6-12-2008 12:27 PM Donnie D. Quindardo spake the following: > Hello, > > I have MS 4.70.5 in a test lab right now and I was not able to find that > the notices to users (when an attachment is blocked) were being passed > as non-spam. Is anyone else able to notice this? Will there be a fix? > > > Don Q. Please give a little more detail. Maybe an example. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/4e036d73/signature.bin From donnieq at quindardonet.net Thu Jun 12 20:58:41 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Thu Jun 12 20:58:51 2008 Subject: Watermark and User Notification In-Reply-To: <485178A2.2050606@quindardonet.net> References: <485178A2.2050606@quindardonet.net> Message-ID: <48517FF1.5060801@quindardonet.net> - Configure MailScanner to notify users that their attachments have been blocked. - Configure MailScanner to use Watermarks and note that messages that have no sender and no watermark are spam. - Send an e-mail through MailScanner with an attachment that is banned, perhaps "test.com". - Look in the spam quarantine of MailScanner, the notification e-mail that is sent to the user is there. That's because it is sent with an envelope address of <> and does not get a MailScanner Signature beforehand. From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:10:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:10:56 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> Message-ID: <485182BF.6030706@ecs.soton.ac.uk> Donnie D. Quindardo wrote: > - Configure MailScanner to notify users that their attachments have > been blocked. > > - Configure MailScanner to use Watermarks and note that messages that > have no sender and no watermark are spam. > > - Send an e-mail through MailScanner with an attachment that is > banned, perhaps "test.com". > > - Look in the spam quarantine of MailScanner, the notification e-mail > that is sent to the user is there. That's because it is sent with an > envelope address of <> and does not get a MailScanner Signature > beforehand. In which case you just need to use a ruleset to exempt mail from 127.0.0.1 from watermarking checks. Should I do this automatically in the code, or are there situations in which this isn't the desired behaviour? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 21:20:17 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 21:20:48 2008 Subject: Watermark and User Notification In-Reply-To: <485182BF.6030706@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:10 PM Julian Field spake the following: > > > Donnie D. Quindardo wrote: >> - Configure MailScanner to notify users that their attachments have >> been blocked. >> >> - Configure MailScanner to use Watermarks and note that messages that >> have no sender and no watermark are spam. >> >> - Send an e-mail through MailScanner with an attachment that is >> banned, perhaps "test.com". >> >> - Look in the spam quarantine of MailScanner, the notification e-mail >> that is sent to the user is there. That's because it is sent with an >> envelope address of <> and does not get a MailScanner Signature >> beforehand. > In which case you just need to use a ruleset to exempt mail from > 127.0.0.1 from watermarking checks. Should I do this automatically in > the code, or are there situations in which this isn't the desired > behaviour? > > Jules > Does a ruleset on scan messages also cover this, or is watermarking outside that catch-all? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/2a3d6a2b/signature.bin From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:26:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:27:12 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> Message-ID: <4851868E.5070900@ecs.soton.ac.uk> Scott Silva wrote: > on 6-12-2008 1:10 PM Julian Field spake the following: >> >> >> Donnie D. Quindardo wrote: >>> - Configure MailScanner to notify users that their attachments have >>> been blocked. >>> >>> - Configure MailScanner to use Watermarks and note that messages >>> that have no sender and no watermark are spam. >>> >>> - Send an e-mail through MailScanner with an attachment that is >>> banned, perhaps "test.com". >>> >>> - Look in the spam quarantine of MailScanner, the notification >>> e-mail that is sent to the user is there. That's because it is sent >>> with an envelope address of <> and does not get a MailScanner >>> Signature beforehand. >> In which case you just need to use a ruleset to exempt mail from >> 127.0.0.1 from watermarking checks. Should I do this automatically in >> the code, or are there situations in which this isn't the desired >> behaviour? >> >> Jules >> > Does a ruleset on scan messages also cover this, or is watermarking > outside that catch-all? You don't need to do anything that radical, you just need a ruleset on the option that controls the checking of watermarks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 21:38:12 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 21:38:46 2008 Subject: Watermark and User Notification In-Reply-To: <4851868E.5070900@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:26 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-12-2008 1:10 PM Julian Field spake the following: >>> >>> >>> Donnie D. Quindardo wrote: >>>> - Configure MailScanner to notify users that their attachments have >>>> been blocked. >>>> >>>> - Configure MailScanner to use Watermarks and note that messages >>>> that have no sender and no watermark are spam. >>>> >>>> - Send an e-mail through MailScanner with an attachment that is >>>> banned, perhaps "test.com". >>>> >>>> - Look in the spam quarantine of MailScanner, the notification >>>> e-mail that is sent to the user is there. That's because it is sent >>>> with an envelope address of <> and does not get a MailScanner >>>> Signature beforehand. >>> In which case you just need to use a ruleset to exempt mail from >>> 127.0.0.1 from watermarking checks. Should I do this automatically in >>> the code, or are there situations in which this isn't the desired >>> behaviour? >>> >>> Jules >>> >> Does a ruleset on scan messages also cover this, or is watermarking >> outside that catch-all? > You don't need to do anything that radical, you just need a ruleset on > the option that controls the checking of watermarks. > > Jules > Let me re-phrase this... If you already have a rule in scan messages for mailwatch releases, will it also cover the watermark code? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/24f139ce/signature.bin From MailScanner at ecs.soton.ac.uk Thu Jun 12 21:44:24 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 12 21:44:43 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> Message-ID: <48518AA8.1070106@ecs.soton.ac.uk> Scott Silva wrote: > on 6-12-2008 1:26 PM Julian Field spake the following: >> >> >> Scott Silva wrote: >>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>> >>>> >>>> Donnie D. Quindardo wrote: >>>>> - Configure MailScanner to notify users that their attachments >>>>> have been blocked. >>>>> >>>>> - Configure MailScanner to use Watermarks and note that messages >>>>> that have no sender and no watermark are spam. >>>>> >>>>> - Send an e-mail through MailScanner with an attachment that is >>>>> banned, perhaps "test.com". >>>>> >>>>> - Look in the spam quarantine of MailScanner, the notification >>>>> e-mail that is sent to the user is there. That's because it is >>>>> sent with an envelope address of <> and does not get a MailScanner >>>>> Signature beforehand. >>>> In which case you just need to use a ruleset to exempt mail from >>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>> in the code, or are there situations in which this isn't the >>>> desired behaviour? >>>> >>>> Jules >>>> >>> Does a ruleset on scan messages also cover this, or is watermarking >>> outside that catch-all? >> You don't need to do anything that radical, you just need a ruleset >> on the option that controls the checking of watermarks. >> >> Jules >> > Let me re-phrase this... If you already have a rule in scan messages > for mailwatch releases, will it also cover the watermark code? If the rule is on "Scan Messages" then yes, it will cover everything. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 12 23:02:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 12 23:03:42 2008 Subject: Watermark and User Notification In-Reply-To: <48518AA8.1070106@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> Message-ID: on 6-12-2008 1:44 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 6-12-2008 1:26 PM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>> >>>>> >>>>> Donnie D. Quindardo wrote: >>>>>> - Configure MailScanner to notify users that their attachments >>>>>> have been blocked. >>>>>> >>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>> that have no sender and no watermark are spam. >>>>>> >>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>> banned, perhaps "test.com". >>>>>> >>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>> e-mail that is sent to the user is there. That's because it is >>>>>> sent with an envelope address of <> and does not get a MailScanner >>>>>> Signature beforehand. >>>>> In which case you just need to use a ruleset to exempt mail from >>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>> in the code, or are there situations in which this isn't the >>>>> desired behaviour? >>>>> >>>>> Jules >>>>> >>>> Does a ruleset on scan messages also cover this, or is watermarking >>>> outside that catch-all? >>> You don't need to do anything that radical, you just need a ruleset >>> on the option that controls the checking of watermarks. >>> >>> Jules >>> >> Let me re-phrase this... If you already have a rule in scan messages >> for mailwatch releases, will it also cover the watermark code? > If the rule is on "Scan Messages" then yes, it will cover everything. > > Jules > Thanks Jules! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080612/0798bcf0/signature.bin From mi6 at orcon.net.nz Fri Jun 13 02:44:45 2008 From: mi6 at orcon.net.nz (Charlie) Date: Fri Jun 13 02:44:51 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Hi, I run an email server (Exim) which uses Mailscanner in combination with ClamAV and SpamAssassin. The server scans about 15,000 emails per day. SpamAssassin currently seems to take 5-10 seconds to scan even the smallest email, which is unacceptable for us. I was wondering if anyone had either any tips on reducing the amount of time taken to scan an email for spam using SpamAssassin to 'well under one second', or if anyone can recommend a good, not too expensive, commercial alternative to SpamAssassin. Thank you! Charlie From ecasarero at gmail.com Fri Jun 13 02:52:10 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Jun 13 02:52:19 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> References: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Message-ID: <7d9b3cf20806121852y7b58cf1cxcf41af553969e3cf@mail.gmail.com> do you use clamd? tmpfs for working directory? 2008/6/12 Charlie : > Hi, > I run an email server (Exim) which uses Mailscanner in combination with > ClamAV and SpamAssassin. The server scans about 15,000 emails per day. > SpamAssassin currently seems to take 5-10 seconds to scan even the smallest > email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount of time > taken to scan an email for spam using SpamAssassin to 'well under one > second', or if anyone can recommend a good, not too expensive, commercial > alternative to SpamAssassin. > > Thank you! > Charlie > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From donnieq at quindardonet.net Fri Jun 13 05:42:32 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 05:42:43 2008 Subject: Watermark and User Notification In-Reply-To: <48518AA8.1070106@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> Message-ID: <4851FAB8.7070101@quindardonet.net> Unfortunately, this is not working. /etc/MailScanner/MailScanner.conf: Scan Messages = %rules-dir%/scan.rules /etc/MailScanner/rules/scan.rules: From: 127.0.0.1/32 no FromOrTo: default yes The notification message sent by "Notify Senders" if their attachments are blocked is still being flagged as spam. Please advise, Don Q. Julian Field wrote: > > > Scott Silva wrote: >> on 6-12-2008 1:26 PM Julian Field spake the following: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>> >>>>> >>>>> Donnie D. Quindardo wrote: >>>>>> - Configure MailScanner to notify users that their attachments >>>>>> have been blocked. >>>>>> >>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>> that have no sender and no watermark are spam. >>>>>> >>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>> banned, perhaps "test.com". >>>>>> >>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>> e-mail that is sent to the user is there. That's because it is >>>>>> sent with an envelope address of <> and does not get a MailScanner >>>>>> Signature beforehand. >>>>> In which case you just need to use a ruleset to exempt mail from >>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>> in the code, or are there situations in which this isn't the >>>>> desired behaviour? >>>>> >>>>> Jules >>>>> >>>> Does a ruleset on scan messages also cover this, or is watermarking >>>> outside that catch-all? >>> You don't need to do anything that radical, you just need a ruleset >>> on the option that controls the checking of watermarks. >>> >>> Jules >>> >> Let me re-phrase this... If you already have a rule in scan messages >> for mailwatch releases, will it also cover the watermark code? > If the rule is on "Scan Messages" then yes, it will cover everything. > > Jules > From donnieq at quindardonet.net Fri Jun 13 06:19:19 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 06:19:28 2008 Subject: Watermark and User Notification In-Reply-To: <4851FAB8.7070101@quindardonet.net> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> Message-ID: <48520357.2070909@quindardonet.net> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark or sender address Hmmm. :-) Donnie D. Quindardo wrote: > Unfortunately, this is not working. > > /etc/MailScanner/MailScanner.conf: > > Scan Messages = %rules-dir%/scan.rules > > /etc/MailScanner/rules/scan.rules: > > From: 127.0.0.1/32 no > FromOrTo: default yes > > The notification message sent by "Notify Senders" if their attachments > are blocked is still being flagged as spam. > > Please advise, > > Don Q. > > > Julian Field wrote: >> >> >> Scott Silva wrote: >>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>> >>>> >>>> Scott Silva wrote: >>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>> >>>>>> >>>>>> Donnie D. Quindardo wrote: >>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>> have been blocked. >>>>>>> >>>>>>> - Configure MailScanner to use Watermarks and note that messages >>>>>>> that have no sender and no watermark are spam. >>>>>>> >>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>> banned, perhaps "test.com". >>>>>>> >>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>> sent with an envelope address of <> and does not get a >>>>>>> MailScanner Signature beforehand. >>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>> 127.0.0.1 from watermarking checks. Should I do this automatically >>>>>> in the code, or are there situations in which this isn't the >>>>>> desired behaviour? >>>>>> >>>>>> Jules >>>>>> >>>>> Does a ruleset on scan messages also cover this, or is watermarking >>>>> outside that catch-all? >>>> You don't need to do anything that radical, you just need a ruleset >>>> on the option that controls the checking of watermarks. >>>> >>>> Jules >>>> >>> Let me re-phrase this... If you already have a rule in scan messages >>> for mailwatch releases, will it also cover the watermark code? >> If the rule is on "Scan Messages" then yes, it will cover everything. >> >> Jules >> > From jodedor at gmail.com Fri Jun 13 07:26:55 2008 From: jodedor at gmail.com (David Guillermo) Date: Fri Jun 13 07:27:05 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: Hi. Rob Freeman and Julian Field thanks, that option not in my MailScanner.conf why not change it, thanks again 2008/6/12 Rob Freeman : > You need to change this in the MailScanner.conf file: > > # Spammers do not have the power to send out huge messages to everyone as > # it costs them too much (more smaller messages makes more profit than less > > # very large messages). So if a message is bigger than a certain size, it > # is highly unlikely to be spam. Limiting this saves a lot of time checking > # huge messages. > # This can also be the filename of a ruleset. > > Max Spam Check Size = 150000 > > On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: >> >> Hellow List. >> >> im a user dummie whitch MailScanner and have this problem, my conf is: >> >> Max SpamAssassin Size = 5000000 >> >> >> Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 >> from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks >> (3017954 > 150000 bytes) >> >> >> Thanks. >> >> -- >> -:- j0d3 >> David Guillermo Rodriguez >> Debian Unstable/Sid GNU/Linux >> e-mail: davocasc98@gmail.com >> http://j0d3.blogspot.com >> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >> Kernel: 2.6.24.2 >> Linux user #408522 >> -:- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From jan-peter at koopmann.eu Fri Jun 13 07:28:22 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Jun 13 07:29:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: References: Message-ID: >I run an email server (Exim) which uses Mailscanner in combination with >ClamAV and SpamAssassin. The server scans about 15,000 emails per day. >SpamAssassin currently seems to take 5-10 seconds to scan even the smallest >email, which is unacceptable for us. May I ask why? Is it because your mail system is getting into load trouble? Or is the delay itself on legit mail the problem? I would like to know how an additional 5-10 seconds on an async communication medium like e-mail that was never designed for real-time in the first place could be a problem. If it is a load problem you should try to reduce the amount of mail reaching SpamAssassin in the first place. RBLs come to mind. Or (since you asked for a commercial solution) have a look at BarricadeMX from FSL. BMX will greatly reduce the amount of mail reaching your MTA. Yet on the other hand, if the 15.000 mails a day that your server scans are mostly ham, this will not help. So please enlarge a bit on the problem itself. Regards, JP From mi6 at orcon.net.nz Fri Jun 13 08:12:09 2008 From: mi6 at orcon.net.nz (Charlie) Date: Fri Jun 13 08:12:16 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> >>I run an email server (Exim) which uses Mailscanner in combination with >>ClamAV and SpamAssassin. The server scans about 15,000 emails per day. >>SpamAssassin currently seems to take 5-10 seconds to scan even the smallest >>email, which is unacceptable for us. >May I ask why? Is it because your mail system is getting into load >trouble? Or is the delay itself on legit mail the problem? I would like >to know how an additional 5-10 seconds on an async communication medium >like e-mail that was never designed for real-time in the first place >could be a problem. It is not really a problem except during peak hours, where there can be numerous emails sent every 1-2 seconds. These emails then pile up on eachother, and eventually cause the mail queue to grow very long, with emails taking 8-15 *minutes* to actually leave the queue. It is then a very serious problem. >If it is a load problem you should try to reduce the amount of mail >reaching SpamAssassin in the first place. RBLs come to mind. Or (since >you asked for a commercial solution) have a look at BarricadeMX from >FSL. BMX will greatly reduce the amount of mail reaching your MTA. Our userbase means that over 99% of emails sent through the server are *not* spam, so any limiting of the emails reaching the MTA would not help. >Yet on the other hand, if the 15.000 mails a day that your server scans >are mostly ham, this will not help. So please enlarge a bit on the >problem itself. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080613/4f8fd6e3/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:53:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:54:08 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: References: Message-ID: <4852278E.6070804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My advice would be to run MailScanner --debug --debug-sa as that will print out all the progress of SpamAssassin, including a timestamp at the start of each line so you can see where the holdups are. If you do that, and then show us where the holdups are, we may be able to help you some more... Jules. Charlie wrote: > Hi, > I run an email server (Exim) which uses Mailscanner in combination > with ClamAV and SpamAssassin. The server scans about 15,000 emails per > day. SpamAssassin currently seems to take 5-10 seconds to scan even > the smallest email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount > of time taken to scan an email for spam using SpamAssassin to 'well > under one second', or if anyone can recommend a good, not too > expensive, commercial alternative to SpamAssassin. > > Thank you! > Charlie Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUiePEfZZRxQVtlQRAq7mAJoCd2VZa/9WZCr9b5vJMl0LJuhlEgCdFKCp 8pKvx/3RVDAyLnkOL/u9sOo= =vtb1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:55:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:56:09 2008 Subject: is too big for spam checks In-Reply-To: References: Message-ID: <48522802.5000205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Guillermo wrote: > Hi. Rob Freeman and Julian Field thanks, that option not in my > MailScanner.conf why not change it, thanks again > It certainly should be there. Can you run upgrade_MailScanner_conf, read everything it prints out, then run it according to the instructions it gives you. That should get your MailScanner.conf file up to date. > > 2008/6/12 Rob Freeman : > >> You need to change this in the MailScanner.conf file: >> >> # Spammers do not have the power to send out huge messages to everyone as >> # it costs them too much (more smaller messages makes more profit than less >> >> # very large messages). So if a message is bigger than a certain size, it >> # is highly unlikely to be spam. Limiting this saves a lot of time checking >> # huge messages. >> # This can also be the filename of a ruleset. >> >> Max Spam Check Size = 150000 >> >> On Thu, Jun 12, 2008 at 12:41 PM, David Guillermo wrote: >> >>> Hellow List. >>> >>> im a user dummie whitch MailScanner and have this problem, my conf is: >>> >>> Max SpamAssassin Size = 5000000 >>> >>> >>> Jun 12 19:31:44 servidor1 MailScanner[11185]: Message m5CHVVhY011359 >>> from 209.85.132.240 (xxxx@xxxx) to mydomain is too big for spam checks >>> (3017954 > 150000 bytes) >>> >>> >>> Thanks. >>> >>> -- >>> -:- j0d3 >>> David Guillermo Rodriguez >>> Debian Unstable/Sid GNU/Linux >>> e-mail: davocasc98@gmail.com >>> http://j0d3.blogspot.com >>> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >>> Kernel: 2.6.24.2 >>> Linux user #408522 >>> -:- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUigDEfZZRxQVtlQRAguAAJ9CQ50DS81cPkcK3W7meE34ZSy+xQCcCfd4 IP2I6BitZXYp2FZD4fhSEUs= =JwJr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 13 08:57:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 08:58:16 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> Message-ID: <48522881.20002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It puts in 0.0.0.0 if there was no IP address present at all. Maybe I should change that to 127.0.0.1? What does anyone think of that change? Currently, you need to change your "From" line to From: 0.0.0.0 no FromOrTo: default yes Donnie D. Quindardo wrote: > Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark > or sender address > > Hmmm. :-) > > Donnie D. Quindardo wrote: >> Unfortunately, this is not working. >> >> /etc/MailScanner/MailScanner.conf: >> >> Scan Messages = %rules-dir%/scan.rules >> >> /etc/MailScanner/rules/scan.rules: >> >> From: 127.0.0.1/32 no >> FromOrTo: default yes >> >> The notification message sent by "Notify Senders" if their >> attachments are blocked is still being flagged as spam. >> >> Please advise, >> >> Don Q. >> >> >> Julian Field wrote: >>> >>> >>> Scott Silva wrote: >>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>> >>>>> >>>>> Scott Silva wrote: >>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>> >>>>>>> >>>>>>> Donnie D. Quindardo wrote: >>>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>>> have been blocked. >>>>>>>> >>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>> >>>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>>> banned, perhaps "test.com". >>>>>>>> >>>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>>> sent with an envelope address of <> and does not get a >>>>>>>> MailScanner Signature beforehand. >>>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>>> 127.0.0.1 from watermarking checks. Should I do this >>>>>>> automatically in the code, or are there situations in which this >>>>>>> isn't the desired behaviour? >>>>>>> >>>>>>> Jules >>>>>>> >>>>>> Does a ruleset on scan messages also cover this, or is >>>>>> watermarking outside that catch-all? >>>>> You don't need to do anything that radical, you just need a >>>>> ruleset on the option that controls the checking of watermarks. >>>>> >>>>> Jules >>>>> >>>> Let me re-phrase this... If you already have a rule in scan >>>> messages for mailwatch releases, will it also cover the watermark >>>> code? >>> If the rule is on "Scan Messages" then yes, it will cover everything. >>> >>> Jules >>> >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu 0NGxjdrsTHySaDvXDtw/6Kk= =3bx5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Fri Jun 13 09:26:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 13 09:26:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <4852278E.6070804@ecs.soton.ac.uk> References: <4852278E.6070804@ecs.soton.ac.uk> Message-ID: <48522F1D.5070701@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | My advice would be to run | MailScanner --debug --debug-sa | as that will print out all the progress of SpamAssassin, including a | timestamp at the start of each line so you can see where the holdups are. | If you do that, and then show us where the holdups are, we may be able | to help you some more. DNS checks inside SA could be a real killer. Disable them and see what happens. A good DNS forwarder on your machine will also improve things. On the other hand you may have CPU and RAM to spare. In which case you may add one or two more children to MS and see what happens. But the bottom line is that email is a message forwarding protocol. It may take several hops to delive the message. And 8 to 10 minutes is not bad if you happen to have lived on the edge of a UUCP cloud. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUi8cBvzDRVjxmYERAqPJAJ433+vq3pqJKsrWFRQnwR/BJoWY+QCfY695 +M4P/mz8G3tT/6GsrqfSrhg= =yQJn -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Fri Jun 13 09:34:43 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 13 09:34:54 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> Message-ID: <9b0c696796158646b876a62ba56d03b3@solidstatelogic.com> Charlie http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips And http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin Also check you've got the spamassassin cache working OK - you'll Need the perl module DB_File installed for this to work (check with MailScanner -v) But to be honest I'd say 5-10 seconds for a batch ain't too bad. I'd check how many children you've got and how many in the batch. I'd also drop the spec of the machine here so we can see if there's anything obvious we can recommend. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 13 June 2008 08:12 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > >>I run an email server (Exim) which uses Mailscanner in combination > >>with ClamAV and SpamAssassin. The server scans about 15,000 > emails per day. > >>SpamAssassin currently seems to take 5-10 seconds to scan even the > >>smallest email, which is unacceptable for us. > > >May I ask why? Is it because your mail system is getting into load > >trouble? Or is the delay itself on legit mail the problem? I > would like > >to know how an additional 5-10 seconds on an async > communication medium > >like e-mail that was never designed for real-time in the first place > >could be a problem. > > It is not really a problem except during peak hours, where > there can be numerous emails sent every 1-2 seconds. These > emails then pile up on eachother, and eventually cause the > mail queue to grow very long, with emails taking 8-15 > *minutes* to actually leave the queue. It is then a very > serious problem. > > > > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. > Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > > Our userbase means that over 99% of emails sent through the > server are *not* spam, so any limiting of the emails reaching > the MTA would not help. > > >Yet on the other hand, if the 15.000 mails a day that your > server scans > >are mostly ham, this will not help. So please enlarge a bit on the > >problem itself. > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Jun 13 10:22:53 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 13 10:23:04 2008 Subject: Bus error with 4.70.5 and -v flag Message-ID: Jules Doing a MailScanner -v Gives a bus error.. Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country Bus error (core dumped) Perl is perl -v This is perl, v5.8.5 built for i386-freebsd-64int -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Jun 13 11:18:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 11:19:00 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: References: Message-ID: <48524981.9000203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does it do it for anyone else? Works fine for me. Martin.Hepworth wrote: > Jules > > Doing a > > MailScanner -v > > Gives a bus error.. > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.809 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Encode::Detect > missing Error > missing ExtUtils::CBuilder > missing ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.06 IO::String > 1.04 IO::Zlib > 2.20 IP::Country > Bus error (core dumped) > > Perl is > > perl -v > > This is perl, v5.8.5 built for i386-freebsd-64int > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUkmBEfZZRxQVtlQRAv4+AKDlt9ZgLMyGFYgWhuOAAA5vxVCwkACePYuo qMuTrm9HHwUg7rYhYY755dU= =j/iU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From donnieq at quindardonet.net Fri Jun 13 11:39:31 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Fri Jun 13 11:39:41 2008 Subject: Watermark and User Notification In-Reply-To: <48522881.20002@ecs.soton.ac.uk> References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> <48522881.20002@ecs.soton.ac.uk> Message-ID: <48524E63.2050707@quindardonet.net> I'm rather certain that I've tried this; however, I'll try again. For which mailscanner setting should this exception occur? Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It puts in 0.0.0.0 if there was no IP address present at all. > Maybe I should change that to 127.0.0.1? > What does anyone think of that change? > > Currently, you need to change your "From" line to > From: 0.0.0.0 no > FromOrTo: default yes > > > Donnie D. Quindardo wrote: >> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) watermark >> or sender address >> >> Hmmm. :-) >> >> Donnie D. Quindardo wrote: >>> Unfortunately, this is not working. >>> >>> /etc/MailScanner/MailScanner.conf: >>> >>> Scan Messages = %rules-dir%/scan.rules >>> >>> /etc/MailScanner/rules/scan.rules: >>> >>> From: 127.0.0.1/32 no >>> FromOrTo: default yes >>> >>> The notification message sent by "Notify Senders" if their >>> attachments are blocked is still being flagged as spam. >>> >>> Please advise, >>> >>> Don Q. >>> >>> >>> Julian Field wrote: >>>> >>>> Scott Silva wrote: >>>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>>> >>>>>> Scott Silva wrote: >>>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>>> >>>>>>>> Donnie D. Quindardo wrote: >>>>>>>>> - Configure MailScanner to notify users that their attachments >>>>>>>>> have been blocked. >>>>>>>>> >>>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>>> >>>>>>>>> - Send an e-mail through MailScanner with an attachment that is >>>>>>>>> banned, perhaps "test.com". >>>>>>>>> >>>>>>>>> - Look in the spam quarantine of MailScanner, the notification >>>>>>>>> e-mail that is sent to the user is there. That's because it is >>>>>>>>> sent with an envelope address of <> and does not get a >>>>>>>>> MailScanner Signature beforehand. >>>>>>>> In which case you just need to use a ruleset to exempt mail from >>>>>>>> 127.0.0.1 from watermarking checks. Should I do this >>>>>>>> automatically in the code, or are there situations in which this >>>>>>>> isn't the desired behaviour? >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>> Does a ruleset on scan messages also cover this, or is >>>>>>> watermarking outside that catch-all? >>>>>> You don't need to do anything that radical, you just need a >>>>>> ruleset on the option that controls the checking of watermarks. >>>>>> >>>>>> Jules >>>>>> >>>>> Let me re-phrase this... If you already have a rule in scan >>>>> messages for mailwatch releases, will it also cover the watermark >>>>> code? >>>> If the rule is on "Scan Messages" then yes, it will cover everything. >>>> >>>> Jules >>>> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.3 (Build 4028) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu > 0NGxjdrsTHySaDvXDtw/6Kk= > =3bx5 > -----END PGP SIGNATURE----- > From telecaadmin at gmail.com Fri Jun 13 12:34:17 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 13 12:36:31 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: <48524981.9000203@ecs.soton.ac.uk> References: <48524981.9000203@ecs.soton.ac.uk> Message-ID: <48525B39.7040709@gmail.com> [...] >> 2.20 IP::Country >> Bus error (core dumped) >> >> Perl is >> >> perl -v >> >> This is perl, v5.8.5 built for i386-freebsd-64int Technically, isn't a bus error rather strange for x86, even x86_64? x86 can do unaligned accesses just fine. Don't know about the BSD semantics, though. Martin, is this new or did you upgrade something? From Lists at Tatorz.com Fri Jun 13 12:41:00 2008 From: Lists at Tatorz.com (Brian) Date: Fri Jun 13 12:41:14 2008 Subject: Bus error with 4.70.5 and -v flag In-Reply-To: <48524981.9000203@ecs.soton.ac.uk> References: <48524981.9000203@ecs.soton.ac.uk> Message-ID: <48525CCC.7000106@Tatorz.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Does it do it for anyone else? Works fine for me. > > Works fine for me also. Centos 5.1 From MailScanner at ecs.soton.ac.uk Fri Jun 13 14:01:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 14:01:33 2008 Subject: Watermark and User Notification In-Reply-To: References: <485178A2.2050606@quindardonet.net> <485182BF.6030706@ecs.soton.ac.uk> <4851868E.5070900@ecs.soton.ac.uk> <48518AA8.1070106@ecs.soton.ac.uk> <4851FAB8.7070101@quindardonet.net> <48522881.20002@ecs.soton.ac.uk> Message-ID: <48526F9A.1060604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check Watermarks With No Sender Donnie D. Quindardo wrote: > I'm rather certain that I've tried this; however, I'll try again. For > which mailscanner setting should this exception occur? > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It puts in 0.0.0.0 if there was no IP address present at all. >> Maybe I should change that to 127.0.0.1? >> What does anyone think of that change? >> >> Currently, you need to change your "From" line to >> From: 0.0.0.0 no >> FromOrTo: default yes >> >> >> Donnie D. Quindardo wrote: >>> Message 3EDEA100004C.D62FF from 0.0.0.0 has no (or invalid) >>> watermark or sender address >>> >>> Hmmm. :-) >>> >>> Donnie D. Quindardo wrote: >>>> Unfortunately, this is not working. >>>> >>>> /etc/MailScanner/MailScanner.conf: >>>> >>>> Scan Messages = %rules-dir%/scan.rules >>>> >>>> /etc/MailScanner/rules/scan.rules: >>>> >>>> From: 127.0.0.1/32 no >>>> FromOrTo: default yes >>>> >>>> The notification message sent by "Notify Senders" if their >>>> attachments are blocked is still being flagged as spam. >>>> >>>> Please advise, >>>> >>>> Don Q. >>>> >>>> >>>> Julian Field wrote: >>>>> >>>>> Scott Silva wrote: >>>>>> on 6-12-2008 1:26 PM Julian Field spake the following: >>>>>>> >>>>>>> Scott Silva wrote: >>>>>>>> on 6-12-2008 1:10 PM Julian Field spake the following: >>>>>>>>> >>>>>>>>> Donnie D. Quindardo wrote: >>>>>>>>>> - Configure MailScanner to notify users that their >>>>>>>>>> attachments have been blocked. >>>>>>>>>> >>>>>>>>>> - Configure MailScanner to use Watermarks and note that >>>>>>>>>> messages that have no sender and no watermark are spam. >>>>>>>>>> >>>>>>>>>> - Send an e-mail through MailScanner with an attachment that >>>>>>>>>> is banned, perhaps "test.com". >>>>>>>>>> >>>>>>>>>> - Look in the spam quarantine of MailScanner, the >>>>>>>>>> notification e-mail that is sent to the user is there. That's >>>>>>>>>> because it is sent with an envelope address of <> and does >>>>>>>>>> not get a MailScanner Signature beforehand. >>>>>>>>> In which case you just need to use a ruleset to exempt mail >>>>>>>>> from 127.0.0.1 from watermarking checks. Should I do this >>>>>>>>> automatically in the code, or are there situations in which >>>>>>>>> this isn't the desired behaviour? >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>> Does a ruleset on scan messages also cover this, or is >>>>>>>> watermarking outside that catch-all? >>>>>>> You don't need to do anything that radical, you just need a >>>>>>> ruleset on the option that controls the checking of watermarks. >>>>>>> >>>>>>> Jules >>>>>>> >>>>>> Let me re-phrase this... If you already have a rule in scan >>>>>> messages for mailwatch releases, will it also cover the watermark >>>>>> code? >>>>> If the rule is on "Scan Messages" then yes, it will cover everything. >>>>> >>>>> Jules >>>>> >> >> Jules >> >> - -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.3 (Build 4028) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-1 >> >> wj8DBQFIUiiCEfZZRxQVtlQRAkmvAJ9mb0ZYqqzrotjXQdbAxjm+j2+wfQCginPu >> 0NGxjdrsTHySaDvXDtw/6Kk= >> =3bx5 >> -----END PGP SIGNATURE----- >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUm+bEfZZRxQVtlQRAgdkAKCI6db4xdivzwa1JN81mch4MFq1igCfWqA1 aracXVBPVwvbxaFbY6APFy4= =yvOn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Jun 13 14:57:53 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 13 14:58:29 2008 Subject: Unable to update Perl on RHEL 5.2 Message-ID: <48527CE1.5050501@USherbrooke.ca> Hello list, I am not able to update Perl because of conflicts with RPMs installed by MS. Any ideas on how to force install it? Thanks! Denis # yum -y update perl Loading "rhnplugin" plugin Loading "security" plugin rhel-i386-server-5 100% |=========================| 1.4 kB 00:00 Skipping security plugin, no data Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package perl.i386 4:5.8.8-10.el5_2.3 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: perl i386 4:5.8.8-10.el5_2.3 rhel-i386-server-5 12 M Transaction Summary ============================================================================= Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total download size: 12 M Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Check Error: file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/File/Temp.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-File-Temp-0.19-1 file /usr/share/man/man3/File::Temp.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-File-Temp-0.19-1 file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 Error Summary ------------- -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Fri Jun 13 15:16:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 15:17:04 2008 Subject: Unable to update Perl on RHEL 5.2 In-Reply-To: References: Message-ID: <4852814C.7050808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try this: rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum yum update perl Then reinstall MailScanner. Denis Beauchemin wrote: > Hello list, > > I am not able to update Perl because of conflicts with RPMs installed > by MS. Any ideas on how to force install it? > > Thanks! > > Denis > # yum -y update perl > Loading "rhnplugin" plugin > Loading "security" plugin > rhel-i386-server-5 100% |=========================| 1.4 kB > 00:00 > Skipping security plugin, no data > Setting up Update Process > Resolving Dependencies > Skipping security plugin, no data > --> Running transaction check > ---> Package perl.i386 4:5.8.8-10.el5_2.3 set to be updated > --> Finished Dependency Resolution > > Dependencies Resolved > > ============================================================================= > > Package Arch Version Repository > Size > ============================================================================= > > Updating: > perl i386 4:5.8.8-10.el5_2.3 > rhel-i386-server-5 12 M > > Transaction Summary > ============================================================================= > > Install 0 Package(s) > Update 1 Package(s) > Remove 0 Package(s) > > Total download size: 12 M > Downloading Packages: > Running rpm_check_debug > Running Transaction Test > Finished Transaction Test > > > Transaction Check Error: > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install > of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/share/man/man3/IO.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Dir.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::File.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Handle.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Pipe.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Poll.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Seekable.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Select.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/File/Temp.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-File-Temp-0.19-1 > file /usr/share/man/man3/File::Temp.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-File-Temp-0.19-1 > file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/share/man/man3/Math::BigRat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/lib/perl5/5.8.8/bigint.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bignum.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bigrat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bigint.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bignum.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > file /usr/share/man/man3/bigrat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 > > Error Summary > ------------- > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIUoFMEfZZRxQVtlQRAqVVAKDvhZu4sdgyOVxUvPq58yW+wdVeNwCghNka 7hrxMrM2l96zAi81h4m8juY= =KRds -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Jun 13 15:59:58 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 13 16:00:33 2008 Subject: Unable to update Perl on RHEL 5.2 In-Reply-To: <4852814C.7050808@ecs.soton.ac.uk> References: <4852814C.7050808@ecs.soton.ac.uk> Message-ID: <48528B6E.7050207@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Try this: > > rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum > yum update perl > > Then reinstall MailScanner. > > Denis Beauchemin wrote: > >> Hello list, >> >> I am not able to update Perl because of conflicts with RPMs installed >> by MS. Any ideas on how to force install it? >> >> Thanks! >> Thanks Julian, It worked just fine! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Kevin_Miller at ci.juneau.ak.us Fri Jun 13 17:26:01 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 13 17:26:20 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <48522F1D.5070701@vanderkooij.org> References: <4852278E.6070804@ecs.soton.ac.uk> <48522F1D.5070701@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > DNS checks inside SA could be a real killer. Disable them and see what > happens. A good DNS forwarder on your machine will also improve > things. > > On the other hand you may have CPU and RAM to spare. In which case you > may add one or two more children to MS and see what happens. Another thought - look and see if you're swapping significantly. That'll slow things down a lot... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From alex at nkpanama.com Fri Jun 13 17:31:15 2008 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 13 17:31:49 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <48522F1D.5070701@vanderkooij.org> References: <4852278E.6070804@ecs.soton.ac.uk> <48522F1D.5070701@vanderkooij.org> Message-ID: <200806131631.m5DGVd5p016956@safir.blacknight.ie> And we all know MailScanner causes swapping! X-D On Jun 13, 2008, at 11:26 AM, Kevin Miller wrote: > Another thought - look and see if you're swapping significantly. > That'll slow things down a lot... From telecaadmin at gmail.com Fri Jun 13 17:44:16 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Jun 13 17:46:25 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> References: <2ea301c8ccf7$0e9f52d0$0300a8c0@CharlieCompaq> Message-ID: <4852A3E0.8080903@gmail.com> > I run an email server (Exim) which uses Mailscanner in combination with > ClamAV and SpamAssassin. The server scans about 15,000 emails per day. > SpamAssassin currently seems to take 5-10 seconds to scan even the > smallest email, which is unacceptable for us. > > I was wondering if anyone had either any tips on reducing the amount of > time taken to scan an email for spam using SpamAssassin to 'well under > one second', or if anyone can recommend a good, not too expensive, > commercial alternative to SpamAssassin. To check for *all* problems please show us the output of #> uptime #> free #> cat /proc/cpuinfo #> /etc/init.d/nscd status Then proceed with Julians suggestion: > My advice would be to run > MailScanner --debug --debug-sa > as that will print out all the progress of SpamAssassin, including a > timestamp at the start of each line so you can see where the holdups > are. > If you do that, and then show us where the holdups are, we may be able > to help you some more... The holdups show you *exactly* where and what happens. Usually it's a bad/slow/rejecting/non-caching DNS server, either in resolv.conf or the one you're asking. Or some firewall issues (pyzor etc. come to mind). Cheers, Ronny From ssilva at sgvwater.com Fri Jun 13 19:01:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 13 19:02:08 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> References: <2f4301c8cd24$cbaf5000$0300a8c0@CharlieCompaq> Message-ID: ... > > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > Our userbase means that over 99% of emails sent through the server are > *not* spam, so any limiting of the emails reaching the MTA would not help. > So if 99% of your mail isn't spam, then why bother using spamassassin? I would dare to say that 65 - 75% of the mail that "attempts" delivery here IS spam. Some days it is over 90%, especially on the weekends when we get very little legit mail. > >Yet on the other hand, if the 15.000 mails a day that your server scans > >are mostly ham, this will not help. So please enlarge a bit on the > >problem itself. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080613/16c8cd4a/signature.bin From MailScanner at ecs.soton.ac.uk Fri Jun 13 19:28:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 13 19:28:24 2008 Subject: Health update Message-ID: <4852BC3D.3050802@ecs.soton.ac.uk> Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Fri Jun 13 19:35:29 2008 From: lhaig at haigmail.com (lhaig-haigmail.com) Date: Fri Jun 13 19:35:39 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <08172625a4948c021dedb756390afdcf@haigmail.com> Great news Julian, You will be in my families thoughts and prayers Lance On Fri, 13 Jun 2008 19:28:13 +0100, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Fri Jun 13 19:40:20 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Jun 13 19:40:42 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806131440.20631.dyioulos@firstbhph.com> On Friday 13 June 2008 2:28 pm, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > Jules, As if you needed to ask - wishing you the very best! Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkercher at nfsmith.com Fri Jun 13 19:40:13 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Fri Jun 13 19:40:55 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FB50D8F@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, June 13, 2008 1:28 PM To: MailScanner discussion Subject: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- Best of luck to you! Too bad you can't put a liver on your Amazon Wish List!!! Mike From igueths at lava-net.com Fri Jun 13 19:54:09 2008 From: igueths at lava-net.com (Igor Gueths) Date: Fri Jun 13 19:45:06 2008 Subject: Health update In-Reply-To: <08172625a4948c021dedb756390afdcf@haigmail.com> References: <4852BC3D.3050802@ecs.soton.ac.uk> <08172625a4948c021dedb756390afdcf@haigmail.com> Message-ID: <20080613185409.GA11287@lava-net.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Julian. I wish you the best of luck with your liver transplant. On Fri, Jun 13, 2008 at 02:35:29PM -0400, lhaig-haigmail.com wrote: > Great news Julian, > > You will be in my families thoughts and prayers > > Lance > > On Fri, 13 Jun 2008 19:28:13 +0100, Julian Field > wrote: > > Folks, > > > > Just wanted to let you know that, as soon as I send back the consent > > forms, I am officially on the waiting list for a liver transplant. > > No holidays or anything now until I get my call... > > > > Fortunately, I have grown a new vein in the last few months that means I > > will just need a new liver and not a small bowel as well, which > > significantly improves my survival chances. This is very good news :-) > > > > Wish me luck! > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > - -- Igor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iQIVAwUBSFLCUae2pgKIdGq4AQrnKxAAgHgk4nOUZijVg4yMl3ooRb7ac6+tft7S Rf5VZEnr/1n5ulE3zh9ibi6wpsSc4JE6FkSIdVMjBIm16DHKuhKYxuTZbjKcQ48J c+04/8u2YWP0SBFlXeDHMFp3fKJq3QpP9LRC1use0tDQaB8LGrEovlq2dYZRrUAu IYT4MmOzuCqJMW8xVb4eW1sL0FG0CO1P/g+zklkKCiPpxEdJk1/oWT06yETHDvTa aaDgkY4saN+ck2hul1QyAafNdu0CED9SkO+kC6drfGltZaKBLnl2Ob9ApYT77g5X KQcojWX000NKPMOZRBXpu/LEGfmhNl7ekVP2/b0M3CJbxlogVP9vIePRuJonFWlJ gJ0jw2V8cZRp185Qt8ZbSN9xXqqNsJdR3NCJbi9QwCcNgjFza0791vy7nYfo3i2M DD0LIRGyXMc6WulfEzcxf8QkRvtHmVJBjuCcieDZej1BOdSy8DCeThPbPIAeE20d LfUp3TPbf0vQ9QF6zKHqEEayY5oUn1blBGEltudJsZUG3P7XxQz9G3eEFYQzaX4X slwCAkgp2mT+2UFI+LgT068d3lYA+9Sj/g++064Yw1mald4k2pbciDGyUIykdAW5 M/MyEc4KkuKvpJS6sPTUN/KA+HikEZ6aTzCNNOMtTzZWGeharyQgzBsQLuLBMAmW KV262GUkCs8= =32W7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 13 19:50:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 13 19:50:53 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <223f97700806131150w4cc5db6eub2779b2e6cb7fd9b@mail.gmail.com> 2008/6/13 Julian Field : > Folks, > > Just wanted to let you know that, as soon as I send back the consent forms, > I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Cool! I'll be keeping my fingers crossed that you'll very soon be switching from painkillers to Azatioprin (the stuff I'm on... For CD and transplantees:-)....!!!!:-) Cheers! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Fri Jun 13 19:50:47 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 13 19:51:00 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that > means I will just need a new liver and not a small bowel as well, > which significantly improves my survival chances. This is very good > news :-) > > Wish me luck! Great news (I think) Jules - you'll be in my thoughts & prayers... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ka at pacific.net Fri Jun 13 19:51:55 2008 From: ka at pacific.net (Ken A) Date: Fri Jun 13 19:51:46 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852C1CB.6050701@pacific.net> Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Wishing you a speedy match, and recovery! Ken -- Ken Anderson Pacific.Net From ajcartmell at fonant.com Fri Jun 13 20:13:16 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Jun 13 20:13:25 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: > Fortunately, I have grown a new vein in the last few months Nice one! > Wish me luck! The best of luck! Anthony -- www.fonant.com - Quality web sites From rob at kettle.org.uk Fri Jun 13 20:19:54 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Fri Jun 13 20:20:14 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852C85A.6000104@kettle.org.uk> From someone who doesn't post on here very much but does appreciate all your hard work... Best of luck. We'll be thinking if you. ... and make sure you take time to recover even if MailScanner has to wait a while. It's not as important as your health :) Rob Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martyn at invictawiz.com Fri Jun 13 20:40:06 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Fri Jun 13 20:40:34 2008 Subject: Health Update Message-ID: <4852CD16.9030408@invictawiz.com> My best wishes go to you as well Julian. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From lists at tatorz.com Fri Jun 13 21:20:50 2008 From: lists at tatorz.com (Brian) Date: Fri Jun 13 21:21:05 2008 Subject: Health update In-Reply-To: <4852C1CB.6050701@pacific.net> References: <4852BC3D.3050802@ecs.soton.ac.uk> <4852C1CB.6050701@pacific.net> Message-ID: <4619.192.168.1.2.1213388450.squirrel@mail.tatorz.com> On Fri, June 13, 2008 2:51 pm, Ken A wrote: > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that means I >> will just need a new liver and not a small bowel as well, which >> significantly improves my survival chances. This is very good news :-) >> >> Wish me luck! >> >> Jules >> Best of Luck to you and your family. Brian. -- This message has been scanned for viruses and dangerous content by Tatorz MailScanner, and is believed to be clean. From bamcomp at yahoo.com Fri Jun 13 21:22:24 2008 From: bamcomp at yahoo.com (Brett Moss) Date: Fri Jun 13 21:22:35 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <459742.15165.qm@web30001.mail.mud.yahoo.com> --- Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send > back the consent > forms, I am officially on the waiting list for a > liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few > months that means I > will just need a new liver and not a small bowel as > well, which > significantly improves my survival chances. This is > very good news :-) > > Wish me luck! > > Jules Jules, I wish you a quick and solid match, and an easy and speedy recovery. Brett From Carl.Andrews at crackerbarrel.com Fri Jun 13 22:00:25 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Fri Jun 13 22:00:38 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Good Luck!! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, June 13, 2008 1:28 PM To: MailScanner discussion Subject: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Fri Jun 13 22:13:55 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Jun 13 22:14:15 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> At 02:28 PM 6/13/2008, you wrote: >Folks, > >Just wanted to let you know that, as soon as I send back the consent >forms, I am officially on the waiting list for a liver transplant. >No holidays or anything now until I get my call... Hello Julian, I wish you a short queue! BTW, I am an organ donor and suggest everyone else on this group CONSIDER what a great gift organ donation can be to the individual recipient and all the people associated with them. Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 13 22:20:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 13 22:20:26 2008 Subject: Health update In-Reply-To: <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> Message-ID: <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> 2008/6/13 dnsadmin 1bigthink.com : > At 02:28 PM 6/13/2008, you wrote: >> >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... > > > Hello Julian, > > I wish you a short queue! BTW, I am an organ donor and suggest everyone else > on this group CONSIDER what a great gift organ donation can be to the > individual recipient and all the people associated with them. > > Cheers, > Glenn > Same here... Well. Haven't donated any organs (yet), and some of them are really shoddy... But I do carry my donor card with me at all times... Who knows when time is up?! It's an easy decision (was for me at least:-), and easier still thing to do. The only down-side of Jules getting better ... Someone will actually have to pass on... Oh well, that's life I guess. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From christian at columbiafuels.com Fri Jun 13 22:25:36 2008 From: christian at columbiafuels.com (Christian Rasmussen) Date: Fri Jun 13 22:26:17 2008 Subject: Health update In-Reply-To: <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> I've been a sysadmin for so long I don't think anyone would have much use for my liver. Julian good luck! Our prayers are with you for a speedy turnaround. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, June 13, 2008 2:20 PM To: MailScanner discussion Subject: Re: Health update 2008/6/13 dnsadmin 1bigthink.com : > At 02:28 PM 6/13/2008, you wrote: >> >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... > > > Hello Julian, > > I wish you a short queue! BTW, I am an organ donor and suggest everyone else > on this group CONSIDER what a great gift organ donation can be to the > individual recipient and all the people associated with them. > > Cheers, > Glenn > Same here... Well. Haven't donated any organs (yet), and some of them are really shoddy... But I do carry my donor card with me at all times... Who knows when time is up?! It's an easy decision (was for me at least:-), and easier still thing to do. The only down-side of Jules getting better ... Someone will actually have to pass on... Oh well, that's life I guess. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bbdokken at dokkenengineering.com Fri Jun 13 22:36:08 2008 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Fri Jun 13 22:33:44 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <5A3FEF92FC07F34B9EE30C0D13957164A86D23@monarchs.dokkenengineering.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Friday, June 13, 2008 11:28 AM > To: MailScanner discussion > Subject: Health update > > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months > that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Julian, that sounds like good news. Our thoughts, prayers and best wishes are all with you. Brad From lists at designmedia.com Fri Jun 13 22:42:15 2008 From: lists at designmedia.com (Henry Kwan) Date: Fri Jun 13 22:42:33 2008 Subject: Health update References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Julian Field ecs.soton.ac.uk> writes: > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news > > Wish me luck! Wow, I didn't realize this was the situation. Best of wishes for a quick callback from the waiting list! --Henry From ms-list at alexb.ch Fri Jun 13 22:54:11 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jun 13 22:54:25 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4852EC83.9080108@alexb.ch> On 6/13/2008 8:28 PM, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! We're all wishing you more than that. Alex From mailscanner at yeticomputers.com Sat Jun 14 03:34:20 2008 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sat Jun 14 03:34:47 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48532E2C.4090108@yeticomputers.com> Best wishes, Julian. Did the vein spontaneously grow, or was there a treatment that encouraged it? In any case, it's good news. :) Good luck! Rick Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > From mi6 at orcon.net.nz Sat Jun 14 03:49:05 2008 From: mi6 at orcon.net.nz (Charlie) Date: Sat Jun 14 03:49:19 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> > >If it is a load problem you should try to reduce the amount of mail > >reaching SpamAssassin in the first place. RBLs come to mind. Or (since > >you asked for a commercial solution) have a look at BarricadeMX from > >FSL. BMX will greatly reduce the amount of mail reaching your MTA. > Our userbase means that over 99% of emails sent through the server are > *not* spam, so any limiting of the emails reaching the MTA would not help. > >So if 99% of your mail isn't spam, then why bother using >spamassassin? >I would dare to say that 65 - 75% of the mail that "attempts" delivery >here IS >spam. Some days it is over 90%, especially on the weekends when >we get very >little legit mail. The reason I wanted to catch the 1% that is spam is so the server doesn't get blacklisted. People are paying money for the service, hence I need to pay more attention to making sure it stays off blacklists than if I was just an ISP offering a free service. I'll try all the suggestions on Monday and provide an update then - thanks for all the assistance! From Robert.Meurlin at se.fujitsu.com Sat Jun 14 06:08:58 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 06:09:43 2008 Subject: mailscanner dont process email at all Message-ID: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> We had a stop yesterday lunchtime on one of our mailservers that the incoming increased and increased Incomming: Total requests: 6281 I have update to the latest MailScanner, Clamav, Spamassassin but every email I just "stat=queued" sendmail-in[13003]: m5DDRKrY013003: from=, size=2513, class=0, nrcpts=1, msgid=<20080615140124.C90014EF28A@wz.com>, proto=SMTP, daemon=MTA, relay=[61.149.129.36] Jun 13 15:27:28 sendmail-in[13003]: m5DDRKrY013003: to=, delay=00:00:02, mailer=esmtp, pri=32513, stat=queued I Have looked at almost every log and there is no anything really on that time yesterday when it happened. The only strange is this did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA from a new security system which sending out email trough this. I have no problem Telnet'ing to this mailserver and all MailScanner etc processes and ports are up. Do anyone have som ide's? Rob. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080614/297d5357/attachment.html From james at gray.net.au Sat Jun 14 07:59:02 2008 From: james at gray.net.au (James Gray) Date: Sat Jun 14 07:59:17 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: Hi Jules, Good and bad news I guess :-/ It is my hope and prayer that you are called very soon for a new liver and can put this whole episode behind you. If it's any comfort, a good friend of mine had a heart transplant about 5 years ago and is going from strength to strength. His recovery (and prospects without a transplant) prompted my wife and I to go on the organ donor list here in Oz. On top I that, I regularly donate blood and am on the marrow donor and partial liver donor list as well! If you were in Oz, and could have half my liver, I'd gladly let you have it...if for no other reason than to see you keep sticking it to the spammers!! All the best Jules; I'll be praying for you on the other side of the globe. Cheers, James From hvdkooij at vanderkooij.org Sat Jun 14 08:14:28 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 14 08:14:37 2008 Subject: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> Message-ID: <48536FD4.4090300@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- From Robert.Meurlin at se.fujitsu.com Sat Jun 14 09:12:37 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 09:13:30 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <48536FD4.4090300@vanderkooij.org> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> <48536FD4.4090300@vanderkooij.org> Message-ID: <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> Yes have looked at that the only odd thing i see is "nagios_server did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" from a new server (nagios with postfix settings) we installed on Wednesday. I also fixed envelope_sender_header as it complained MailScanner --lint Trying to setlogsock(unix) Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.69.9) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor don't think pyzor and unrar is the problem as it just seems to skip that lines. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Hugo van der Kooij Skickat: den 14 juni 2008 09:14 Till: MailScanner discussion ?mne: Re: mailscanner dont process email at all -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 14 09:15:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 14 09:15:26 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48537E0C.1020903@ecs.soton.ac.uk> Rick Chadderdon wrote: > Best wishes, Julian. Did the vein spontaneously grow, or was there a > treatment that encouraged it? In any case, it's good news. :) The vein grew entirely on its own :-) Any I would like to offer my thanks to all of you for your wonderful comments and best wishes, it really helps! Thank you! Jules. > > Good luck! > > Rick > > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that >> means I will just need a new liver and not a small bowel as well, >> which significantly improves my survival chances. This is very good >> news :-) >> >> Wish me luck! >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at technologytiger.net Sat Jun 14 09:15:51 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sat Jun 14 09:16:11 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: On 13 Jun 2008, at 19:28, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... Let's hope that's not too long. > Fortunately, I have grown a new vein in the last few months that > means I will just need a new liver and not a small bowel as well, > which significantly improves my survival chances. This is very good > news :-) Excellent news. Isn't the human body quite remarkable some times? > Wish me luck! Naturally! I'm not sure I can say more than others already have, so I won't but take it as read I wish you 'what they said'. Good luck! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ben.tisdall at photobox.com Sat Jun 14 09:37:29 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Sat Jun 14 09:37:52 2008 Subject: Health Update In-Reply-To: <4852CD16.9030408@invictawiz.com> References: <4852CD16.9030408@invictawiz.com> Message-ID: <48538349.2030109@photobox.com> All the best Julian. -- Ben Tisdall Linux Systems Administrator | www.photobox.com From uxbod at splatnix.net Sat Jun 14 09:40:30 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Jun 14 09:40:46 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> All the best Jules ... Wish you a short wait and a very speedy recovery ... Make sure the nice nurse keeps your laptop well out of reach! Best Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news > :-) > > Wish me luck! > > Jules -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From x72m35 at gmail.com Sat Jun 14 10:24:33 2008 From: x72m35 at gmail.com (Lasantha Marian) Date: Sat Jun 14 10:23:55 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48538E51.9010001@gmail.com> Julian, It is a good news to hear that you are going to get patched. :-) I wish and pray for your speedy selection for the treatment and recovery thereafter. Cheers, Lasantha. *----- Original Message -----* *Subject:* Health update *Date:* Fri, 13/Jun/2008 11:58:13 PM +0550 *From:* Julian Field *To:* MailScanner discussion > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080614/77481971/attachment.html From telecaadmin at gmail.com Sat Jun 14 12:18:39 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Sat Jun 14 12:20:53 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4853A90F.30305@gmail.com> Cheers Julian, and all the best for your recreation afterwards! And for once don't constantly patch around in MailScanner, but take some time off for yourself :) From lszabo at ntlworld.com Sat Jun 14 12:57:09 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Sat Jun 14 12:57:32 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <1213444629.3713.20.camel@CentOS51.localdomain> Hi Julian! I know how you feel and what you think now because I had a bloody cancer 5 years ago. So I really can imagine your day to day life. I had two operation and chemo therapy(service pack/update, cut out parts) etc... :) I needed to recover about 2, 2.5 years. Unfortunately we can't get repair our bodies with update/patch as a computer. :( You will get through on all and you will be better! Best of luck to you! Laszlo IT CROWD: "Hello IT. Have you tried turning it off and on again?" On Fri, 2008-06-13 at 19:28 +0100, Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From alex at nkpanama.com Sat Jun 14 14:01:22 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 14 14:02:04 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <200806141302.m5ED1r1h020271@safir.blacknight.ie> I'm already registered as an organ donor, but I'll recheck all the paperwork just in case anything else needs to be done. Good luck, Jules! If you miss any of your TV shows let me know so I can get them to you... From Robert.Meurlin at se.fujitsu.com Sat Jun 14 17:32:18 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sat Jun 14 17:33:15 2008 Subject: SV: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <797363C57EE0884786F428AAABCD469201490DDA@sea0120sex2.nordic.x> Hope it gets well for you Julian, you are a terrific bloke. And not everything is computer things. Best wishes Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 13 juni 2008 20:28 Till: MailScanner discussion ?mne: Health update Folks, Just wanted to let you know that, as soon as I send back the consent forms, I am officially on the waiting list for a liver transplant. No holidays or anything now until I get my call... Fortunately, I have grown a new vein in the last few months that means I will just need a new liver and not a small bowel as well, which significantly improves my survival chances. This is very good news :-) Wish me luck! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Sun Jun 15 00:04:44 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jun 15 00:04:55 2008 Subject: New address Message-ID: <95B80E3F-B0DD-4282-996B-83531805E621@rtpty.com> Hi guys, just a quick address change notification, that's all. Expect the same quality comments from time to time, as well as a helping hand whenever a question pops up that I might be able to help with. That and the occasional reminder that MailScanner causes swapping!!! Cheers, Alex Neuman From alex at rtpty.com Sun Jun 15 02:15:43 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jun 15 02:15:52 2008 Subject: Testing Message-ID: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> Hi... Please disregard ... Sent from my iPhone From ssilva at sgvwater.com Sun Jun 15 17:58:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Jun 15 17:59:28 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: on 6-13-2008 11:28 AM Julian Field spake the following: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > All the best to you Julian, we will all be pulling for you! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/955328aa/signature.bin From submit at zuka.net Sun Jun 15 22:03:47 2008 From: submit at zuka.net (Dave Filchak) Date: Sun Jun 15 22:04:06 2008 Subject: Upgrade problems Message-ID: <485583B3.5090801@zuka.net> I searched the archives but for some reason never got much that helped back. I have been getting the following error in my logs: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . I tried restarting but no love there. So I thought I would try to update clamd (which is configured properly in MailScanner.conf. I am still getting the error about and, when I run freshclam, I get the following: ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. WARNING: Clamd was NOT notified: Can't find or parse configuration file /usr/local/etc/clamd.conf The clamd.conf is where it is supposed to be and is owned by root. I did try to change the ownership to clamav but that did not help. I tried renaming the daily and mail cvd files and downloaded fresh copies but again ... no change. I apologize if this has been discussed earlier but I really did not get much back from my search of the archives ... or from Google either for that matter. Here is my config: [root@#### ~]# MailScanner -V Running on Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.63.8 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.77 Mail::Header 1.87 Math::BigInt 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.74 Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.58 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder missing ExtUtils::ParseXS 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country 0.17 Mail::ClamAV 3.002003 Mail::SpamAssassin missing Mail::SPF 1.997 Mail::SPF::Query 0.20 Math::BigRat 0.2808 Module::Build 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.65 YAML Any help would be appreciated. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/d837e3f2/attachment.html From rich at mail.wvnet.edu Sun Jun 15 22:15:29 2008 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun Jun 15 22:15:41 2008 Subject: Upgrade problems In-Reply-To: References: Message-ID: <48558671.4050503@mail.wvnet.edu> That option was discontinued in later versions of ClamAV (0.93+ I believe). Edit your clamd.conf file and remove it or comment it out. Mine is located at... /usr/local/etc/clamd.conf Richard Lynch WVNET Dave Filchak wrote: > I searched the archives but for some reason never got much that helped > back. I have been getting the following error in my logs: > > Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON > :: . > > I tried restarting but no love there. So I thought I would try to > update clamd (which is configured properly in MailScanner.conf. > > I am still getting the error about and, when I run freshclam, I get > the following: > > ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. > WARNING: Clamd was NOT notified: Can't find or parse configuration > file /usr/local/etc/clamd.conf > > The clamd.conf is where it is supposed to be and is owned by root. I > did try to change the ownership to clamav but that did not help. I > tried renaming the daily and mail cvd files and downloaded fresh > copies but again ... no change. > > I apologize if this has been discussed earlier but I really did not > get much back from my search of the archives ... or from Google either > for that matter. > > Here is my config: > > [root@#### ~]# MailScanner -V > Running on > Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 > i686 i686 i386 GNU/Linux > This is CentOS release 4.1 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.63.8 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.18 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.77 Mail::Header > 1.87 Math::BigInt > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.74 Business::ISBN > missing Business::ISBN::Data > 0.17 Convert::TNEF > missing Data::Dump > 1.809 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > missing Encode::Detect > missing Error > 0.19 ExtUtils::CBuilder > missing ExtUtils::ParseXS > 0.44 Inline > 1.06 IO::String > 1.04 IO::Zlib > 2.20 IP::Country > 0.17 Mail::ClamAV > 3.002003 Mail::SpamAssassin > missing Mail::SPF > 1.997 Mail::SPF::Query > 0.20 Math::BigRat > 0.2808 Module::Build > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::DNS::Resolver::Programmable > missing Net::LDAP > missing NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > missing version > 0.65 YAML > > Any help would be appreciated. > > Dave > > -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/e5546f9d/attachment.html From drew.marshall at technologytiger.net Sun Jun 15 22:52:53 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sun Jun 15 22:53:06 2008 Subject: Testing In-Reply-To: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> References: <83FEDB42-7277-4357-BB8F-BC4F433807EA@rtpty.com> Message-ID: <4114004F-E289-438E-A0DA-BC56819A4D79@technologytiger.net> On 15 Jun 2008, at 02:15, Alex Neuman wrote: > Sent from my iPhone But not one of the 3G ones (Yet!) -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From rcooper at dwford.com Mon Jun 16 01:08:37 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 16 01:08:52 2008 Subject: Upgrade problems In-Reply-To: <485583B3.5090801@zuka.net> References: <485583B3.5090801@zuka.net> Message-ID: _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Filchak Sent: Sunday, June 15, 2008 5:04 PM To: mailscanner@lists.mailscanner.info Subject: Upgrade problems I searched the archives but for some reason never got much that helped back. I have been getting the following error in my logs: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . [Rick Cooper] Is clamd actually running? If so make sure the socket/port in MailScanner.conf is correct. There is a reason clamd cannot be reached. I tried restarting but no love there. So I thought I would try to update clamd (which is configured properly in MailScanner.conf. I am still getting the error about and, when I run freshclam, I get the following: ERROR: Parse error at line 243: Unknown option ArchiveMaxFileSize. WARNING: Clamd was NOT notified: Can't find or parse configuration file /usr/local/etc/clamd.conf [Rick Cooper] Make sure your config only has the options of the latest clamd. There were several config options changed/replaced in the latest version. Also. make sure you haven't installed two versions side by side, which can and has happend (with diffrent install prefixes) The clamd.conf is where it is supposed to be and is owned by root. I did try to change the ownership to clamav but that did not help. I tried renaming the daily and mail cvd files and downloaded fresh copies but again ... no change. I apologize if this has been discussed earlier but I really did not get much back from my search of the archives ... or from Google either for that matter. Here is my config: [root@#### ~]# MailScanner -V Running on Linux ####.zuka.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.63.8 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.77 Mail::Header 1.87 Math::BigInt 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.74 Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.58 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder missing ExtUtils::ParseXS 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country 0.17 Mail::ClamAV 3.002003 Mail::SpamAssassin missing Mail::SPF 1.997 Mail::SPF::Query 0.20 Math::BigRat 0.2808 Module::Build 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.65 YAML Any help would be appreciated. Dave -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080615/ae17e353/attachment.html From lists at designmedia.com Mon Jun 16 02:26:33 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 02:26:56 2008 Subject: What "Other Checks" problems? Message-ID: Hi, When I run --lint, MailScanner says that there is 1 problems (sic) found in "Other Checks". What might this be? Is it simply referring to the fact that it found something that the virus scanner tagged? Thanks. Below is the virus/content section from --lint: =========================================================================== Virus and Content Scanning: Starting /var/spool/MailScanner/incoming/11290/./1.message: Eicar-Test-Signature FOUND /var/spool/MailScanner/incoming/11290/./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1 came from 192.168.1.1 Infected message 1.message came from Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From edward at tdcs.com.au Mon Jun 16 02:37:20 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Mon Jun 16 02:38:43 2008 Subject: What "Other Checks" problems? In-Reply-To: References: Message-ID: > Hi, > > When I run --lint, MailScanner says that there is 1 problems (sic) > found in > "Other Checks". What might this be? Is it simply referring to the > fact that it > found something that the virus scanner tagged? > > Thanks. I believe that is completely expected behaviour. I think if you're NOT seeing that you have a problem. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mi6 at orcon.net.nz Mon Jun 16 04:41:03 2008 From: mi6 at orcon.net.nz (Charlie) Date: Mon Jun 16 04:41:17 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> By the way, my CPU is Pentium 4, 2.4GHz and there is 1GB of RAM. Emails are now taking 2-5 seconds to scan - is this normal for this configuration? We've disabled spam checking on emails larger than 40KB and that helped a great deal. Server's details: # free total used free shared buffers cached Mem: 1028576 835056 193520 0 117124 264136 -/+ buffers/cache: 453796 574780 Swap: 996020 21148 974872 # uptime 03:34:13 up 222 days, 45 min, 2 users, load average: 1.12, 0.71, 0.43 # cat /proc/meminfo MemTotal: 1028576 kB MemFree: 182964 kB Buffers: 116612 kB Cached: 263300 kB SwapCached: 3028 kB Active: 624508 kB Inactive: 175076 kB HighTotal: 122856 kB HighFree: 236 kB LowTotal: 905720 kB LowFree: 182728 kB SwapTotal: 996020 kB SwapFree: 974872 kB Dirty: 364 kB Writeback: 0 kB AnonPages: 419628 kB Mapped: 25792 kB Slab: 38296 kB PageTables: 2372 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 1510308 kB Committed_AS: 815640 kB VmallocTotal: 114680 kB VmallocUsed: 2676 kB VmallocChunk: 111648 kB # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Pentium(R) 4 CPU 2.40GHz stepping : 7 cpu MHz : 2405.624 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up cid bogomips : 4815.03 From Robert.Meurlin at se.fujitsu.com Mon Jun 16 06:43:55 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon Jun 16 06:45:05 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> Message-ID: <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> Does anyone have more ides? Have looked at everything I can think of. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Meurlin Robert Skickat: den 14 juni 2008 10:13 Till: MailScanner discussion ?mne: SV: mailscanner dont process email at all Yes have looked at that the only odd thing i see is "nagios_server did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" from a new server (nagios with postfix settings) we installed on Wednesday. I also fixed envelope_sender_header as it complained MailScanner --lint Trying to setlogsock(unix) Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.69.9) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor don't think pyzor and unrar is the problem as it just seems to skip that lines. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Hugo van der Kooij Skickat: den 14 juni 2008 09:14 Till: MailScanner discussion ?mne: Re: mailscanner dont process email at all -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meurlin Robert wrote: | We had a stop yesterday lunchtime on one of our mailservers that the | incoming increased and increased Round up the usual suspects. ~ - Stop MailScanner and sendmail, then start MailScanner. ~ - Verify your config wit the usual commands Pay attention to your logs while you do it as you may see odd events at startup. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIU2/SBvzDRVjxmYERAr24AKCi3xXJ9kEqE/DaEMSVYZK9gn60HwCgpIQB OpK1ubneBB1CckFFce6nsGE= =9MJS -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailwatch.kp at gmail.com Mon Jun 16 07:32:42 2008 From: mailwatch.kp at gmail.com (vinayan KP) Date: Mon Jun 16 07:32:55 2008 Subject: Re Help with spamassassin+mailscanner Message-ID: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> Sir, I sent the following reply 12 days back and I was wondering why I was not getting any reply. Noticed the bounced messages saying my mail exceeded the limit and I guess it was because of the attachement to show how my existing mailscanner before my posftix server. Hope some one will have time to go through it and guide me... Regards Vinau ---------- Forwarded message ---------- From: vinayan KP Date: Thu, Jun 5, 2008 at 3:59 PM Subject: Re: Help with spamassassin+mailscanner To: MailScanner discussion Sir, Sorry for the delayed response. I could work on the issue only day before afte I received your suggestions and I did the fillowing as per your mails. But still Mails with low SA Score gets through as clean mail. (I get to knwo this because of the following : For us the mails are received by a system that runs mailscanner, which was installed more than 4 years back by a private party and they charge for configuring and maintaining it. Earlier we were using a qmail system and the private party could not configure mailscanner for qmail on the mail server (again managed by another private party on contract). So they installed it on a separate system which would receive all the mails for our domain and do the spam check, tag the subject line and then forward it to the mail server. This old mailscanner still works well and catches low and high scoring mails properly. About 18 months back the old qmail server had a problem and I installed a new mail server using postfix. Now the old mailscanner system is started showing problems which made me to install mailscanner, clamave and spamassassin on the new postfix server. My new mailscanner on the new postfix (for which i am asking my doubts) system catchs only those mails where SA score is > Required SpamAssassin Score (i set is as 3). But I can see the old mailscanner catches mails where SA score is < Required SpamAssassin Score = 3 and tags it as {Spam?} and when that mails reaches the new postfix server, the mailscanner on it lets the mail go as clean!!! I am attaching a screen shot of the mailwatch which shows this). I did the followign as per your mail: (1) Installed pysor ------------------------------------------------------------------------------------------------------------------------------------ (2) set the bays path and permissions: I set the bayes_pasth in /etc/MailScanner/spam.assassin.prefs.conf and restarted spamd and MailScanner: bayes_path /var/spool/MailScanner/spamassassin/bayes This created the bayes_* files in /var/spool/MailScanner/spamassassin/ and the permissions are ass follows, where spamassing is run by spamuser : mail:/var/spool/MailScanner # ls -l total 12 drwx------ 7 postfix postfix 4096 Jun 5 14:30 incoming drwx------ 113 postfix www 4096 Jun 5 06:14 quarantine drwxr-xr-x 2 postfix postfix 4096 Jun 4 15:49 spamassassin mail:/var/spool/MailScanner/spamassassin # ls -l total 11732 -rw------- 1 spamuser postfix 1134 Jun 5 14:30 bayes.mutex -rw-rw---- 1 spamuser postfix 104928 Jun 5 14:30 bayes_journal -rw------- 1 spamuser postfix 10416128 Jun 5 13:59 bayes_seen -rw-rw---- 1 spamuser postfix 5455872 Jun 5 14:30 bayes_toks ------------------------------------------------------------------------------------------------------------------------------------ (3) Trained spamassassin+mailscaner Ran the sa-learn as follows : mail:/ # sa-learn --no-sync --spam /home/user1/Maildir/.spam/cur/ Learned tokens from 1388 message(s) (1388 message(s) examined) mail:/ # sa-learn --no-sync --ham /home/user1/Maildir/cur/ Learned tokens from 438 message(s) (459 message(s) examined) ------------------------------------------------------------------------------------------------------------------------------------ Ran spamassassin -D - - lint and didnt show any error or warning : mail:/etc/MailScanner # spamassassin -D --lint [23477] dbg: logger: adding facilities: all [23477] dbg: logger: logging level is DBG [23477] dbg: generic: SpamAssassin version 3.1.6 [23477] dbg: config: score set 0 chosen. [23477] dbg: util: running in taint mode? yes [23477] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [23477] dbg: util: PATH included '/sbin', keeping [23477] dbg: util: PATH included '/usr/sbin', keeping [23477] dbg: util: PATH included '/usr/local/sbin', keeping [23477] dbg: util: PATH included '/opt/gnome/sbin', keeping [23477] dbg: util: PATH included '/root/bin', keeping [23477] dbg: util: PATH included '/usr/local/bin', keeping [23477] dbg: util: PATH included '/usr/bin', keeping [23477] dbg: util: PATH included '/usr/X11R6/bin', keeping [23477] dbg: util: PATH included '/bin', keeping [23477] dbg: util: PATH included '/usr/games', keeping [23477] dbg: util: PATH included '/opt/gnome/bin', keeping [23477] dbg: util: PATH included '/opt/kde3/bin', keeping [23477] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping [23477] dbg: util: PATH included '/usr/lib/mit/bin', keeping [23477] dbg: util: PATH included '/usr/lib/mit/sbin', keeping [23477] dbg: util: PATH included '/usr/lib/qt3/bin', keeping [23477] dbg: util: final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin [23477] dbg: message: ---- MIME PARSER START ---- [23477] dbg: message: main message type: text/plain [23477] dbg: message: parsing normal part [23477] dbg: message: added part, type: text/plain [23477] dbg: message: ---- MIME PARSER END ---- [23477] dbg: dns: is Net::DNS::Resolver available? yes [23477] dbg: dns: Net::DNS version: 0.59 [23477] dbg: diag: perl platform: 5.008008 linux [23477] dbg: diag: module installed: Digest::SHA1, version 2.11 [23477] dbg: diag: module installed: HTML::Parser, version 3.55 [23477] dbg: diag: module installed: MIME::Base64, version 3.07 [23477] dbg: diag: module installed: DB_File, version 1.814 [23477] dbg: diag: module installed: Net::DNS, version 0.59 [23477] dbg: diag: module installed: Net::SMTP, version 2.29 [23477] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) [23477] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [23477] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [23477] dbg: diag: module not installed: Net::Ident ('require' failed) [23477] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [23477] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [23477] dbg: diag: module installed: Time::HiRes, version 1.86 [23477] dbg: diag: module installed: DBI, version 1.52 [23477] dbg: diag: module installed: Getopt::Long, version 2.35 [23477] dbg: diag: module installed: LWP::UserAgent, version 2.033 [23477] dbg: diag: module installed: HTTP::Date, version 1.47 [23477] dbg: diag: module installed: Archive::Tar, version 1.30 [23477] dbg: diag: module installed: IO::Zlib, version 1.04 [23477] dbg: ignore: using a test message to lint rules [23477] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [23477] dbg: config: read file /etc/mail/spamassassin/init.pre [23477] dbg: config: read file /etc/mail/spamassassin/v310.pre [23477] dbg: config: read file /etc/mail/spamassassin/v312.pre [23477] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [23477] dbg: config: using "/usr/share/spamassassin" for default rules dir [23477] dbg: config: read file /usr/share/spamassassin/10_misc.cf [23477] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [23477] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [23477] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [23477] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [23477] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [23477] dbg: config: read file /usr/share/spamassassin/20_porn.cf [23477] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [23477] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [23477] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [23477] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [23477] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [23477] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [23477] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [23477] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [23477] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [23477] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [23477] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [23477] dbg: config: read file /usr/share/spamassassin/25_replace.cf [23477] dbg: config: read file /usr/share/spamassassin/25_spf.cf [23477] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [23477] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [23477] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [23477] dbg: config: read file /usr/share/spamassassin/50_scores.cf [23477] dbg: config: read file /usr/share/spamassassin/60_awl.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [23477] dbg: config: using "/etc/mail/spamassassin" for site rules dir [23477] dbg: config: read file /etc/mail/spamassassin/local.cf [23477] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d728c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa404) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [23477] dbg: pyzor: local tests only, disabling Pyzor [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9110c64) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [23477] dbg: razor2: local tests only, skipping Razor [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcecc) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [23477] dbg: reporter: local tests only, disabling SpamCop [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df794) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a478) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917971c) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185ed4) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192b04) [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) [23477] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [23477] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [23477] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [23477] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [23477] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [23477] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [23477] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) implements 'finish_parsing_end' [23477] dbg: replacetags: replacing tags [23477] dbg: replacetags: done replacing tags [23477] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks [23477] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen [23477] dbg: bayes: found bayes db version 3 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: config: score set 2 chosen. [23477] dbg: message: ---- MIME PARSER START ---- [23477] dbg: message: main message type: text/plain [23477] dbg: message: parsing normal part [23477] dbg: message: added part, type: text/plain [23477] dbg: message: ---- MIME PARSER END ---- [23477] dbg: dns: is DNS available? 0 [23477] dbg: metadata: X-Spam-Relays-Trusted: [23477] dbg: metadata: X-Spam-Relays-Untrusted: [23477] dbg: metadata: X-Spam-Relays-Internal: [23477] dbg: metadata: X-Spam-Relays-External: [23477] dbg: message: no encoding detected [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'parsed_metadata' [23477] dbg: rules: local tests only, ignoring RBL eval [23477] dbg: check: running tests for priority: 0 [23477] dbg: rules: running header regexp tests; score so far=0 [23477] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [23477] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1212657279" [23477] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1212657279@lint_rules> [23477] dbg: rules: " [23477] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [23477] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [23477] dbg: eval: all '*To' addrs: [23477] dbg: rules: ran eval rule NO_RELAYS ======> got hit [23477] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [23477] dbg: rules: running body-text per-line regexp tests; score so far=-0.001 [23477] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [23477] dbg: uri: running uri tests; score so far=-0.001 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: bayes: corpus size: nspam = 32262, nham = 41823 [23477] dbg: bayes: score = 0.155182683190695 [23477] dbg: bayes: DB expiry: tokens in DB: 145489, Expiry max size: 150000, Oldest atime: 1211879603, Newest atime: 1212656437, Last expire: 1212572821, Current time: 1212657280 [23477] dbg: bayes: DB journal sync: last sync: 1212657053 [23477] dbg: bayes: untie-ing [23477] dbg: bayes: untie-ing db_toks [23477] dbg: bayes: untie-ing db_seen [23477] dbg: rules: ran eval rule BAYES_20 ======> got hit [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.741 [23477] dbg: rules: running full-text regexp tests; score so far=-0.741 [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'check_tick' [23477] dbg: check: running tests for priority: 500 [23477] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements 'check_post_dnsbl' [23477] dbg: rules: running meta tests; score so far=-0.741 [23477] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [23477] dbg: rules: running header regexp tests; score so far=1.416 [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [23477] dbg: uri: running uri tests; score so far=1.416 [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [23477] dbg: rules: running full-text regexp tests; score so far=1.416 [23477] dbg: check: running tests for priority: 1000 [23477] dbg: rules: running meta tests; score so far=1.416 [23477] dbg: rules: running header regexp tests; score so far=1.416 [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [23477] dbg: uri: running uri tests; score so far=1.416 [23477] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [23477] dbg: rules: running full-text regexp tests; score so far=1.416 [23477] dbg: check: is spam? score=1.416 required=3 [23477] dbg: check: tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [23477] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID --------------------------------------------------------------------------------------------------------------------------------- Then I set the following in /etc/MailScanner/MailScanner.conf and restarted MailScanner: Spam Checks = yes Spam List = spamhaus.org SBL+XBL Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 2 -------------------------------------------------------------------------------------------------------------------------------- My /etc/MailScanner/MailScanner.conf is as follows: %org-name% = < This i am not giving> %org-long-name% = < this i am not giving > %web-site% = www.your-organisation.com %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = postfix Run As Group = postfix Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = root Quarantine Group = www Quarantine Permissions = 0660 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 2 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Allowed Sophos Error Messages = Sophos IDE Dir = /usr/local/Sophos/ide Sophos Lib Dir = /usr/local/Sophos/lib Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 5 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = spamhaus.org SBL+XBL Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 2 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = yes Max SpamAssassin Size = 40k Required SpamAssassin Score = 3 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = &MailWatchLogging Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------------------------------------------------------------------------------------------------------------------------------- My /etc/MailScanner/spam.assassin.prefs.conf is as follows: dns_available yes bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0770 bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information lock_method flock use_auto_whitelist 0 ifplugin Mail::SpamAssassin::Plugin::Pyzor pyzor_path /usr/local/bin/pyzor endif ifplugin Mail::SpamAssassin::Plugin::DCC dcc_path /usr/local/bin/dccproc endif score RCVD_IN_BL_SPAMCOP_NET 4 envelope_sender_header X-MailScanner-From ------------------------------------------------------------------------------------------------------------------------------------- sa-learn --dump magic -D shows the follows: mail:/var/spool/MailScanner/spamassassin # sa-learn --dump magic -D [27360] dbg: logger: adding facilities: all [27360] dbg: logger: logging level is DBG [27360] dbg: generic: SpamAssassin version 3.1.6 [27360] dbg: config: score set 0 chosen. [27360] dbg: util: running in taint mode? yes [27360] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [27360] dbg: util: PATH included '/sbin', keeping [27360] dbg: util: PATH included '/usr/sbin', keeping [27360] dbg: util: PATH included '/usr/local/sbin', keeping [27360] dbg: util: PATH included '/opt/gnome/sbin', keeping [27360] dbg: util: PATH included '/root/bin', keeping [27360] dbg: util: PATH included '/usr/local/bin', keeping [27360] dbg: util: PATH included '/usr/bin', keeping [27360] dbg: util: PATH included '/usr/X11R6/bin', keeping [27360] dbg: util: PATH included '/bin', keeping [27360] dbg: util: PATH included '/usr/games', keeping [27360] dbg: util: PATH included '/opt/gnome/bin', keeping [27360] dbg: util: PATH included '/opt/kde3/bin', keeping [27360] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping [27360] dbg: util: PATH included '/usr/lib/mit/bin', keeping [27360] dbg: util: PATH included '/usr/lib/mit/sbin', keeping [27360] dbg: util: PATH included '/usr/lib/qt3/bin', keeping [27360] dbg: util: final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin [27360] dbg: message: ---- MIME PARSER START ---- [27360] dbg: message: main message type: text/plain [27360] dbg: message: parsing normal part [27360] dbg: message: added part, type: text/plain [27360] dbg: message: ---- MIME PARSER END ---- [27360] dbg: dns: is Net::DNS::Resolver available? yes [27360] dbg: dns: Net::DNS version: 0.59 [27360] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [27360] dbg: config: read file /etc/mail/spamassassin/init.pre [27360] dbg: config: read file /etc/mail/spamassassin/v310.pre [27360] dbg: config: read file /etc/mail/spamassassin/v312.pre [27360] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [27360] dbg: config: using "/usr/share/spamassassin" for default rules dir [27360] dbg: config: read file /usr/share/spamassassin/10_misc.cf [27360] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [27360] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [27360] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [27360] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [27360] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [27360] dbg: config: read file /usr/share/spamassassin/20_porn.cf [27360] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [27360] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [27360] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [27360] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [27360] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [27360] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [27360] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [27360] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [27360] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [27360] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [27360] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [27360] dbg: config: read file /usr/share/spamassassin/25_replace.cf [27360] dbg: config: read file /usr/share/spamassassin/25_spf.cf [27360] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [27360] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [27360] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [27360] dbg: config: read file /usr/share/spamassassin/50_scores.cf [27360] dbg: config: read file /usr/share/spamassassin/60_awl.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [27360] dbg: config: using "/etc/mail/spamassassin" for site rules dir [27360] dbg: config: read file /etc/mail/spamassassin/local.cf [27360] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f090) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e115ec) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e34804) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [27360] dbg: pyzor: network tests on, attempting Pyzor [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e3a0bc) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [27360] dbg: razor2: razor2 is not available [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13f68) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [27360] dbg: reporter: network tests on, attempting SpamCop [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3f54) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b2d4) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043ef8) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f50) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052c34) [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) [27360] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [27360] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [27360] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [27360] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [27360] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [27360] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [27360] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) implements 'finish_parsing_end' [27360] dbg: replacetags: replacing tags [27360] dbg: replacetags: done replacing tags [27360] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks [27360] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen [27360] dbg: bayes: found bayes db version 3 [27360] dbg: bayes: DB journal sync: last sync: 1212657053 [27360] dbg: config: score set 3 chosen. 0.000 0 3 0 non-token data: bayes db version 0.000 0 32262 0 non-token data: nspam 0.000 0 41829 0 non-token data: nham 0.000 0 145597 0 non-token data: ntokens 0.000 0 1211879603 0 non-token data: oldest atime 0.000 0 1212660698 0 non-token data: newest atime 0.000 0 1212657053 0 non-token data: last journal sync atime 0.000 0 1212572821 0 non-token data: last expiry atime 0.000 0 691200 0 non-token data: last expire atime delta 0.000 0 59972 0 non-token data: last expire reduction count [27360] dbg: bayes: untie-ing [27360] dbg: bayes: untie-ing db_toks [27360] dbg: bayes: untie-ing db_seen ------------------------------------------------------------------------------------------------------------------------------------- Please help me so that i can fix my mailscanner to catch low scoring spams. Also please tell me how do i know whether mailscanner is using and checking the lists specified in SPAM LIST. I can not see any error in /var/log/mail. I can see spamd entries getting logged only when our users send mails, not when receiving mails from outside like the following: ----------------------------------------- Jun 5 15:32:39 mail spamd[23430]: spamd: result: . -3 - ALL_TRUSTED,BAYES_00 scantime=0.6,size=2036,user=spamuser,uid=3000,required_score=3.0, rhost=localhost,raddr=127.0.0.1,rport=27589,mid=<1675.122.163.77.164.1212660155. squirrel@mail.econdse.org>,bayes=5.55111512312578e-17,autolearn=ham -------------------------------------------------------------------------------- Hope you would be kind enough to go through my mail and help me out. Regards vinu On Tue, May 27, 2008 at 8:49 PM, Scott Silva wrote: > Comments are inline ... > >> Dear all, >> I am just a beginner to postfix,spamassassin,Mailscanner and >> mailwatch. I recently installed a mail server with the following and >> is working fine except for one problem that mailscanner+spamassassin >> combination is not detecting mails with SA Score lower than the >> Required Spamassassin score ( I use 3) as spam though they are >> definitely spam. The mailscanner+spamassassin combination tags mails >> with SA score greater than the Required Spamassassin score as spam. >> >> postfix.2.3.2-28 >> Spamassassin.3.1.6-15 >> MailScanner 4.58.9 > > All older versions of the software. It might be adding to your problems. >> >> I have been reading different posts on mailscanner and about >> spamassassin to understand why low scoring mails are not detected as >> spam by mailscanner+spamassassin. >> >> The following are the things I could find out . >> >> 1. The headers of mails does not contain "autolearn=spam" in the mail >> header and rest of the fields are there. (See below) >> >> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09, >> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00, >> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12, >> INFO_TLD 1.27) >> >> 2. the /root/.spamassassin folder does not contain any bayes related >> database. > > When running with postfix, MailScanner runs as postfix and cannot access the > /root directory. Maybe you missed some steps in the postfix howtos. > http://www.mailscanner.info/postfix.html and > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > You need the bayes directory somewhere that the postfix user can access. > > Maybe Glenn will chime in here. > > >> >> 3. I could not see anything in /var/log/mail which says mailscanner >> is checking the Spam Lists. >> >> *********************************************** >> When I tried to test the spamassassin configuration with "spamassassin >> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please >> rerun with debug enabled for more information" >> >> Please see the result below. : >> >> >> --------------------------------------------------------------------------------------------- >> mail:/etc/MailScanner # spamassassin -D --lint >> >> [4882] dbg: logger: adding facilities: all >> [4882] dbg: logger: logging level is DBG >> [4882] dbg: generic: SpamAssassin version 3.1.6 >> [4882] dbg: config: score set 0 chosen. >> [4882] dbg: util: running in taint mode? yes >> [4882] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [4882] dbg: util: PATH included '/sbin', keeping >> [4882] dbg: util: PATH included '/usr/sbin', keeping >> [4882] dbg: util: PATH included '/usr/local/sbin', keeping >> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping >> [4882] dbg: util: PATH included '/root/bin', keeping >> [4882] dbg: util: PATH included '/usr/local/bin', keeping >> [4882] dbg: util: PATH included '/usr/bin', keeping >> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping >> [4882] dbg: util: PATH included '/bin', keeping >> [4882] dbg: util: PATH included '/usr/games', keeping >> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping >> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping >> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >> [4882] dbg: util: final PATH set to: >> >> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >> [4882] dbg: message: ---- MIME PARSER START ---- >> [4882] dbg: message: main message type: text/plain >> [4882] dbg: message: parsing normal part >> [4882] dbg: message: added part, type: text/plain >> [4882] dbg: message: ---- MIME PARSER END ---- >> [4882] dbg: dns: is Net::DNS::Resolver available? yes >> [4882] dbg: dns: Net::DNS version: 0.59 >> [4882] dbg: diag: perl platform: 5.008008 linux >> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [4882] dbg: diag: module installed: HTML::Parser, version 3.55 >> [4882] dbg: diag: module installed: MIME::Base64, version 3.07 >> [4882] dbg: diag: module installed: DB_File, version 1.814 >> [4882] dbg: diag: module installed: Net::DNS, version 0.59 >> [4882] dbg: diag: module installed: Net::SMTP, version 2.29 >> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require' >> failed) >> [4882] dbg: diag: module not installed: IP::Country::Fast ('require' >> failed) >> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' >> failed) >> [4882] dbg: diag: module not installed: Net::Ident ('require' failed) >> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' >> failed) >> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >> [4882] dbg: diag: module installed: Time::HiRes, version 1.86 >> [4882] dbg: diag: module installed: DBI, version 1.52 >> [4882] dbg: diag: module installed: Getopt::Long, version 2.35 >> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [4882] dbg: diag: module installed: HTTP::Date, version 1.47 >> [4882] dbg: diag: module installed: Archive::Tar, version 1.30 >> [4882] dbg: diag: module installed: IO::Zlib, version 1.04 >> [4882] dbg: ignore: using a test message to lint rules >> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre >> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir >> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [4882] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >> [4882] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf >> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >> [4882] dbg: pyzor: local tests only, disabling Pyzor >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >> [4882] dbg: razor2: local tests only, skipping Razor >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >> [4882] dbg: reporter: local tests only, disabling SpamCop >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8) >> [4882] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c) >> [4882] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >> @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844) >> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >> @INC >> [4882] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >> [4882] dbg: config: adding redirector regex: >> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >> [4882] dbg: config: adding redirector regex: >> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >> [4882] dbg: config: adding redirector regex: >> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >> [4882] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [4882] warn: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements >> 'finish_parsing_end' >> [4882] dbg: replacetags: replacing tags >> [4882] dbg: replacetags: done replacing tags >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks > > Here is your error. Mailscanner running as postfix cannot access /root > directory. You need to set a bayes path somewhere that postfix has access, > and then you will need to do some training. > >> [4882] dbg: config: score set 0 chosen. >> [4882] dbg: message: ---- MIME PARSER START ---- >> [4882] dbg: message: main message type: text/plain >> [4882] dbg: message: parsing normal part >> [4882] dbg: message: added part, type: text/plain >> [4882] dbg: message: ---- MIME PARSER END ---- >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [4882] dbg: dns: is DNS available? 0 >> [4882] dbg: metadata: X-Spam-Relays-Trusted: >> [4882] dbg: metadata: X-Spam-Relays-Untrusted: >> [4882] dbg: metadata: X-Spam-Relays-Internal: >> [4882] dbg: metadata: X-Spam-Relays-External: >> [4882] dbg: message: no encoding detected >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'parsed_metadata' >> [4882] dbg: rules: local tests only, ignoring RBL eval >> [4882] dbg: check: running tests for priority: 0 >> [4882] dbg: rules: running header regexp tests; score so far=0 >> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" >> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: >> "1211883990" >> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit: >> "<1211883990@lint_rules> >> [4882] dbg: rules: " >> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: >> "@lint_rules>" >> [4882] dbg: eval: all '*From' addrs: >> ignore@compiling.spamassassin.taint.org >> [4882] dbg: eval: all '*To' addrs: >> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit >> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=-0.001 >> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" >> [4882] dbg: uri: running uri tests; score so far=-0.001 >> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [4882] dbg: bayes: not scoring message, returning undef >> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=-0.001 >> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001 >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'check_tick' >> [4882] dbg: check: running tests for priority: 500 >> [4882] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >> 'check_post_dnsbl' >> [4882] dbg: rules: running meta tests; score so far=-0.001 >> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency >> 'DCC_CHECK' >> [4882] dbg: rules: running header regexp tests; score so far=1.866 >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=1.866 >> [4882] dbg: uri: running uri tests; score so far=1.866 >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=1.866 >> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >> [4882] dbg: check: running tests for priority: 1000 >> [4882] dbg: rules: running meta tests; score so far=1.866 >> [4882] dbg: rules: running header regexp tests; score so far=1.866 >> [4882] dbg: rules: running body-text per-line regexp tests; score so >> far=1.866 >> [4882] dbg: uri: running uri tests; score so far=1.866 >> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >> so far=1.866 >> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >> [4882] dbg: check: is spam? score=1.866 required=5 >> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE >> [4882] dbg: check: >> >> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >> [4882] warn: lint: 1 issues detected, please rerun with debug enabled >> for more information >> >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------ >> >> Is the warning because of >> >> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [4882] warn: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> >> and can I ignore it?? ( I dont have pyzor installed. Is it a must to >> have pyzor installed??) > > Either install pyzor, or disable the plugin line that tries to load it. > Look in all your .pre files in /etc/mail/spamassassin >> >> >> ******************************************************************************************************************* >> >> >> When I tried sa-learn --dump magic -D, I got the following error : >> >> ERROR: Bayes dump returned an error, please re-run with -D for more >> information > > Again, no bayes db to dump. >> >> >> >> ----------------------------------------------------------------------------------------- >> mail:/etc/mail/spamassassin # sa-learn --dump magic -D >> [2675] dbg: logger: adding facilities: all >> [2675] dbg: logger: logging level is DBG >> [2675] dbg: generic: SpamAssassin version 3.1.6 >> [2675] dbg: config: score set 0 chosen. >> [2675] dbg: util: running in taint mode? yes >> [2675] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [2675] dbg: util: PATH included '/sbin', keeping >> [2675] dbg: util: PATH included '/usr/sbin', keeping >> [2675] dbg: util: PATH included '/usr/local/sbin', keeping >> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping >> [2675] dbg: util: PATH included '/root/bin', keeping >> [2675] dbg: util: PATH included '/usr/local/bin', keeping >> [2675] dbg: util: PATH included '/usr/bin', keeping >> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping >> [2675] dbg: util: PATH included '/bin', keeping >> [2675] dbg: util: PATH included '/usr/games', keeping >> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping >> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping >> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >> [2675] dbg: util: final PATH set to: >> >> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >> [2675] dbg: message: ---- MIME PARSER START ---- >> [2675] dbg: message: main message type: text/plain >> [2675] dbg: message: parsing normal part >> [2675] dbg: message: added part, type: text/plain >> [2675] dbg: message: ---- MIME PARSER END ---- >> [2675] dbg: dns: is Net::DNS::Resolver available? yes >> [2675] dbg: dns: Net::DNS version: 0.59 >> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre >> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir >> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [2675] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >> [2675] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf >> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >> [2675] dbg: pyzor: network tests on, attempting Pyzor >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >> [2675] dbg: razor2: razor2 is not available >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >> [2675] dbg: reporter: network tests on, attempting SpamCop >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0) >> [2675] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14) >> [2675] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >> @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8) >> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >> @INC >> [2675] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >> [2675] dbg: config: adding redirector regex: >> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >> [2675] dbg: config: adding redirector regex: >> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >> [2675] dbg: config: adding redirector regex: >> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >> [2675] dbg: config: adding redirector regex: >> >> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >> [2675] info: config: SpamAssassin failed to parse line, >> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >> /usr/bin/pyzor >> [2675] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements >> 'finish_parsing_end' >> [2675] dbg: replacetags: replacing tags >> [2675] dbg: replacetags: done replacing tags >> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [2675] dbg: config: score set 1 chosen. >> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> ERROR: Bayes dump returned an error, please re-run with -D for more >> information >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> --> Am I getting this error because there are no bayes related files >> in the /root/.spamassassin directory?? (its empty now) >> >> --> If yes, should I use the following command to create them?? >> >> # sa-learn --showdots --spam >> /home//Maildir/cur (this is my inbox) >> >> >> # sa-learn --showdots --ham /home/Maildir/.spam/cur >> (this is where i filter all my {spam?} tagged mails) >> >> >> ---> After this if i restart spamassassin, will >> spamassassin+mailscanner start doing the bayes autolearn and check the >> lists specified in Spam Lists option of the mailscanner? If not, what >> should I do to get my spamassassin+mailscanner start doing the bayes >> autolearn and check the lists specified in Spam Lists option of the >> mailscanner? >> >> >> Hope someone would be kind enough to help me. >> >> Expecting an early reply >> >> sincerely yours > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From hvdkooij at vanderkooij.org Mon Jun 16 07:42:41 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 07:42:50 2008 Subject: What "Other Checks" problems? In-Reply-To: References: Message-ID: <48560B61.3070704@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Kwan wrote: | Virus and Content Scanning: Starting | /var/spool/MailScanner/incoming/11290/./1.message: Eicar-Test-Signature FOUND | | /var/spool/MailScanner/incoming/11290/./1/eicar.com: Eicar-Test-Signature FOUND | | Virus Scanning: ClamAV found 2 infections | Infected message 1 came from 192.168.1.1 | Infected message 1.message came from | Virus Scanning: Found 2 viruses | Filename Checks: (1 eicar.com) | Other Checks: Found 1 problems There are two instances of the EICAR string. 1 is identified in the file eicar.com and the other as part of the message itself. But without a filename to relate it to it is named as other check. So there is no problem. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVgtgBvzDRVjxmYERAiDRAJ4tVFRNyHSuKCGI9QlF7lQcrlM5vQCfVtxs E1rfhJzOszV07T1Tsu7Ob64= =rSzR -----END PGP SIGNATURE----- From john at tradoc.fr Mon Jun 16 08:08:03 2008 From: john at tradoc.fr (John Wilcock) Date: Mon Jun 16 08:08:29 2008 Subject: Health update In-Reply-To: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> Message-ID: <48561153.3080806@tradoc.fr> --[ UxBoD ]-- a ?crit : > All the best Jules ... Wish you a short wait and a very speedy > recovery ... Make sure the nice nurse keeps your laptop well out of > reach! I beg to differ ;-) Keeping Julian from his laptop would be terrible for his mental well-being! Julian, may the time that you're *not* straining to get at your laptop after the op be as short as possible! John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From martinh at solidstatelogic.com Mon Jun 16 08:59:15 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 16 08:59:29 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> Message-ID: <8fed8158a25ad74ba3e35a32377e9748@solidstatelogic.com> Charlie 2-5 seconds per batch is pretty fast. Anything under 1 minute is acceptable IMHO. Why the concern about scan times?? Email isn't IM :-). Seriously why the concern about scan times? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 16 June 2008 04:41 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > By the way, my CPU is Pentium 4, 2.4GHz and there is 1GB of RAM. > Emails are now taking 2-5 seconds to scan - is this normal > for this configuration? We've disabled spam checking on > emails larger than 40KB and that helped a great deal. > > Server's details: > > # free > total used free shared > buffers cached > Mem: 1028576 835056 193520 0 > 117124 264136 > -/+ buffers/cache: 453796 574780 > Swap: 996020 21148 974872 > > # uptime > 03:34:13 up 222 days, 45 min, 2 users, load average: 1.12, > 0.71, 0.43 > > # cat /proc/meminfo > MemTotal: 1028576 kB > MemFree: 182964 kB > Buffers: 116612 kB > Cached: 263300 kB > SwapCached: 3028 kB > Active: 624508 kB > Inactive: 175076 kB > HighTotal: 122856 kB > HighFree: 236 kB > LowTotal: 905720 kB > LowFree: 182728 kB > SwapTotal: 996020 kB > SwapFree: 974872 kB > Dirty: 364 kB > Writeback: 0 kB > AnonPages: 419628 kB > Mapped: 25792 kB > Slab: 38296 kB > PageTables: 2372 kB > NFS_Unstable: 0 kB > Bounce: 0 kB > CommitLimit: 1510308 kB > Committed_AS: 815640 kB > VmallocTotal: 114680 kB > VmallocUsed: 2676 kB > VmallocChunk: 111648 kB > > # cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 15 > model : 2 > model name : Intel(R) Pentium(R) 4 CPU 2.40GHz > stepping : 7 > cpu MHz : 2405.624 > cache size : 512 KB > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 2 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep > mtrr pge mca > cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up cid > bogomips : 4815.03 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.anderlini at database.it Mon Jun 16 09:06:20 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 09:06:41 2008 Subject: Problem while updating perl Message-ID: <00cc01c8cf87$dc554710$2e01a8c0@dbdomain.database.it> Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. Today I've tried to update my sistem but I get this error msg: ======================================= Transaction Check Error: file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm from install of perl-5.8.5-36.el4_6.3 conflicts with file from package perl-Sys-Syslog-0.18-1 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslog.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from package perl-Sys-Syslog-0.18-1 ======================================= Could someone help me ? Thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From MailScanner at ecs.soton.ac.uk Mon Jun 16 09:19:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 16 09:19:35 2008 Subject: Problem while updating perl In-Reply-To: References: Message-ID: <48562204.2000805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rpm -e perl-Sys-Syslog then up2date -u then re-install MailScanner. Marcello Anderlini Database Informatica wrote: > Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. > Today I've tried to update my sistem but I get this error msg: > ======================================= > Transaction Check Error: > file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm from > install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslog.so > from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > ======================================= > > Could someone help me ? > > Thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIViIFEfZZRxQVtlQRAkHdAKDAoFDns0nXfr1YClsZe4CVtu8RsgCg0Y4P kIgnehDrl4ySJF3afJ5SAi0= =aMsm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Mon Jun 16 09:30:54 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 09:31:13 2008 Subject: R: Problem while updating perl In-Reply-To: <48562204.2000805@ecs.soton.ac.uk> References: <48562204.2000805@ecs.soton.ac.uk> Message-ID: <00d101c8cf8b$4af0fbd0$2e01a8c0@dbdomain.database.it> Thanks but is there a way to avoid reinstall mailscanner ? It's a production server and I would prefer to not reinstall if it's possible. thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Julian Field Inviato: luned? 16 giugno 2008 10.19 A: MailScanner discussion Oggetto: Re: Problem while updating perl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rpm -e perl-Sys-Syslog then up2date -u then re-install MailScanner. Marcello Anderlini Database Informatica wrote: > Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. > Today I've tried to update my sistem but I get this error msg: > ======================================= > Transaction Check Error: > file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm > from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > perl-Sys-Syslog-0.18-1 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo > g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from > package > perl-Sys-Syslog-0.18-1 > ======================================= > > Could someone help me ? > > Thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIViIFEfZZRxQVtlQRAkHdAKDAoFDns0nXfr1YClsZe4CVtu8RsgCg0Y4P kIgnehDrl4ySJF3afJ5SAi0= =aMsm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From stef at aoc-uk.com Mon Jun 16 10:38:41 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Mon Jun 16 10:38:47 2008 Subject: X-MailScanner-ID header Message-ID: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Hi guys, Is there any way to customise the X-MailScanner-ID header? I've checked through MailScanner.conf, but can't seem to find a reference to it. Also, does this header need a bayes_ignore_header line in spam.assassin.prefs.conf? Thanks Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers LTD computer network solution providers putting the technology in place that makes your information work for you. Visit our website for more information about how Alpha Omega can enhance your business. IMPORTANT: This E-Mail is confidential and may also be privileged. If you are not the intended recipient, please notify us immediately by telephoning +44 (0) 845 345 2820. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Alpha Omega Computers LTD does not accept liability for any such changes. If you wish to confirm the origin or content of this communication, please contact the sender using an alternative means of communication. In messages of a non-business nature, the views and opinions of the author are their own and do not necessarily reflect the views and opinions of the organisation. Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From raymond at prolocation.net Mon Jun 16 10:40:57 2008 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Jun 16 10:41:10 2008 Subject: X-MailScanner-ID header In-Reply-To: <200806160938.m5G9cd9q027459@safir.blacknight.ie> References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: Hi! > Is there any way to customise the X-MailScanner-ID header? I've checked > through MailScanner.conf, but can't seem to find a reference to it. > > Also, does this header need a bayes_ignore_header line in > spam.assassin.prefs.conf? I had the same question, but as it looks its static defined in the MailScanner code. Julian, can we make this configurable too? Bye, Raymond. From donnieq at quindardonet.net Mon Jun 16 11:42:19 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Mon Jun 16 11:42:29 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <4856438B.3040900@quindardonet.net> I was able to comment out these lines in /usr/lib/MailScanner/MailScanner/Message.pm. The line with "X-MailScanner-ID" occurs three times. I did not see any issues when doing this, I could be wrong though! Don Q. Raymond Dijkxhoorn wrote: > Hi! > >> Is there any way to customise the X-MailScanner-ID header? I've checked >> through MailScanner.conf, but can't seem to find a reference to it. >> >> Also, does this header need a bayes_ignore_header line in >> spam.assassin.prefs.conf? > > I had the same question, but as it looks its static defined in the > MailScanner code. > > Julian, can we make this configurable too? > > Bye, > Raymond. From MailScanner at ecs.soton.ac.uk Mon Jun 16 11:45:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 16 11:45:42 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <48564442.30808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: > Hi! > >> Is there any way to customise the X-MailScanner-ID header? I've checked >> through MailScanner.conf, but can't seem to find a reference to it. >> >> Also, does this header need a bayes_ignore_header line in >> spam.assassin.prefs.conf? > > I had the same question, but as it looks its static defined in the > MailScanner code. > > Julian, can we make this configurable too? It will be in the next release. A new config option called "ID Header" will set it for you. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIVkRDEfZZRxQVtlQRAo0wAJ9sth9aDMq1v2p5zYI8PTM1GpTzEACg63qu P+bi/8ltunPS85mKRoJKajI= =3FjI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Mon Jun 16 12:01:45 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Jun 16 12:02:59 2008 Subject: X-MailScanner-ID header In-Reply-To: <200806160938.m5G9cd9q027459@safir.blacknight.ie> References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: On Mon, 16 Jun 2008, Stef Morrell wrote: > Is there any way to customise the X-MailScanner-ID header? I've checked > through MailScanner.conf, but can't seem to find a reference to it. Glad someone else has also spotted this. I raised the question (with some background info I dug out about MS versions and possible ways to tailor) on April 29, and I don't think it was followed up. The header seems to be a fixed string in the MS source code, so would need a code change to handle variability. There are other "X-MailScanner-blah" headers that are tailorable (often to "X-%org-name%-MailScanner-blah"). Julian: Could "X-MailScanner-ID" follow the same conventions? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From stef at aoc-uk.com Mon Jun 16 12:04:01 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Mon Jun 16 12:04:09 2008 Subject: X-MailScanner-ID header In-Reply-To: References: <200806160938.m5G9cd9q027459@safir.blacknight.ie> Message-ID: <200806161104.m5GB3xG7030808@safir.blacknight.ie> Julian wrote: > Raymond Dijkxhoorn wrote: >> Hi! >> >>> Is there any way to customise the X-MailScanner-ID header? I've >>> checked through MailScanner.conf, but can't seem to find a >>> reference to it. >>> >>> Also, does this header need a bayes_ignore_header line in >>> spam.assassin.prefs.conf? >> >> I had the same question, but as it looks its static defined in the >> MailScanner code. >> >> Julian, can we make this configurable too? > It will be in the next release. A new config option called "ID Header" > will set it for you. Many thanks for this. Should we really be ignoring this for bayes? Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From jplorier at montecarlotv.com.uy Mon Jun 16 12:09:40 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Jun 16 12:16:58 2008 Subject: Health update In-Reply-To: <200806132133.m5DLX0HI006491@safir.blacknight.ie> Message-ID: Lots of luck to you Jules. You deserve the best. Best whishes Ing. Juan Pablo Lorier Monte Carlo TV SA Montevideo, Uruguay +(598)2 9244444 From davejones70 at gmail.com Mon Jun 16 13:27:40 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Jun 16 13:27:50 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> >Thanks but is there a way to avoid reinstall mailscanner ? It's a production >server and I would prefer to not reinstall if it's possible. >thanks >rpm -e perl-Sys-Syslog >then up2date -u >then re-install MailScanner. >Marcello Anderlini Database Informatica wrote: >> Hello I've a mailscanner 4.58.9.1 running on a Centos 4.6 x86_64. >> Today I've tried to update my sistem but I get this error msg: >> ======================================= >> Transaction Check Error: >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package >> perl-Sys-Syslog-0.18-1 >> file >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from >> package >> perl-Sys-Syslog-0.18-1 >> ======================================= >> >> Could someone help me ? >> >> Thanks >> >> Dr. Marcello Anderlini >> m.anderlini@database.it >> --------------------------------------------- >> Database Informatica S.r.l. >> Microsoft Certified Partner >> Tel. +39059775070 >> Fax. +39059779545 >> http://www.database.it >> --------------------------------------------- >> >> >> You can reinstall MailScanner but you will still have the same perl conflicts next time a perl module gets updated on RPMforge (or whatever your repo is that has the conflicting package). I would simply force the install of the perl modules (I do it all the time) with the conflict from the MailScanner installation: # rpm -Uhv --force /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm Substitute "rpmforge" above with whatever your repository name is and the RPM file in question. Dave -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f9f4c5a8/attachment.html From derek at csolve.net Mon Jun 16 13:38:05 2008 From: derek at csolve.net (Derek Buttineau) Date: Mon Jun 16 13:38:21 2008 Subject: Health update In-Reply-To: References: Message-ID: <300E7F69-0B7F-4635-81B7-AA4E6BE84F11@csolve.net> On 2008-Jun-13, at 5:00 PM, Andrews Carl 455 wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that > means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules Good luck Jules, And a speedy recovery! -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 13:44:29 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 13:45:06 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4856602D.8000605@USherbrooke.ca> Julian Field a ?crit : > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > Julian, I want to join the others in wishing you a fast operation and recovery! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From lists at gmnet.net Mon Jun 16 13:46:02 2008 From: lists at gmnet.net (Rick Bragg) Date: Mon Jun 16 13:46:49 2008 Subject: legitimate email getting marked as spam... Tuning advice Message-ID: <1213620362.13897.37.camel@thor> Hi, I am a bit of a newbe at all this, so any help will be very appreciated! I have a seemingly good working install of MailScanner, sendmail, spamassassin, squirrelmail, and clambAV. I am delivering and accepting mail for a dozen or so of my "clients" domains. It seems that most of my clients email that they send me gets marked as spam in my in-box. I did not do anything with the bayes database yet, and I'm not sure where to start. Is there a way that I can "tune" the system on a system-wide level? and/or do each of my clients have to tune their own? If so, how do they do that? I am personally using evolution, some of my clients use squirrelmail, some use thunderbird etc... Can my clients tune their spam database via their mailer software? I would basically like to know: Is there is a way to tune spamassassin on a system-wide level for all my domains at once? And: What is the best way for each of my clients to go about tuning their own settings? (or me doing if for them) Thanks Rick Bragg p.s. Take care Jules, take a nice holiday, maybe try lots of milk-thistle in the meantime, you will get through this! -- This message has been scanned for viruses and dangerous content by Green Mountain Network, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 13:46:56 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 13:47:31 2008 Subject: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> Message-ID: <485660C0.1080803@USherbrooke.ca> Meurlin Robert a ?crit : > Does anyone have more ides? Have looked at everything I can think of. > Robert, Is MailScanner running? Any messages from MS in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From dave.list at pixelhammer.com Mon Jun 16 14:03:38 2008 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 16 14:03:56 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <485664AA.5090208@pixelhammer.com> Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means I > will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > My son asks about you every few weeks since he saw me sending a get well card a few months ago. He was happy to hear you made the list. Best of luck. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From richard.frovarp at sendit.nodak.edu Mon Jun 16 14:16:28 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 16 14:16:39 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> References: <27870.203.52.179.132.1213411745.squirrel@webmail.orcon.net.nz> Message-ID: <485667AC.5000308@sendit.nodak.edu> Charlie wrote: >> >If it is a load problem you should try to reduce the amount of mail >> >reaching SpamAssassin in the first place. RBLs come to mind. Or (since >> >you asked for a commercial solution) have a look at BarricadeMX from >> >FSL. BMX will greatly reduce the amount of mail reaching your MTA. >> Our userbase means that over 99% of emails sent through the server are >> *not* spam, so any limiting of the emails reaching the MTA would not help. >> >> So if 99% of your mail isn't spam, then why bother using >spamassassin? >> I would dare to say that 65 - 75% of the mail that "attempts" delivery >> here IS >> spam. Some days it is over 90%, especially on the weekends when >we get very >> little legit mail. >> > > The reason I wanted to catch the 1% that is spam is so the server doesn't > get blacklisted. People are paying money for the service, hence I need to > pay more attention to making sure it stays off blacklists than if I was > just an ISP offering a free service. > > I'll try all the suggestions on Monday and provide an update then - thanks > for all the assistance! > > > Why would you be blacklisted? Is this an incoming or out going server? Accepting spam won't get you blacklisted. Unless you are passing the mail onto other systems which may blame your server. Anything under a minute is good. Check if you are swapping when your queue starts to back up. You can see what is going on by using mailscanner-mrtg. Sometimes running smaller batches or fewer processes will actually make it faster. And of course make sure you only accept mail for legit addresses and reject everything else at SMTP. From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 14:27:29 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 14:28:06 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> References: <67a55ed50806160527p6383ba0chc75f5ae32c6a0b7@mail.gmail.com> Message-ID: <48566A41.2010809@USherbrooke.ca> Dave Jones a ?crit : > >Thanks but is there a way to avoid reinstall mailscanner ? It's a > production > >server and I would prefer to not reinstall if it's possible. > > >thanks > > > > >rpm -e perl-Sys-Syslog > >then up2date -u > >then re-install MailScanner. > > >Marcello Anderlini Database Informatica wrote: > >> Hello I've a mailscanner *Le Service des Technologies de > l'Information de l'UdeS veut vous mettre en garde contre "4.58.9.1" > qui semble ?tre une tentative de fraude envers* 4.58.9.1 > running on a Centos 4.6 x86_64. > >> Today I've tried to update my sistem but I get this error msg: > >> ======================================= > >> Transaction Check Error: > >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm > >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package > >> perl-Sys-Syslog-0.18-1 > >> file > >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo > >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from > >> package > >> perl-Sys-Syslog-0.18-1 > >> ======================================= > >> > >> Could someone help me ? > >> > >> Thanks > >> > >> Dr. Marcello Anderlini > >> m.anderlini@database.it > >> --------------------------------------------- > >> Database Informatica S.r.l. > >> Microsoft Certified Partner > >> Tel. +39059775070 > >> Fax. +39059779545 > >> http://www.database.it > >> --------------------------------------------- > >> > >> > >> > You can reinstall MailScanner but you will still have the same perl > conflicts next time a perl module gets updated on RPMforge (or > whatever your repo is that has the conflicting package). > > I would simply force the install of the perl modules (I do it all the > time) with the conflict from the MailScanner installation: > > # rpm -Uhv --force > /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > > Substitute "rpmforge" above with whatever your repository name is and > the RPM file in question. > > Dave > > -- > Dave Jones Dave, It didn't work on my RHEL 5.2 server: [root@smtps ~]# rpm -Uvh --force /var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Preparing... ########################################### [100%] 1:perl ########################################### [100%] [root@smtps ~]# MailScanner --lint **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 14:28:37 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 14:28:49 2008 Subject: BAYES_00 is killing me Message-ID: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> I'm getting alot of spam coming through and it seems like the cause of this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 with SA 3.2.4. I've already trained hundreds of messages like these as spam and it doesn't seem to work. What else can I do? Thanks, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/b851f53d/attachment.html From hvdkooij at vanderkooij.org Mon Jun 16 14:40:13 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 14:40:22 2008 Subject: legitimate email getting marked as spam... Tuning advice In-Reply-To: <1213620362.13897.37.camel@thor> References: <1213620362.13897.37.camel@thor> Message-ID: <48566D3D.5010407@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Bragg wrote: | Hi, | | I am a bit of a newbe at all this, so any help will be very appreciated! | | I have a seemingly good working install of MailScanner, sendmail, | spamassassin, squirrelmail, and clambAV. I am delivering and accepting | mail for a dozen or so of my "clients" domains. It seems that most of | my clients email that they send me gets marked as spam in my in-box. I | did not do anything with the bayes database yet, and I'm not sure where | to start. Is there a way that I can "tune" the system on a system-wide | level? and/or do each of my clients have to tune their own? If so, how | do they do that? I am personally using evolution, some of my clients | use squirrelmail, some use thunderbird etc... Can my clients tune their | spam database via their mailer software? | | I would basically like to know: | Is there is a way to tune spamassassin on a system-wide level for all my | domains at once? | And: | What is the best way for each of my clients to go about tuning their own | settings? (or me doing if for them) Most, if not all, items have been named here in the past. I would try to setup SPAM and HAM boxes where the users can drop copies of SPAM and HAM messages. Then you can use sa-learn to set up your bayesian database. That way your nbayesian databsse will reflect the average of your customers. If your customers are rather diverse you may find that you loose some accuracy in the bayesian database. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVm04BvzDRVjxmYERAliXAKCDyXgX7XySk9s/h7seLDxVaeOmuwCdHjrm 84cG6ELpNKVo1GJzvG2Ozkk= =Sgcs -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Jun 16 14:43:03 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 16 14:43:12 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> Message-ID: <48566DE7.6000108@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | I'm getting alot of spam coming through and it seems like the cause of | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 | with SA 3.2.4. I've already trained hundreds of | messages like these as spam and it doesn't seem to work. What else can | I do? My guess is that you are training the wrong database. You train another database and not the one you are using with MailScanner. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIVm3lBvzDRVjxmYERAljQAJ4nY+ik57vnYNzUHwTWc6gTpH6WLwCglQ6Z UYPyj2h33fcZAKZw8/k/vXA= =d3UL -----END PGP SIGNATURE----- From devonharding at gmail.com Mon Jun 16 15:03:31 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 15:03:39 2008 Subject: BAYES_00 is killing me In-Reply-To: <48566DE7.6000108@vanderkooij.org> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> Message-ID: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like the cause of > | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 > | with SA 3.2.4. I've already trained hundreds of > | messages like these as spam and it doesn't seem to work. What else can > | I do? > > My guess is that you are training the wrong database. You train another > database and not the one you are using with MailScanner. > > Hugo. > > For MS, where is the Bayes DB path specified? My DB is located here: /etc/MailScanner/.spamassassin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/c5e26358/attachment.html From jra at baylink.com Mon Jun 16 15:03:31 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jun 16 15:03:41 2008 Subject: Updating an adopted installation from 4.54 Message-ID: <20080616140331.GA27476@cgi.jachomes.com> I'm the new Network Guy at a company that's running MailScanner 4.54.6 as a smarthost in between an Exchange 5.5/Win2K server and the Internet. Partially because of the version number, and partially because one of the VPs commented on his upticked spam last week (:-), clearly it's time for me to upgrade. Is this just a "drop on top" upgrade, as the doco seems to suggest? Is there likely to be customization or training I need to take special note of? I'm an old time mail guy, but new to MailScanner; pointers welcome. Incidentally, love the Best Practices page; I've linked to it from my (semi-nascent) bestpractices.wikia.com. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From devonharding at gmail.com Mon Jun 16 15:55:43 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 15:55:52 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> Message-ID: <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding wrote: > >> Devon Harding wrote: >> | I'm getting alot of spam coming through and it seems like the cause of >> | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 >> | with SA 3.2.4. I've already trained hundreds of >> | messages like these as spam and it doesn't seem to work. What else can >> | I do? >> >> My guess is that you are training the wrong database. You train another >> database and not the one you are using with MailScanner. >> >> Hugo. >> >> > > For MS, where is the Bayes DB path specified? My DB is located here: > > /etc/MailScanner/.spamassassin > > I think my BAYES is all messed up. How do I rebuild it from scratch? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f3b28299/attachment.html From telecaadmin at gmail.com Mon Jun 16 15:55:39 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jun 16 15:58:02 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> References: <30d101c8cf62$cd2f8f90$0300a8c0@CharlieCompaq> Message-ID: <48567EEB.6010506@gmail.com> > # cat /proc/meminfo > MemTotal: 1028576 kB > MemFree: 182964 kB > Buffers: 116612 kB > Cached: 263300 kB > SwapCached: 3028 kB > Active: 624508 kB Your server details seem OK - you're not too short on mem, however you're running at 630 of 1024 MB constantly allocated which for my taste is a bit much; that doesn't leave to much room for filesystem/... caching etc. Also the 24MB on swap tell me that there was memory pressure at one time. Add some RAM. You forgot the output for nscd - as Julian said, DNS requests make a HUGE difference for spamassassin speedwise if they are cached or not. You won't get away without doing some work, though, if you want a speedup: 0) add RAM 1) run nscd and a caching name server 2) "mount -o noatime" your filesystems, esp. your spool directory 3) tune the # of MS children 4) lower batch sizes, this decreases individual mail delay, but may decrease overall thruput: MailScanner.conf: Max Unscanned Messages Per Scan = 10 Max Unsafe Messages Per Scan = 10 5) check if you use spamassassin cache! 6) use RBLs at SMTP level To put this into perspective: my AVERAGE overall processing time is at 2.4 seconds. No cheating allowed. Cheers, Ronny From m.anderlini at database.it Mon Jun 16 16:00:17 2008 From: m.anderlini at database.it (Marcello Anderlini Database Informatica) Date: Mon Jun 16 16:00:36 2008 Subject: R: BAYES_00 is killing me In-Reply-To: <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com><48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> Message-ID: <014f01c8cfc1$b05aaf30$2e01a8c0@dbdomain.database.it> I've the same problem, My file it's this /root/.spamassassin/bayes_seen. it's correct ? how can set or check the right configuration ? Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- _____ Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Devon Harding Inviato: luned? 16 giugno 2008 16.04 A: MailScanner discussion Oggetto: Re: BAYES_00 is killing me Devon Harding wrote: | I'm getting alot of spam coming through and it seems like the cause of | this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 | with SA 3.2.4. I've already trained hundreds of | messages like these as spam and it doesn't seem to work. What else can | I do? My guess is that you are training the wrong database. You train another database and not the one you are using with MailScanner. Hugo. For MS, where is the Bayes DB path specified? My DB is located here: /etc/MailScanner/.spamassassin -- Messaggio verificato dal servizio antivirus di Database Informatica. -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/ec548038/attachment.html From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 16:11:41 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 16:12:15 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> Message-ID: <485682AD.5030305@USherbrooke.ca> Devon Harding a ?crit : > > > On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > > wrote: > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like > the cause of > | this is BAYES_00 scoring messages with -2.60. I'm running > MS 4.68.8 > | with SA *Le Service des Technologies de l'Information de > l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > ?tre une tentative de fraude envers* 3.2.4. > <*Le Service des Technologies de l'Information de l'UdeS veut > vous mettre en garde contre "3.2.4" qui semble ?tre une > tentative de fraude envers* http://3.2.4.> I've already > trained hundreds of > > | messages like these as spam and it doesn't seem to work. > What else can > | I do? > > My guess is that you are training the wrong database. You > train another > database and not the one you are using with MailScanner. > > Hugo. > > > > For MS, where is the Bayes DB path specified? My DB is located here: > > /etc/MailScanner/.spamassassin > > > I think my BAYES is all messed up. How do I rebuild it from scratch? > Devon, Look here for a starter kit: http://www.fsl.com/resources.html Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 16:46:36 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 16:46:45 2008 Subject: BAYES_00 is killing me In-Reply-To: <485682AD.5030305@USherbrooke.ca> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> Message-ID: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> On Mon, Jun 16, 2008 at 11:11 AM, Denis Beauchemin < Denis.Beauchemin@usherbrooke.ca> wrote: > Devon Harding a ?crit : > >> >> >> On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > devonharding@gmail.com>> wrote: >> >> >> Devon Harding wrote: >> | I'm getting alot of spam coming through and it seems like >> the cause of >> | this is BAYES_00 scoring messages with -2.60. I'm running >> MS 4.68.8 >> | with SA *Le Service des Technologies de l'Information de >> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> ?tre une tentative de fraude envers* 3.2.4. >> <*Le Service des Technologies de l'Information de l'UdeS veut >> vous mettre en garde contre "3.2.4" qui semble ?tre une >> tentative de fraude envers* http://3.2.4.> I've already >> trained hundreds of >> >> | messages like these as spam and it doesn't seem to work. >> What else can >> | I do? >> >> My guess is that you are training the wrong database. You >> train another >> database and not the one you are using with MailScanner. >> >> Hugo. >> >> >> >> For MS, where is the Bayes DB path specified? My DB is located here: >> >> /etc/MailScanner/.spamassassin >> >> >> I think my BAYES is all messed up. How do I rebuild it from scratch? >> >> Devon, > > Look here for a starter kit: http://www.fsl.com/resources.html > > Denis > > -- I've restored the starter DB and I do see the new files in /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a lint from the Tools tab, i Get the following: [5637] dbg: bayes: no dbs present, cannot tie DB R/O: //.spamassassin/bayes_toks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/7d2d0a56/attachment.html From devonharding at gmail.com Mon Jun 16 16:54:52 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 16:55:06 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> Message-ID: <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> > > >>> >>> >>> Devon Harding wrote: >>> | I'm getting alot of spam coming through and it seems like >>> the cause of >>> | this is BAYES_00 scoring messages with -2.60. I'm running >>> MS 4.68.8 >>> | with SA *Le Service des Technologies de l'Information de >>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>> ?tre une tentative de fraude envers* 3.2.4. >>> <*Le Service des Technologies de l'Information de l'UdeS veut >>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>> tentative de fraude envers* http://3.2.4.> I've already >>> trained hundreds of >>> >>> | messages like these as spam and it doesn't seem to work. >>> What else can >>> | I do? >>> >>> My guess is that you are training the wrong database. You >>> train another >>> database and not the one you are using with MailScanner. >>> >>> Hugo. >>> >>> >>> >>> For MS, where is the Bayes DB path specified? My DB is located here: >>> >>> /etc/MailScanner/.spamassassin >>> >>> >>> I think my BAYES is all messed up. How do I rebuild it from scratch? >>> >>> Devon, >> >> Look here for a starter kit: http://www.fsl.com/resources.html >> >> Denis >> >> -- > > > > I've restored the starter DB and I do see the new files in > /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one > ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a > lint from the Tools tab, i Get the following: > > [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > //.spamassassin/bayes_toks > Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa after the restore and did see: 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen 11:52:13 [5879] dbg: bayes: found bayes db version 3 11:52:13 [5879] dbg: bayes: learned '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: 1213631520 11:52:13 [5879] dbg: bayes: untie-ing 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock It seems that MailWatch is the one thats not working right. Any way to relink this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/7650235c/attachment.html From steve at fsl.com Mon Jun 16 16:57:05 2008 From: steve at fsl.com (Stephen Swaney) Date: Mon Jun 16 16:57:16 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> Message-ID: <48568D51.2080800@fsl.com> Devon Harding wrote: > > > On Mon, Jun 16, 2008 at 11:11 AM, Denis Beauchemin > > wrote: > > Devon Harding a ?crit : > > > > On Mon, Jun 16, 2008 at 10:03 AM, Devon Harding > > >> wrote: > > > Devon Harding wrote: > | I'm getting alot of spam coming through and it seems like > the cause of > | this is BAYES_00 scoring messages with -2.60. I'm > running > MS 4.68.8 > | with SA *Le Service des Technologies de l'Information de > l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > ?tre une tentative de fraude envers* *MailScanner > warning: numerical links are often malicious:* 3.2.4. > <*MailScanner warning: numerical links are > often malicious:* http://3.2.4.> > <*Le Service des Technologies de l'Information de > l'UdeS veut > vous mettre en garde contre "3.2.4" qui semble ?tre une > tentative de fraude envers* *MailScanner warning: > numerical links are often malicious:* http://3.2.4.> I've > already > > trained hundreds of > > | messages like these as spam and it doesn't seem to work. > What else can > | I do? > > My guess is that you are training the wrong database. You > train another > database and not the one you are using with MailScanner. > > Hugo. > > > > For MS, where is the Bayes DB path specified? My DB is > located here: > > /etc/MailScanner/.spamassassin > > > I think my BAYES is all messed up. How do I rebuild it from > scratch? > > Devon, > > Look here for a starter kit: http://www.fsl.com/resources.html > > Denis > > -- > > > > I've restored the starter DB and I do see the new files in > /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > one ones first), but SA Bayes DB Info from Mailwatch shows nothing. > When I do a lint from the Tools tab, i Get the following: > > [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > //.spamassassin/bayes_toks Look in /etc/MailScanner/spam.assassin.prefs.conf for the location of the Bayes database. Note that this "file" may actually be a link to a file in another location. Best Regards, Steve Steve Swaney steve@fsl.com www.fsl.com From lists at tippingmar.com Mon Jun 16 18:26:33 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Mon Jun 16 18:26:54 2008 Subject: {Disarmed} BAYES_00 is killing me In-Reply-To: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> Message-ID: <4856A249.2090808@tippingmar.com> Devon Harding wrote: > I'm getting alot of spam coming through and it seems like the cause of > this is BAYES_00 scoring messages with -2.60. I'm running MS 4.68.8 > with SA *MailScanner has detected a possible fraud attempt from > "3.2.4" claiming to be* 3.2.4. I've already trained > hundreds of messages like these as spam and it doesn't seem to work. > What else can I do? > Personally, I like to let Bayes add points to messages, but I am reluctant to let it subtract, because for some new spam messages it has the effect you are seeing. I modify the scoring as follows: # only the last column matters to us score BAYES_00 0 0 0 -0.50 score BAYES_05 0 0 0 -0.25 score BAYES_20 0 score BAYES_40 0 score BAYES_60 0 0 0 2.00 score BAYES_80 0 0 0 2.50 score BAYES_95 0 0 0 4.00 score BAYES_99 0 0 0 6.00 Also, I keep a few fake spam trap addresses, and I have a spamassassin rule that adds 15 points to anything they receive. This forces bayes to autolearn from most messages sent to the trap addresses. Mark From lists at designmedia.com Mon Jun 16 18:49:28 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 18:49:46 2008 Subject: BAYES_00 is killing me References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> Message-ID: Devon Harding gmail.com> writes: >Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa >after >the restore and did see: > >11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >/root/.spamassassin/bayes_toks >11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >/root/.spamassassin/bayes_seen >11:52:13 [5879] dbg: bayes: found bayes db version 3 >11:52:13 [5879] dbg: bayes: learned >'88a47a16459989c19d47893de31fec608aa8f41e > sa_generated', atime: 1213631520 >11:52:13 [5879] dbg: bayes: untie-ing >11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >It seems that MailWatch is the one thats not working right. Any way to relink >this? Look in either /etc/MailScanner/spam.assassin.prefs.conf or /etc/mail/spamassassin/local.cf for the bayes_path variable. Mine is located at /var/spool/MailScanner/spamassassin/bayes so it's: bayes_path /var/spool/MailScanner/spamassassin/bayes So I have a bunch of bayes_* files in /var/spool/MailScanner/spamassassin and my MailScanner --debug --debug-sa outputs: 10:44:38 [6376] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks 10:44:38 [6376] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen 10:44:38 [6376] dbg: bayes: found bayes db version 3 10:44:38 [6376] dbg: bayes: DB journal sync: last sync: 1213636701 From lists at designmedia.com Mon Jun 16 18:51:55 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 16 18:55:12 2008 Subject: What "Other Checks" problems? References: <48560B61.3070704@vanderkooij.org> Message-ID: Hugo van der Kooij vanderkooij.org> writes: > There are two instances of the EICAR string. 1 is identified in the file > eicar.com and the other as part of the message itself. But without a > filename to relate it to it is named as other check. > > So there is no problem. Ah, It was a bit confusing since the --lint told me that there was a problem yet didn't specified what the problem was. Perhaps Julian could reword in the next version? Thanks for the tip. From glenn.steen at gmail.com Mon Jun 16 19:46:45 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 19:46:54 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> Message-ID: <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> 2008/6/16 Devon Harding : >>>> >>>> >>>> >>>> Devon Harding wrote: >>>> | I'm getting alot of spam coming through and it seems like >>>> the cause of >>>> | this is BAYES_00 scoring messages with -2.60. I'm running >>>> MS 4.68.8 >>>> | with SA *Le Service des Technologies de l'Information de >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>>> ?tre une tentative de fraude envers* 3.2.4. >>>> <*Le Service des Technologies de l'Information de l'UdeS veut >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>>> tentative de fraude envers* http://3.2.4.> I've already >>>> trained hundreds of >>>> >>>> | messages like these as spam and it doesn't seem to work. >>>> What else can >>>> | I do? >>>> >>>> My guess is that you are training the wrong database. You >>>> train another >>>> database and not the one you are using with MailScanner. >>>> >>>> Hugo. >>>> >>>> >>>> >>>> For MS, where is the Bayes DB path specified? My DB is located here: >>>> >>>> /etc/MailScanner/.spamassassin >>>> >>>> >>>> I think my BAYES is all messed up. How do I rebuild it from scratch? >>>> >>> Devon, >>> >>> Look here for a starter kit: http://www.fsl.com/resources.html >>> >>> Denis >>> >>> -- >> >> I've restored the starter DB and I do see the new files in >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the one >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I do a >> lint from the Tools tab, i Get the following: >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> //.spamassassin/bayes_toks > > > Hmm....I thing Bayes IS working. I just ran MailScanner --debug --debug-sa > after the restore and did see: > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > /root/.spamassassin/bayes_toks > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > /root/.spamassassin/bayes_seen > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > 11:52:13 [5879] dbg: bayes: learned > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: 1213631520 > 11:52:13 [5879] dbg: bayes: untie-ing > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > > It seems that MailWatch is the one thats not working right. Any way to > relink this? > > -Devon > Make sure your apahce user (the one running your httpd processes... hence the one running MailWatch:-) can actually read the bayes files... "su" is your friend here... and if you want to be able to learn via MailWatch, make sure the same user can write them too. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Mon Jun 16 19:49:36 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jun 16 19:49:49 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080616140331.GA27476@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > I'm the new Network Guy at a company that's running MailScanner 4.54.6 > as a smarthost in between an Exchange 5.5/Win2K server and the > Internet. > > Partially because of the version number, and partially because one of > the VPs commented on his upticked spam last week (:-), clearly it's > time for me to upgrade. > > Is this just a "drop on top" upgrade, as the doco seems to suggest? > Is > there likely to be customization or training I need to take special > note of? I'm an old time mail guy, but new to MailScanner; pointers > welcome. > > Incidentally, love the Best Practices page; I've linked to it from my > (semi-nascent) bestpractices.wikia.com. Hi Jay, Welcome to MailScanner - almost as much fun as Rivendell! Upgrading is pretty easy, assuming the previous admin didn't do anything goofy. The nickle overview is essentially: 1) Stop running MailScanner daemons 2) Install the newest version of MailScanner. I use the ones for SUSE - not sure what distro you're running on. Pretty much just a matter of going to the directory where I unpacked the tarball and running install.sh (I think that's the name of the script - it's very obvious at any rate). 3) Follow the directions at the end of the process - a ton of stuff will scroll by during the install. The last thing it tells you is to run the Upgrade_MailScanner script. If you run it w/o args, it will print out several command lines. Just copy/paste each to the CLI a step at a time and you'll be golden. The upgrade script looks at the old MailScanner.conf compares it to the new one with shiney new options, and merges the two so that all your non-default settings and site specific entries are automatically merged. Julian makes life very easy for his users. 4) Restart MailScanner and 'tail -f' the mail log to make sure things are flowing as expected. Note that MailScanner isn't really catching spam - it's more a traffic cop to facilitate the coordidnated use of multiple other tools, such as spamassassin, antivirus scanners, RBLs, etc. As such, I'd look at your version of spamassassin and upgrade it too. It's probably out of date, given that your MailScanner is. I'll bet you're also running ClamAV. Julian makes a nice one stop shopping install of spamassassin and clamav that makes upgrading painless. It'll set up the MailScanner specifics in the approprite spamassassin conf files for you. FWIW, I run multiple MailScanner gateways on different subnets. That way mail keeps flowing even when one is being upgraded or otherwise off line. If you've got a spare box around it may be a good use for it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From davejones70 at gmail.com Mon Jun 16 19:57:42 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Jun 16 19:57:52 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> >> >Thanks but is there a way to avoid reinstall mailscanner ? It's a >> production >> >server and I would prefer to not reinstall if it's possible. >> >> >thanks >> >> >> >> >rpm -e perl-Sys-Syslog >> >then up2date -u >> >then re-install MailScanner. >> >> >Marcello Anderlini Database Informatica wrote: >> >> Hello I've a mailscanner *Le Service des Technologies de >> l'Information de l'UdeS veut vous mettre en garde contre "4.58.9.1" >> qui semble ?tre une tentative de fraude envers* 4.58.9.1 >> running on a Centos 4.6 x86_64. >> >> Today I've tried to update my sistem but I get this error msg: >> >> ======================================= >> >> Transaction Check Error: >> >> file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Sys/Syslog.pm >> >> from install of perl-5.8.5-36.el4_6.3 conflicts with file from package >> >> perl-Sys-Syslog-0.18-1 >> >> file >> >> /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Sys/Syslog/Syslo >> >> g.so from install of perl-5.8.5-36.el4_6.3 conflicts with file from >> >> package >> >> perl-Sys-Syslog-0.18-1 >> >> ======================================= >> >> >> >> Could someone help me ? >> >> >> >> Thanks >> >> >> >> Dr. Marcello Anderlini >> >> m.anderlini@database.it >> >> --------------------------------------------- >> >> Database Informatica S.r.l. >> >> Microsoft Certified Partner >> >> Tel. +39059775070 >> >> Fax. +39059779545 >> >> http://www.database.it >> >> --------------------------------------------- >> >> >> >> >> >> >> You can reinstall MailScanner but you will still have the same perl >> conflicts next time a perl module gets updated on RPMforge (or >> whatever your repo is that has the conflicting package). >> >> I would simply force the install of the perl modules (I do it all the >> time) with the conflict from the MailScanner installation: >> >> # rpm -Uhv --force >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> Substitute "rpmforge" above with whatever your repository name is and >> the RPM file in question. >> >> Dave >> >> -- >> Dave Jones >Dave, > >It didn't work on my RHEL 5.2 server: >[root@smtps ~]# rpm -Uvh --force >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/lost\+found/.*. >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/\.journal. >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >specifications for /usr/local/lost\+found. >Preparing... ########################################### >[100%] >1:perl ########################################### >[100%] >[root@smtps ~]# MailScanner --lint > > >**** ERROR: You must upgrade your perl IO module to at least >**** ERROR: version 1.2301 or MailScanner will not work! > >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >perl-Math-BigInt perl-Math-BigRat perl-bignum > >Denis Sounds like you might have SELinux active. Run "getenforce" and if it is "Enforcing" then run "setenforce 0" to make it "Permissive". Then run your command again. If permissive mode allows the package install command to work with --force, then disable SELinux or try your hand at updating the SELinux policy that is preventing it from installing. RHEL 5 is supposed to be much easier to customize SELinux policies but I haven't played with it yet. I still just disable it during the install and go... -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/f41d5bea/attachment.html From devonharding at gmail.com Mon Jun 16 20:24:50 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 20:24:59 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> Message-ID: <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen wrote: > 2008/6/16 Devon Harding : > >>>> > >>>> > >>>> > >>>> Devon Harding wrote: > >>>> | I'm getting alot of spam coming through and it seems like > >>>> the cause of > >>>> | this is BAYES_00 scoring messages with -2.60. I'm running > >>>> MS 4.68.8 > >>>> | with SA *Le Service des Technologies de l'Information de > >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > >>>> ?tre une tentative de fraude envers* 3.2.4. > >>>> <*Le Service des Technologies de l'Information de l'UdeS veut > >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >>>> tentative de fraude envers* http://3.2.4.> I've already > >>>> trained hundreds of > >>>> > >>>> | messages like these as spam and it doesn't seem to work. > >>>> What else can > >>>> | I do? > >>>> > >>>> My guess is that you are training the wrong database. You > >>>> train another > >>>> database and not the one you are using with MailScanner. > >>>> > >>>> Hugo. > >>>> > >>>> > >>>> > >>>> For MS, where is the Bayes DB path specified? My DB is located > here: > >>>> > >>>> /etc/MailScanner/.spamassassin > >>>> > >>>> > >>>> I think my BAYES is all messed up. How do I rebuild it from scratch? > >>>> > >>> Devon, > >>> > >>> Look here for a starter kit: http://www.fsl.com/resources.html > >>> > >>> Denis > >>> > >>> -- > >> > >> I've restored the starter DB and I do see the new files in > >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > one > >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I > do a > >> lint from the Tools tab, i Get the following: > >> > >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> //.spamassassin/bayes_toks > > > > > > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > --debug-sa > > after the restore and did see: > > > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > > /root/.spamassassin/bayes_toks > > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > > /root/.spamassassin/bayes_seen > > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > > 11:52:13 [5879] dbg: bayes: learned > > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > 1213631520 > > 11:52:13 [5879] dbg: bayes: untie-ing > > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > > > > It seems that MailWatch is the one thats not working right. Any way to > > relink this? > > > > -Devon > > > Make sure your apahce user (the one running your httpd processes... > hence the one running MailWatch:-) can actually read the bayes > files... "su" is your friend here... and if you want to be able to > learn via MailWatch, make sure the same user can write them too. > > Cheers > -- I have the right permissions set, the thing is MailWatch is not showing any data for 'Bayes Database Information'. What is the tie in for MailWatch? -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/623d8bbc/attachment.html From jra at baylink.com Mon Jun 16 20:25:08 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Mon Jun 16 20:25:19 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> Message-ID: <20080616192508.GC28498@cgi.jachomes.com> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: > Welcome to MailScanner - almost as much fun as Rivendell! Everyone's Following Me!!! :-) > Upgrading is pretty easy, assuming the previous admin didn't do anything > goofy. The nickle overview is essentially: > 1) Stop running MailScanner daemons > 2) Install the newest version of MailScanner. I use the ones for > SUSE - not sure what distro you're running on. Pretty much just a > matter of going to the directory where I unpacked the tarball and > running install.sh (I think that's the name of the script - it's very > obvious at any rate). I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a symlink to it from /opt/MailScanner. > 3) Follow the directions at the end of the process - a ton of stuff > will scroll by during the install. The last thing it tells you is to > run the Upgrade_MailScanner script. If you run it w/o args, it will > print out several command lines. Just copy/paste each to the CLI a step > at a time and you'll be golden. The upgrade script looks at the old > MailScanner.conf compares it to the new one with shiney new options, and > merges the two so that all your non-default settings and site specific > entries are automatically merged. Julian makes life very easy for his > users. Bless him. > 4) Restart MailScanner and 'tail -f' the mail log to make sure > things are flowing as expected. Wow, there's a lot of stuff in my maillogs... > Note that MailScanner isn't really catching spam - it's more a traffic > cop to facilitate the coordidnated use of multiple other tools, such as > spamassassin, antivirus scanners, RBLs, etc. As such, I'd look at your > version of spamassassin and upgrade it too. It's probably out of date, > given that your MailScanner is. I'll bet you're also running ClamAV. > Julian makes a nice one stop shopping install of spamassassin and clamav > that makes upgrading painless. It'll set up the MailScanner specifics > in the approprite spamassassin conf files for you. I saw something about that. I'm strongly considering just building a new dedicated machine (this one is shared) and forklift-upgrading... would I need to bring training databases along for that? > FWIW, I run multiple MailScanner gateways on different subnets. That > way mail keeps flowing even when one is being upgraded or otherwise off > line. If you've got a spare box around it may be a good use for it... It's a thought... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From Kevin_Miller at ci.juneau.ak.us Mon Jun 16 20:49:59 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jun 16 20:50:14 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080616192508.GC28498@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >> Welcome to MailScanner - almost as much fun as Rivendell! > > Everyone's Following Me!!! :-) Great minds think alike? > I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a > symlink to it from /opt/MailScanner. Hmmm - I'm not sure but it sounds like they did a source compile installation. My stuff lands in /usr/lib/MailScanner (and /etc/MailScanner of course) by default which I think is SOP for the rpm installs. Could be wrong on that - never had to look too closely. Not sure what the best practice is for that. I'm sure someone will chime in on it. This is a great group. > Wow, there's a lot of stuff in my maillogs... Yeah. Email gateways are busier than a one legged man in a butt kicking contest. > I saw something about that. I'm strongly considering just building a > new dedicated machine (this one is shared) and forklift-upgrading... > would I need to bring training databases along for that? If you have a box or two to put it on, that would be the best way to go. It's saved my bacon more than once. And yes, you definitely want to migrate the bayes databases over. It's a wealth of data customized to your site. Whenever I've had to build a box from scratch I just copy over /etc/MailScanner/MailScanner.conf and the bayes database to the new machine. There's a few minor edits in the .conf file (hostname and the like) but just drop the bayes files in place and you'll hit the ground running... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Mon Jun 16 21:12:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 21:12:30 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> Message-ID: <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> 2008/6/16 Devon Harding : > > > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen wrote: >> >> 2008/6/16 Devon Harding : >> >>>> >> >>>> >> >>>> >> >>>> Devon Harding wrote: >> >>>> | I'm getting alot of spam coming through and it seems like >> >>>> the cause of >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm running >> >>>> MS 4.68.8 >> >>>> | with SA *Le Service des Technologies de l'Information de >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >>>> <*Le Service des Technologies de l'Information de l'UdeS veut >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >>>> tentative de fraude envers* http://3.2.4.> I've already >> >>>> trained hundreds of >> >>>> >> >>>> | messages like these as spam and it doesn't seem to work. >> >>>> What else can >> >>>> | I do? >> >>>> >> >>>> My guess is that you are training the wrong database. You >> >>>> train another >> >>>> database and not the one you are using with MailScanner. >> >>>> >> >>>> Hugo. >> >>>> >> >>>> >> >>>> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >> >>>> here: >> >>>> >> >>>> /etc/MailScanner/.spamassassin >> >>>> >> >>>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >>>> scratch? >> >>>> >> >>> Devon, >> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >>> >> >>> Denis >> >>> >> >>> -- >> >> >> >> I've restored the starter DB and I do see the new files in >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the >> >> one >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When I >> >> do a >> >> lint from the Tools tab, i Get the following: >> >> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> //.spamassassin/bayes_toks >> > >> > >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> > --debug-sa >> > after the restore and did see: >> > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> > /root/.spamassassin/bayes_toks >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> > /root/.spamassassin/bayes_seen >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> > 11:52:13 [5879] dbg: bayes: learned >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> > 1213631520 >> > 11:52:13 [5879] dbg: bayes: untie-ing >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> > >> > It seems that MailWatch is the one thats not working right. Any way to >> > relink this? >> > >> > -Devon >> > >> Make sure your apahce user (the one running your httpd processes... >> hence the one running MailWatch:-) can actually read the bayes >> files... "su" is your friend here... and if you want to be able to >> learn via MailWatch, make sure the same user can write them too. >> >> Cheers >> -- > > I have the right permissions set, the thing is MailWatch is not showing any > data for 'Bayes Database Information'. What is the tie in for MailWatch? > > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > > -Devon > But can the apache user access the directory? MailWatch isn't particularly "magical" here, it uses the same info as all else... Try something like "su - apache -s /bin/bash" and then "cd /path/to/where/you/have/the/bayes/files"... Might give a clue:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Mon Jun 16 21:25:54 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 16 21:26:29 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> References: <67a55ed50806161157n6fc6b73frddc2edde3729d9a6@mail.gmail.com> Message-ID: <4856CC52.6020609@USherbrooke.ca> Dave Jones a ?crit : > > >> You can reinstall MailScanner but you will still have the same perl > >> conflicts next time a perl module gets updated on RPMforge (or > >> whatever your repo is that has the conflicting package). > >> > >> I would simply force the install of the perl modules (I do it all the > >> time) with the conflict from the MailScanner installation: > >> > >> # rpm -Uhv --force > >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > >> > >> Substitute "rpmforge" above with whatever your repository name is and > >> the RPM file in question. > >> > >> Dave > >> > >> -- > >> Dave Jones > >Dave, > > > >It didn't work on my RHEL 5.2 server: > >[root@smtps ~]# rpm -Uvh --force > >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/lost\+found/.*. > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/\.journal. > >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >specifications for /usr/local/lost\+found. > >Preparing... ########################################### > >[100%] > >1:perl ########################################### > >[100%] > >[root@smtps ~]# MailScanner --lint > > > > > >**** ERROR: You must upgrade your perl IO module to at least > >**** ERROR: version 1.2301 or MailScanner will not work! > > > >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp > >perl-Math-BigInt perl-Math-BigRat perl-bignum > > > >Denis > > Sounds like you might have SELinux active. Run "getenforce" and if it > is "Enforcing" then run "setenforce 0" to make it "Permissive". Then > run your command again. > > If permissive mode allows the package install command to work with > --force, then disable SELinux or try your hand at updating the SELinux > policy that is preventing it from installing. RHEL 5 is supposed to > be much easier to customize SELinux policies but I haven't played with > it yet. I still just disable it during the install and go... > > -- > Dave Jones Dave, It is disabled on all my servers (I just checked and getenforce returns Disabled)... I see the "selinux" messages all the time whenever I install or upgrade an RPM... to the point where I don't even pay any attention to them... could have been the reason I had problem, though! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From devonharding at gmail.com Mon Jun 16 22:03:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jun 16 22:03:46 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> Message-ID: <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: > 2008/6/16 Devon Harding : > > > > > > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > wrote: > >> > >> 2008/6/16 Devon Harding : > >> >>>> > >> >>>> > >> >>>> > >> >>>> Devon Harding wrote: > >> >>>> | I'm getting alot of spam coming through and it seems like > >> >>>> the cause of > >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm running > >> >>>> MS 4.68.8 > >> >>>> | with SA *Le Service des Technologies de l'Information de > >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble > >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >>>> <*Le Service des Technologies de l'Information de l'UdeS > veut > >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >> >>>> tentative de fraude envers* http://3.2.4.> I've already > >> >>>> trained hundreds of > >> >>>> > >> >>>> | messages like these as spam and it doesn't seem to work. > >> >>>> What else can > >> >>>> | I do? > >> >>>> > >> >>>> My guess is that you are training the wrong database. You > >> >>>> train another > >> >>>> database and not the one you are using with MailScanner. > >> >>>> > >> >>>> Hugo. > >> >>>> > >> >>>> > >> >>>> > >> >>>> For MS, where is the Bayes DB path specified? My DB is located > >> >>>> here: > >> >>>> > >> >>>> /etc/MailScanner/.spamassassin > >> >>>> > >> >>>> > >> >>>> I think my BAYES is all messed up. How do I rebuild it from > >> >>>> scratch? > >> >>>> > >> >>> Devon, > >> >>> > >> >>> Look here for a starter kit: http://www.fsl.com/resources.html > >> >>> > >> >>> Denis > >> >>> > >> >>> -- > >> >> > >> >> I've restored the starter DB and I do see the new files in > >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed the > >> >> one > >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. When > I > >> >> do a > >> >> lint from the Tools tab, i Get the following: > >> >> > >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >> //.spamassassin/bayes_toks > >> > > >> > > >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > >> > --debug-sa > >> > after the restore and did see: > >> > > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> > /root/.spamassassin/bayes_toks > >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> > /root/.spamassassin/bayes_seen > >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> > 11:52:13 [5879] dbg: bayes: learned > >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > >> > 1213631520 > >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> > > >> > It seems that MailWatch is the one thats not working right. Any way > to > >> > relink this? > >> > > >> > -Devon > >> > > >> Make sure your apahce user (the one running your httpd processes... > >> hence the one running MailWatch:-) can actually read the bayes > >> files... "su" is your friend here... and if you want to be able to > >> learn via MailWatch, make sure the same user can write them too. > >> > >> Cheers > >> -- > > > > I have the right permissions set, the thing is MailWatch is not showing > any > > data for 'Bayes Database Information'. What is the tie in for MailWatch? > > > > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > > > > -Devon > > > But can the apache user access the directory? > MailWatch isn't particularly "magical" here, it uses the same info as > all else... > > Try something like "su - apache -s /bin/bash" and then "cd > /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > > Cheers > -- > -- Glenn > User apache can access this fine. I didn't see anything in the MailWatch .conf file on Bayes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080616/5e73db17/attachment.html From glenn.steen at gmail.com Mon Jun 16 23:16:14 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 16 23:16:24 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> Message-ID: <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> 2008/6/16 Devon Harding : > > > On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: >> >> 2008/6/16 Devon Harding : >> > >> > >> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> > wrote: >> >> >> >> 2008/6/16 Devon Harding : >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> Devon Harding wrote: >> >> >>>> | I'm getting alot of spam coming through and it seems like >> >> >>>> the cause of >> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >> >>>> running >> >> >>>> MS 4.68.8 >> >> >>>> | with SA *Le Service des Technologies de l'Information de >> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS >> >> >>>> veut >> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >> >>>> tentative de fraude envers* http://3.2.4.> I've already >> >> >>>> trained hundreds of >> >> >>>> >> >> >>>> | messages like these as spam and it doesn't seem to work. >> >> >>>> What else can >> >> >>>> | I do? >> >> >>>> >> >> >>>> My guess is that you are training the wrong database. You >> >> >>>> train another >> >> >>>> database and not the one you are using with MailScanner. >> >> >>>> >> >> >>>> Hugo. >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >> >> >>>> here: >> >> >>>> >> >> >>>> /etc/MailScanner/.spamassassin >> >> >>>> >> >> >>>> >> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >> >>>> scratch? >> >> >>>> >> >> >>> Devon, >> >> >>> >> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >> >>> >> >> >>> Denis >> >> >>> >> >> >>> -- >> >> >> >> >> >> I've restored the starter DB and I do see the new files in >> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed >> >> >> the >> >> >> one >> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >> >> >> When I >> >> >> do a >> >> >> lint from the Tools tab, i Get the following: >> >> >> >> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> >> //.spamassassin/bayes_toks >> >> > >> >> > >> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> >> > --debug-sa >> >> > after the restore and did see: >> >> > >> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> > /root/.spamassassin/bayes_toks >> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> > /root/.spamassassin/bayes_seen >> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >> > 11:52:13 [5879] dbg: bayes: learned >> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> >> > 1213631520 >> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >> > >> >> > It seems that MailWatch is the one thats not working right. Any way >> >> > to >> >> > relink this? >> >> > >> >> > -Devon >> >> > >> >> Make sure your apahce user (the one running your httpd processes... >> >> hence the one running MailWatch:-) can actually read the bayes >> >> files... "su" is your friend here... and if you want to be able to >> >> learn via MailWatch, make sure the same user can write them too. >> >> >> >> Cheers >> >> -- >> > >> > I have the right permissions set, the thing is MailWatch is not showing >> > any >> > data for 'Bayes Database Information'. What is the tie in for >> > MailWatch? >> > >> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> > >> > -Devon >> > >> But can the apache user access the directory? >> MailWatch isn't particularly "magical" here, it uses the same info as >> all else... >> >> Try something like "su - apache -s /bin/bash" and then "cd >> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >> Cheers >> -- >> -- Glenn > > User apache can access this fine. I didn't see anything in the MailWatch > .conf file on Bayes > That's because there is nothing there....:-). It uses the same info all else do (through the normal SA method... The .cf files). Unless this is something hardcoded into the scriptlet handling the SA db dump... Haven't checked that (and will not be anwhere I can check it until tomorrow... You have a look:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lists at designmedia.com Tue Jun 17 00:17:59 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 00:18:16 2008 Subject: BAYES_00 is killing me References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <48566DE7.6000108@vanderkooij.org> <2baac6140806160703t66c22095ja92760a1484638e8@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> Message-ID: Devon Harding gmail.com> writes: > User apache can access this fine. I didn't see anything in the > MailWatch .conf file on Bayes Have you tried explicitly calling out the path in either local.cf or /etc/MailScanner/spam.assassin.prefs.conf? Something like: bayes_path /root/.spamassassin/bayes From Robert.Meurlin at se.fujitsu.com Tue Jun 17 07:51:44 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Tue Jun 17 07:52:31 2008 Subject: SV: SV: mailscanner dont process email at all In-Reply-To: <485660C0.1080803@USherbrooke.ca> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> Message-ID: <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Its running as a process but in the log it just says MailScanner[21338]: MailScanner E-Mail Virus Scanner version 4.69.9 starting... It doesn't seem that it starts up. MailScanner[3242]: Config: calling custom init function MailWatchLogging Jun 17 08:44:33 MailScanner[3242]: Started SQL Logging child Jun 17 08:44:33 MailScanner[3242]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 17 08:44:34 MailScanner[3242]: Using SpamAssassin results cache Jun 17 08:44:34 MailScanner[3242]: Connected to SpamAssassin cache database And after that it doesn't process any incoming mail. I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any parameters, tried to restart the server. I have made any changes in MailScanner.conf either, iam confused :( Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Denis Beauchemin Skickat: den 16 juni 2008 14:47 Till: MailScanner discussion ?mne: Re: SV: mailscanner dont process email at all Meurlin Robert a ?crit : > Does anyone have more ides? Have looked at everything I can think of. > Robert, Is MailScanner running? Any messages from MS in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at designmedia.com Tue Jun 17 08:11:31 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 08:11:53 2008 Subject: SV: SV: mailscanner dont process email at all References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Message-ID: Meurlin Robert se.fujitsu.com> writes: > And after that it doesn't process any incoming mail. > > I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any > parameters, tried to restart the server. > > I have made any changes in MailScanner.conf either, iam confused :( Does flushing the sendmail queue manually do anything? From Robert.Meurlin at se.fujitsu.com Tue Jun 17 09:52:47 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Tue Jun 17 09:57:41 2008 Subject: SV: SV: SV: mailscanner dont process email at all In-Reply-To: References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x><485660C0.1080803@USherbrooke.ca><797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> Message-ID: <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. Is the last option to reinstall mailscanner? All points to that is the problem. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Henry Kwan Skickat: den 17 juni 2008 09:12 Till: mailscanner@lists.mailscanner.info ?mne: Re: SV: SV: mailscanner dont process email at all Meurlin Robert se.fujitsu.com> writes: > And after that it doesn't process any incoming mail. > > I have tried to update MailScanner to the latest version, configtest doesn't show any wrong with any > parameters, tried to restart the server. > > I have made any changes in MailScanner.conf either, iam confused :( Does flushing the sendmail queue manually do anything? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 17 10:11:05 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:11:16 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160755v7c5f67b7xd6d0ed02c7e2c906@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> Message-ID: <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> 2008/6/17 Glenn Steen : > 2008/6/16 Devon Harding : >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen wrote: >>> >>> 2008/6/16 Devon Harding : >>> > >>> > >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >>> > wrote: >>> >> >>> >> 2008/6/16 Devon Harding : >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> Devon Harding wrote: >>> >> >>>> | I'm getting alot of spam coming through and it seems like >>> >> >>>> the cause of >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >>> >> >>>> running >>> >> >>>> MS 4.68.8 >>> >> >>>> | with SA *Le Service des Technologies de l'Information de >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui semble >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >>> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS >>> >> >>>> veut >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've already >>> >> >>>> trained hundreds of >>> >> >>>> >>> >> >>>> | messages like these as spam and it doesn't seem to work. >>> >> >>>> What else can >>> >> >>>> | I do? >>> >> >>>> >>> >> >>>> My guess is that you are training the wrong database. You >>> >> >>>> train another >>> >> >>>> database and not the one you are using with MailScanner. >>> >> >>>> >>> >> >>>> Hugo. >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is located >>> >> >>>> here: >>> >> >>>> >>> >> >>>> /etc/MailScanner/.spamassassin >>> >> >>>> >>> >> >>>> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >>> >> >>>> scratch? >>> >> >>>> >>> >> >>> Devon, >>> >> >>> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >>> >> >>> >>> >> >>> Denis >>> >> >>> >>> >> >>> -- >>> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed >>> >> >> the >>> >> >> one >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >>> >> >> When I >>> >> >> do a >>> >> >> lint from the Tools tab, i Get the following: >>> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >>> >> >> //.spamassassin/bayes_toks >>> >> > >>> >> > >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >>> >> > --debug-sa >>> >> > after the restore and did see: >>> >> > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >>> >> > /root/.spamassassin/bayes_toks >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >>> >> > /root/.spamassassin/bayes_seen >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >>> >> > 11:52:13 [5879] dbg: bayes: learned >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >>> >> > 1213631520 >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >>> >> > >>> >> > It seems that MailWatch is the one thats not working right. Any way >>> >> > to >>> >> > relink this? >>> >> > >>> >> > -Devon >>> >> > >>> >> Make sure your apahce user (the one running your httpd processes... >>> >> hence the one running MailWatch:-) can actually read the bayes >>> >> files... "su" is your friend here... and if you want to be able to >>> >> learn via MailWatch, make sure the same user can write them too. >>> >> >>> >> Cheers >>> >> -- >>> > >>> > I have the right permissions set, the thing is MailWatch is not showing >>> > any >>> > data for 'Bayes Database Information'. What is the tie in for >>> > MailWatch? >>> > >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >>> > >>> > -Devon >>> > >>> But can the apache user access the directory? >>> MailWatch isn't particularly "magical" here, it uses the same info as >>> all else... >>> >>> Try something like "su - apache -s /bin/bash" and then "cd >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >>> >>> Cheers >>> -- >>> -- Glenn >> >> User apache can access this fine. I didn't see anything in the MailWatch >> .conf file on Bayes >> > That's because there is nothing there....:-). > It uses the same info all else do (through the normal SA method... The > .cf files). > > Unless this is something hardcoded into the scriptlet handling the SA > db dump... Haven't checked that (and will not be anwhere I can check > it until tomorrow... You have a look:-). > > Cheers Nope, nothing strange here, the call is to sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic in bayes_info.php ... Where /path/to/MailScanner likely expands as /etc/MailScanner or similar (this is from the SA_PREFS setting in conf.php). As the apache user, can you run the above command? What do you get? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kte at nexis.be Tue Jun 17 10:23:15 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 10:23:26 2008 Subject: Milter-ahead configuration problem Message-ID: Hallo How do I configure the milter-ahead on sendmail, because I always go looks like a local recipient, skipping Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 4 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: version mi smatch application: 3 != milter: 2 Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 euid=501 egid =501 Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright 2004, 200 5 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, 2005 by Anthony Howe. All rights reserved. Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB 4.2.52: (January 7, 2007) Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like a local recipient, skipping [root@mail ~]# more /etc/mail/mailertable nexis.be esmtp:[mailserver.nexis.be] [root@mail ~]# more /etc/mail/access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY nexis.be RELAY mx record refers to our real mailserver where can I disable that he says it looks like a local recipient?? Koen Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/fc813756/attachment.html From glenn.steen at gmail.com Tue Jun 17 10:27:47 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:27:58 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> 2008/6/16 Kevin Miller : > Jay R. Ashworth wrote: >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >>> Welcome to MailScanner - almost as much fun as Rivendell! >> >> Everyone's Following Me!!! :-) > > Great minds think alike? > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the rpm > installs. Could be wrong on that - never had to look too closely. Not > sure what the best practice is for that. I'm sure someone will chime in > on it. This is a great group. > > >> Wow, there's a lot of stuff in my maillogs... > > Yeah. Email gateways are busier than a one legged man in a butt kicking > contest. > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the new > machine. There's a few minor edits in the .conf file (hostname and the > like) but just drop the bayes files in place and you'll hit the ground > running... > That's pretty much how you upgrade the source dist too:-). Install the new one to its own directory in /opt, use upgrade_MailScanner_conf on the old file, copy over any modified ruleset files... stop MS, relink to the new install, star MailScanner... Did I miss anything? Don't think so:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 17 10:38:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 10:39:01 2008 Subject: SV: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> <48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> Message-ID: <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> 2008/6/17 Meurlin Robert : > Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. > > Is the last option to reinstall mailscanner? All points to that is the problem. > Hej Robert, You mention configtest ... Is this a command? What is it supposed to do for you? Is this running on cPanel or similar? How did you do the install? What version of OS/distro are you using? The more details the better answers:-). Tjena -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Jun 17 10:43:45 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 17 10:44:28 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> References: <20080616140331.GA27476@cgi.jachomes.com><20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03F0307A@HC-MBX02.herefordshire.gov.uk> And make sure all listed RBLS are still current and working. Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 17 June 2008 10:28 To: MailScanner discussion Subject: Re: Updating an adopted installation from 4.54 2008/6/16 Kevin Miller : > Jay R. Ashworth wrote: >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >>> Welcome to MailScanner - almost as much fun as Rivendell! >> >> Everyone's Following Me!!! :-) > > Great minds think alike? > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the > rpm installs. Could be wrong on that - never had to look too closely. > Not sure what the best practice is for that. I'm sure someone will > chime in on it. This is a great group. > > >> Wow, there's a lot of stuff in my maillogs... > > Yeah. Email gateways are busier than a one legged man in a butt > kicking contest. > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the > new machine. There's a few minor edits in the .conf file (hostname > and the > like) but just drop the bayes files in place and you'll hit the ground > running... > That's pretty much how you upgrade the source dist too:-). Install the new one to its own directory in /opt, use upgrade_MailScanner_conf on the old file, copy over any modified ruleset files... stop MS, relink to the new install, star MailScanner... Did I miss anything? Don't think so:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Jun 17 11:05:18 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jun 17 11:05:33 2008 Subject: Milter-ahead configuration problem In-Reply-To: References: Message-ID: <48578C5E.4050601@alexb.ch> On 6/17/2008 11:23 AM, kte@nexis.be wrote: > Hallo > > How do I configure the milter-ahead on sendmail, because I always go looks > like a local recipient, skipping > > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 4 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 3 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 > euid=501 egid > =501 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright > 2004, 200 > 5 by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, > 2005 > by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) > Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB > 4.2.52: > (January 7, 2007) > Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like > a local recipient, skipping > > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? in milter-ahead.cf what did you enter for: access-db= From martyn at invictawiz.com Tue Jun 17 11:20:39 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Tue Jun 17 11:22:43 2008 Subject: MailScanner website Message-ID: <48578FF7.4060606@invictawiz.com> Hmmm I have just been looking for some information on the MailScanner website and I noticed this snippet: "Black shirts, embroidered shirts and other items with an updated design , ships from Germany" Blackshirts, coming from Germany? Is there something secret about MailScanner that we all need to know about? :-) -- Martyn Routley ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/479e4286/attachment.html From steve.freegard at fsl.com Tue Jun 17 11:31:49 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jun 17 11:32:00 2008 Subject: Milter-ahead configuration problem In-Reply-To: References: Message-ID: <48579295.9030605@fsl.com> kte@nexis.be wrote: > *Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks > like a local recipient, skipping* > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? > If you have 'access-db=/etc/mail/access.db' then the 'nexis.be RELAY' entry will act like a whitelist entry on earlier versions of libsnert. Add the entry: 'milter-ahead-To:nexis.be SKIP' To your access-map and then rebuild it and you should find that milter-ahead starts doing the call-aheads correctly. Kind regards, Steve. From kte at nexis.be Tue Jun 17 11:33:59 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 11:34:09 2008 Subject: Milter-ahead configuration problem In-Reply-To: <48578C5E.4050601@alexb.ch> Message-ID: @ the moment I don't have that parameter in my milter-ahead.cf Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be Alex Broens Sent by: mailscanner-bounces@lists.mailscanner.info 17/06/2008 12:05 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Milter-ahead configuration problem On 6/17/2008 11:23 AM, kte@nexis.be wrote: > Hallo > > How do I configure the milter-ahead on sendmail, because I always go looks > like a local recipient, skipping > > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 4 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: > version mi > smatch application: 3 != milter: 2 > Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 > euid=501 egid > =501 > Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright > 2004, 200 > 5 by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, > 2005 > by Anthony Howe. All rights reserved. > Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) > Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB > 4.2.52: > (January 7, 2007) > Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like > a local recipient, skipping > > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? in milter-ahead.cf what did you enter for: access-db= -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/4cec8eb0/attachment.html From jodedor at gmail.com Tue Jun 17 11:35:20 2008 From: jodedor at gmail.com (David Guillermo) Date: Tue Jun 17 11:35:30 2008 Subject: Syntax error(s) in configuration file Message-ID: Hi. my problem is: Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner E-Mail Virus Scanner version 4.69.9 starting... Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) in configuration file: Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 servidor1 MailScanner[26675]: Warning: syntax errors in /etc/MailScanner/MailScanner.conf. in my /etc/MailScanner/MailScanner.conf. is SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf my version... MailScanner -V This is Fedora Core release 6 (Zod) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.69.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 0.21 bignum 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 0.19 Math::BigRat 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long missing Inline missing IO::String 1.04 IO::Zlib missing IP::Country missing Mail::ClamAV 3.001009 Mail::SpamAssassin missing Mail::SPF missing Mail::SPF::Query missing Module::Build missing Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable 0.34 Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.56 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI missing version missing YAML -- -:- j0d3 David Guillermo Rodriguez Debian Unstable/Sid GNU/Linux e-mail: davocasc98@gmail.com http://j0d3.blogspot.com Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Kernel: 2.6.24.2 Linux user #408522 -:- From martinh at solidstatelogic.com Tue Jun 17 11:57:05 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 17 11:57:15 2008 Subject: Syntax error(s) in configuration file In-Reply-To: Message-ID: David Kinda what it says really....you no longer need a spamassassisinprefs setting in MailScanner.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of David Guillermo > Sent: 17 June 2008 11:35 > To: MailScanner discussion > Subject: Syntax error(s) in configuration file > > Hi. > > my problem is: > > Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner > E-Mail Virus Scanner version 4.69.9 starting... > Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) > in configuration file: > Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised > keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 > servidor1 MailScanner[26675]: Warning: syntax errors in > /etc/MailScanner/MailScanner.conf. > > in my /etc/MailScanner/MailScanner.conf. > is > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > my version... MailScanner -V > > This is Fedora Core release 6 (Zod) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.69.9 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 0.21 bignum > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 0.19 Math::BigRat > 3.07 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.07 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 2.15 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.14 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Encode::Detect > missing Error > missing ExtUtils::CBuilder > missing ExtUtils::ParseXS > 2.36 Getopt::Long > missing Inline > missing IO::String > 1.04 IO::Zlib > missing IP::Country > missing Mail::ClamAV > 3.001009 Mail::SpamAssassin > missing Mail::SPF > missing Mail::SPF::Query > missing Module::Build > missing Net::CIDR::Lite > 0.63 Net::DNS > missing Net::DNS::Resolver::Programmable > 0.34 Net::LDAP > missing NetAddr::IP > missing Parse::RecDescent > missing SAVI > 2.56 Test::Harness > missing Test::Manifest > 1.95 Text::Balanced > 1.35 URI > missing version > missing YAML > > -- > -:- j0d3 > David Guillermo Rodriguez > Debian Unstable/Sid GNU/Linux > e-mail: davocasc98@gmail.com > http://j0d3.blogspot.com > Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ > Kernel: 2.6.24.2 > Linux user #408522 > -:- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From kte at nexis.be Tue Jun 17 12:55:05 2008 From: kte at nexis.be (kte@nexis.be) Date: Tue Jun 17 12:55:15 2008 Subject: Milter-ahead configuration problem In-Reply-To: <48579295.9030605@fsl.com> Message-ID: Hello Steve, So i just add milter-ahead-To:nexis.be SKIP after nexis.be RELAY in the access file?? and force acces.db in sendmail.cf Koen Koen Teugels | Information & Communication Technology Engineer E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 ICT Support: ict-support@nexis.be NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be Bisdom, 8 | B-3090 Overijse | http://www.nexis.be Steve Freegard Sent by: mailscanner-bounces@lists.mailscanner.info 17/06/2008 12:31 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Milter-ahead configuration problem kte@nexis.be wrote: > *Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks > like a local recipient, skipping* > > [root@mail ~]# more /etc/mail/mailertable > nexis.be esmtp:[mailserver.nexis.be] > > [root@mail ~]# more /etc/mail/access > # Check the /usr/share/doc/sendmail/README.cf file for a description > # of the format of this file. (search for access_db in that file) > # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc > # package. > # > # by default we allow relaying from localhost... > Connect:localhost.localdomain RELAY > Connect:localhost RELAY > Connect:127.0.0.1 RELAY > nexis.be RELAY > > > mx record refers to our real mailserver > > where can I disable that he says it looks like a local recipient?? > If you have 'access-db=/etc/mail/access.db' then the 'nexis.be RELAY' entry will act like a whitelist entry on earlier versions of libsnert. Add the entry: 'milter-ahead-To:nexis.be SKIP' To your access-map and then rebuild it and you should find that milter-ahead starts doing the call-aheads correctly. Kind regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/ff3e25d7/attachment.html From devonharding at gmail.com Tue Jun 17 13:19:03 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 13:19:11 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <485682AD.5030305@USherbrooke.ca> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> Message-ID: <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen wrote: > 2008/6/17 Glenn Steen : > > 2008/6/16 Devon Harding : > >> > >> > >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen > wrote: > >>> > >>> 2008/6/16 Devon Harding : > >>> > > >>> > > >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > >>> > wrote: > >>> >> > >>> >> 2008/6/16 Devon Harding : > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> Devon Harding wrote: > >>> >> >>>> | I'm getting alot of spam coming through and it seems > like > >>> >> >>>> the cause of > >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm > >>> >> >>>> running > >>> >> >>>> MS 4.68.8 > >>> >> >>>> | with SA *Le Service des Technologies de l'Information > de > >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui > semble > >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. < > http://3.2.4.> > >>> >> >>>> <*Le Service des Technologies de l'Information de l'UdeS > >>> >> >>>> veut > >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une > >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > already > >>> >> >>>> trained hundreds of > >>> >> >>>> > >>> >> >>>> | messages like these as spam and it doesn't seem to > work. > >>> >> >>>> What else can > >>> >> >>>> | I do? > >>> >> >>>> > >>> >> >>>> My guess is that you are training the wrong database. > You > >>> >> >>>> train another > >>> >> >>>> database and not the one you are using with MailScanner. > >>> >> >>>> > >>> >> >>>> Hugo. > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is > located > >>> >> >>>> here: > >>> >> >>>> > >>> >> >>>> /etc/MailScanner/.spamassassin > >>> >> >>>> > >>> >> >>>> > >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from > >>> >> >>>> scratch? > >>> >> >>>> > >>> >> >>> Devon, > >>> >> >>> > >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html > >>> >> >>> > >>> >> >>> Denis > >>> >> >>> > >>> >> >>> -- > >>> >> >> > >>> >> >> I've restored the starter DB and I do see the new files in > >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed > >>> >> >> the > >>> >> >> one > >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. > >>> >> >> When I > >>> >> >> do a > >>> >> >> lint from the Tools tab, i Get the following: > >>> >> >> > >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >>> >> >> //.spamassassin/bayes_toks > >>> >> > > >>> >> > > >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug > >>> >> > --debug-sa > >>> >> > after the restore and did see: > >>> >> > > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >>> >> > /root/.spamassassin/bayes_toks > >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >>> >> > /root/.spamassassin/bayes_seen > >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >>> >> > 11:52:13 [5879] dbg: bayes: learned > >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: > >>> >> > 1213631520 > >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >>> >> > > >>> >> > It seems that MailWatch is the one thats not working right. Any > way > >>> >> > to > >>> >> > relink this? > >>> >> > > >>> >> > -Devon > >>> >> > > >>> >> Make sure your apahce user (the one running your httpd processes... > >>> >> hence the one running MailWatch:-) can actually read the bayes > >>> >> files... "su" is your friend here... and if you want to be able to > >>> >> learn via MailWatch, make sure the same user can write them too. > >>> >> > >>> >> Cheers > >>> >> -- > >>> > > >>> > I have the right permissions set, the thing is MailWatch is not > showing > >>> > any > >>> > data for 'Bayes Database Information'. What is the tie in for > >>> > MailWatch? > >>> > > >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >>> > > >>> > -Devon > >>> > > >>> But can the apache user access the directory? > >>> MailWatch isn't particularly "magical" here, it uses the same info as > >>> all else... > >>> > >>> Try something like "su - apache -s /bin/bash" and then "cd > >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >>> > >>> Cheers > >>> -- > >>> -- Glenn > >> > >> User apache can access this fine. I didn't see anything in the > MailWatch > >> .conf file on Bayes > >> > > That's because there is nothing there....:-). > > It uses the same info all else do (through the normal SA method... The > > .cf files). > > > > Unless this is something hardcoded into the scriptlet handling the SA > > db dump... Haven't checked that (and will not be anwhere I can check > > it until tomorrow... You have a look:-). > > > > Cheers > > Nope, nothing strange here, the call is to > sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > in bayes_info.php ... Where /path/to/MailScanner likely expands as > /etc/MailScanner or similar (this is from the SA_PREFS setting in > conf.php). > > As the apache user, can you run the above command? What do you get? > > Cheers > -- > -- Glenn > This was run as apache: bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 448 0 non-token data: nspam 0.000 0 1287 0 non-token data: nham 0.000 0 170860 0 non-token data: ntokens 0.000 0 1171294928 0 non-token data: oldest atime 0.000 0 1213703845 0 non-token data: newest atime 0.000 0 1213700281 0 non-token data: last journal sync atime 0.000 0 1213671060 0 non-token data: last expiry atime 0.000 0 11059200 0 non-token data: last expire atime delta 0.000 0 24264 0 non-token data: last expire reduction count bash-3.1$ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/7c16ac99/attachment.html From davejones70 at gmail.com Tue Jun 17 13:55:10 2008 From: davejones70 at gmail.com (Dave Jones) Date: Tue Jun 17 13:55:20 2008 Subject: Problem while updating perl Message-ID: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> >Dave Jones a ?crit : >> >> >> You can reinstall MailScanner but you will still have the same perl >> >> conflicts next time a perl module gets updated on RPMforge (or >> >> whatever your repo is that has the conflicting package). >> >> >> >> I would simply force the install of the perl modules (I do it all the >> >> time) with the conflict from the MailScanner installation: >> >> >> >> # rpm -Uhv --force >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> >> >> Substitute "rpmforge" above with whatever your repository name is and >> >> the RPM file in question. >> >> >> >> Dave >> >> >> >> -- >> >> Dave Jones >> >Dave, >> > >> >It didn't work on my RHEL 5.2 server: >> >[root@smtps ~]# rpm -Uvh --force >> >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found/.*. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/\.journal. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found. >> >Preparing... ########################################### >> >[100%] >> >1:perl ########################################### >> >[100%] >> >[root@smtps ~]# MailScanner --lint >> > >> > >> >**** ERROR: You must upgrade your perl IO module to at least >> >**** ERROR: version 1.2301 or MailScanner will not work! >> > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >> >perl-Math-BigInt perl-Math-BigRat perl-bignum >> > >> >Denis >> >> Sounds like you might have SELinux active. Run "getenforce" and if it >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then >> run your command again. >> >> If permissive mode allows the package install command to work with >> --force, then disable SELinux or try your hand at updating the SELinux >> policy that is preventing it from installing. RHEL 5 is supposed to >> be much easier to customize SELinux policies but I haven't played with >> it yet. I still just disable it during the install and go... >> >> -- >> Dave Jones > >Dave, > >It is disabled on all my servers (I just checked and getenforce returns >Disabled)... I see the "selinux" messages all the time whenever I >install or upgrade an RPM... to the point where I don't even pay any >attention to them... could have been the reason I had problem, though! > >Denis Now that I see your repo is "rhel-i386-server-5" then there could be a few other things it could be. What repos do you have installed and active? If you have RPMforge installed (which every CentOS box should have), it may overlap some packages with with the RHEL repo. We install RPMforge on our RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we only enable it for specific packages from the command line with the "--enable-repo=rpmforge" option. On a RHEL server like yours, the perl packages should come from the RHEL repo to keep everything clean. Is it possible that perl was updated or installed from another source? You might try removing and reinstalling perl after making sure that the only active repo is "rhel-i386-server-5." -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/307a0c4b/attachment.html From glenn.steen at gmail.com Tue Jun 17 14:51:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 14:51:36 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160846h14e2f0eev4ed789d8664e426e@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> Message-ID: <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> 2008/6/17 Devon Harding : > > > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen wrote: >> >> 2008/6/17 Glenn Steen : >> > 2008/6/16 Devon Harding : >> >> >> >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen >> >> wrote: >> >>> >> >>> 2008/6/16 Devon Harding : >> >>> > >> >>> > >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> >>> > wrote: >> >>> >> >> >>> >> 2008/6/16 Devon Harding : >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> Devon Harding wrote: >> >>> >> >>>> | I'm getting alot of spam coming through and it seems >> >>> >> >>>> like >> >>> >> >>>> the cause of >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >>> >> >>>> running >> >>> >> >>>> MS 4.68.8 >> >>> >> >>>> | with SA *Le Service des Technologies de l'Information >> >>> >> >>>> de >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui >> >>> >> >>>> semble >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >>> >> >>>> >> >>> >> >>>> <*Le Service des Technologies de l'Information de >> >>> >> >>>> l'UdeS >> >>> >> >>>> veut >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre une >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've >> >>> >> >>>> already >> >>> >> >>>> trained hundreds of >> >>> >> >>>> >> >>> >> >>>> | messages like these as spam and it doesn't seem to >> >>> >> >>>> work. >> >>> >> >>>> What else can >> >>> >> >>>> | I do? >> >>> >> >>>> >> >>> >> >>>> My guess is that you are training the wrong database. >> >>> >> >>>> You >> >>> >> >>>> train another >> >>> >> >>>> database and not the one you are using with >> >>> >> >>>> MailScanner. >> >>> >> >>>> >> >>> >> >>>> Hugo. >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is >> >>> >> >>>> located >> >>> >> >>>> here: >> >>> >> >>>> >> >>> >> >>>> /etc/MailScanner/.spamassassin >> >>> >> >>>> >> >>> >> >>>> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it from >> >>> >> >>>> scratch? >> >>> >> >>>> >> >>> >> >>> Devon, >> >>> >> >>> >> >>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html >> >>> >> >>> >> >>> >> >>> Denis >> >>> >> >>> >> >>> >> >>> -- >> >>> >> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and >> >>> >> >> removed >> >>> >> >> the >> >>> >> >> one >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing. >> >>> >> >> When I >> >>> >> >> do a >> >>> >> >> lint from the Tools tab, i Get the following: >> >>> >> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >>> >> >> //.spamassassin/bayes_toks >> >>> >> > >> >>> >> > >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner --debug >> >>> >> > --debug-sa >> >>> >> > after the restore and did see: >> >>> >> > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >>> >> > /root/.spamassassin/bayes_toks >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >>> >> > /root/.spamassassin/bayes_seen >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >>> >> > 11:52:13 [5879] dbg: bayes: learned >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', atime: >> >>> >> > 1213631520 >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >>> >> > >> >>> >> > It seems that MailWatch is the one thats not working right. Any >> >>> >> > way >> >>> >> > to >> >>> >> > relink this? >> >>> >> > >> >>> >> > -Devon >> >>> >> > >> >>> >> Make sure your apahce user (the one running your httpd processes... >> >>> >> hence the one running MailWatch:-) can actually read the bayes >> >>> >> files... "su" is your friend here... and if you want to be able to >> >>> >> learn via MailWatch, make sure the same user can write them too. >> >>> >> >> >>> >> Cheers >> >>> >> -- >> >>> > >> >>> > I have the right permissions set, the thing is MailWatch is not >> >>> > showing >> >>> > any >> >>> > data for 'Bayes Database Information'. What is the tie in for >> >>> > MailWatch? >> >>> > >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> >>> > >> >>> > -Devon >> >>> > >> >>> But can the apache user access the directory? >> >>> MailWatch isn't particularly "magical" here, it uses the same info as >> >>> all else... >> >>> >> >>> Try something like "su - apache -s /bin/bash" and then "cd >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >>> >> >>> Cheers >> >>> -- >> >>> -- Glenn >> >> >> >> User apache can access this fine. I didn't see anything in the >> >> MailWatch >> >> .conf file on Bayes >> >> >> > That's because there is nothing there....:-). >> > It uses the same info all else do (through the normal SA method... The >> > .cf files). >> > >> > Unless this is something hardcoded into the scriptlet handling the SA >> > db dump... Haven't checked that (and will not be anwhere I can check >> > it until tomorrow... You have a look:-). >> > >> > Cheers >> >> Nope, nothing strange here, the call is to >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic >> in bayes_info.php ... Where /path/to/MailScanner likely expands as >> /etc/MailScanner or similar (this is from the SA_PREFS setting in >> conf.php). >> >> As the apache user, can you run the above command? What do you get? >> >> Cheers >> -- >> -- Glenn > > This was run as apache: > > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 448 0 non-token data: nspam > 0.000 0 1287 0 non-token data: nham > 0.000 0 170860 0 non-token data: ntokens > 0.000 0 1171294928 0 non-token data: oldest atime > 0.000 0 1213703845 0 non-token data: newest atime > 0.000 0 1213700281 0 non-token data: last journal sync > atime > 0.000 0 1213671060 0 non-token data: last expiry atime > 0.000 0 11059200 0 non-token data: last expire atime > delta > 0.000 0 24264 0 non-token data: last expire > reduction count > bash-3.1$ > Ok, and if you do (as the apache user) spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf (in reality, one should change MW to not use the -p preference file, since this is included as a .cf already... Don't do much harm though:-) Do you get the db error then? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Tue Jun 17 14:52:11 2008 From: ram at netcore.co.in (ram) Date: Tue Jun 17 14:52:28 2008 Subject: Disabling sare updates via sa-update Message-ID: <1213710731.10602.34.camel@localhost.localdomain> The http://www.rulesemporium.com/ site recommends disabling auto updates of SARE rules In MailScanner I dont see any way How this can be done. Can I turn off auto sa-update in in MailScanner , Or should I just remove sare rules from sa-update Thanks Ram From devonharding at gmail.com Tue Jun 17 15:11:51 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 15:11:59 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806160854g7fd18fecj4380ce0f5ac74a7c@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> Message-ID: <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen wrote: > 2008/6/17 Devon Harding : > > > > > > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen > wrote: > >> > >> 2008/6/17 Glenn Steen : > >> > 2008/6/16 Devon Harding : > >> >> > >> >> > >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen > >> >> wrote: > >> >>> > >> >>> 2008/6/16 Devon Harding : > >> >>> > > >> >>> > > >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen < > glenn.steen@gmail.com> > >> >>> > wrote: > >> >>> >> > >> >>> >> 2008/6/16 Devon Harding : > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> Devon Harding wrote: > >> >>> >> >>>> | I'm getting alot of spam coming through and it > seems > >> >>> >> >>>> like > >> >>> >> >>>> the cause of > >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm > >> >>> >> >>>> running > >> >>> >> >>>> MS 4.68.8 > >> >>> >> >>>> | with SA *Le Service des Technologies de > l'Information > >> >>> >> >>>> de > >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui > >> >>> >> >>>> semble > >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >>> >> >>>> > >> >>> >> >>>> <*Le Service des Technologies de l'Information de > >> >>> >> >>>> l'UdeS > >> >>> >> >>>> veut > >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre > une > >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > >> >>> >> >>>> already > >> >>> >> >>>> trained hundreds of > >> >>> >> >>>> > >> >>> >> >>>> | messages like these as spam and it doesn't seem to > >> >>> >> >>>> work. > >> >>> >> >>>> What else can > >> >>> >> >>>> | I do? > >> >>> >> >>>> > >> >>> >> >>>> My guess is that you are training the wrong database. > >> >>> >> >>>> You > >> >>> >> >>>> train another > >> >>> >> >>>> database and not the one you are using with > >> >>> >> >>>> MailScanner. > >> >>> >> >>>> > >> >>> >> >>>> Hugo. > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is > >> >>> >> >>>> located > >> >>> >> >>>> here: > >> >>> >> >>>> > >> >>> >> >>>> /etc/MailScanner/.spamassassin > >> >>> >> >>>> > >> >>> >> >>>> > >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it > from > >> >>> >> >>>> scratch? > >> >>> >> >>>> > >> >>> >> >>> Devon, > >> >>> >> >>> > >> >>> >> >>> Look here for a starter kit: > http://www.fsl.com/resources.html > >> >>> >> >>> > >> >>> >> >>> Denis > >> >>> >> >>> > >> >>> >> >>> -- > >> >>> >> >> > >> >>> >> >> I've restored the starter DB and I do see the new files in > >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and > >> >>> >> >> removed > >> >>> >> >> the > >> >>> >> >> one > >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows > nothing. > >> >>> >> >> When I > >> >>> >> >> do a > >> >>> >> >> lint from the Tools tab, i Get the following: > >> >>> >> >> > >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >>> >> >> //.spamassassin/bayes_toks > >> >>> >> > > >> >>> >> > > >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner > --debug > >> >>> >> > --debug-sa > >> >>> >> > after the restore and did see: > >> >>> >> > > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >>> >> > /root/.spamassassin/bayes_toks > >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >>> >> > /root/.spamassassin/bayes_seen > >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> >>> >> > 11:52:13 [5879] dbg: bayes: learned > >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', > atime: > >> >>> >> > 1213631520 > >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> >>> >> > > >> >>> >> > It seems that MailWatch is the one thats not working right. > Any > >> >>> >> > way > >> >>> >> > to > >> >>> >> > relink this? > >> >>> >> > > >> >>> >> > -Devon > >> >>> >> > > >> >>> >> Make sure your apahce user (the one running your httpd > processes... > >> >>> >> hence the one running MailWatch:-) can actually read the bayes > >> >>> >> files... "su" is your friend here... and if you want to be able > to > >> >>> >> learn via MailWatch, make sure the same user can write them too. > >> >>> >> > >> >>> >> Cheers > >> >>> >> -- > >> >>> > > >> >>> > I have the right permissions set, the thing is MailWatch is not > >> >>> > showing > >> >>> > any > >> >>> > data for 'Bayes Database Information'. What is the tie in for > >> >>> > MailWatch? > >> >>> > > >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >> >>> > > >> >>> > -Devon > >> >>> > > >> >>> But can the apache user access the directory? > >> >>> MailWatch isn't particularly "magical" here, it uses the same info > as > >> >>> all else... > >> >>> > >> >>> Try something like "su - apache -s /bin/bash" and then "cd > >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >> >>> > >> >>> Cheers > >> >>> -- > >> >>> -- Glenn > >> >> > >> >> User apache can access this fine. I didn't see anything in the > >> >> MailWatch > >> >> .conf file on Bayes > >> >> > >> > That's because there is nothing there....:-). > >> > It uses the same info all else do (through the normal SA method... The > >> > .cf files). > >> > > >> > Unless this is something hardcoded into the scriptlet handling the SA > >> > db dump... Haven't checked that (and will not be anwhere I can check > >> > it until tomorrow... You have a look:-). > >> > > >> > Cheers > >> > >> Nope, nothing strange here, the call is to > >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > >> in bayes_info.php ... Where /path/to/MailScanner likely expands as > >> /etc/MailScanner or similar (this is from the SA_PREFS setting in > >> conf.php). > >> > >> As the apache user, can you run the above command? What do you get? > >> > >> Cheers > >> -- > >> -- Glenn > > > > This was run as apache: > > > > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump > magic > > 0.000 0 3 0 non-token data: bayes db version > > 0.000 0 448 0 non-token data: nspam > > 0.000 0 1287 0 non-token data: nham > > 0.000 0 170860 0 non-token data: ntokens > > 0.000 0 1171294928 0 non-token data: oldest atime > > 0.000 0 1213703845 0 non-token data: newest atime > > 0.000 0 1213700281 0 non-token data: last journal sync > > atime > > 0.000 0 1213671060 0 non-token data: last expiry atime > > 0.000 0 11059200 0 non-token data: last expire atime > > delta > > 0.000 0 24264 0 non-token data: last expire > > reduction count > > bash-3.1$ > > > Ok, and if you do (as the apache user) > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > (in reality, one should change MW to not use the -p preference file, > since this is included as a .cf already... Don't do much harm > though:-) Do you get the db error then? > > Cheers > -- > -- Glenn > No error and it even finds bayes installed. I think its something with MW. [26297] dbg: replacetags: done replacing tags [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_toks [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_seen [26297] dbg: bayes: found bayes db version 3 [26297] dbg: bayes: DB journal sync: last sync: 1213700281 [26297] dbg: config: score set 2 chosen. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/d34ea140/attachment.html From martinh at solidstatelogic.com Tue Jun 17 15:11:48 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 17 15:12:03 2008 Subject: Disabling sare updates via sa-update In-Reply-To: <1213710731.10602.34.camel@localhost.localdomain> Message-ID: Ram This is a sa-update issue nothing to do with mailscanner.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 17 June 2008 14:52 > To: MailScanner discussion > Subject: Disabling sare updates via sa-update > > The http://www.rulesemporium.com/ site recommends disabling > auto updates of SARE rules > > In MailScanner I dont see any way How this can be done. > > Can I turn off auto sa-update in in MailScanner , Or should I > just remove sare rules from sa-update > > > Thanks > Ram > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jra at baylink.com Tue Jun 17 15:19:47 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 15:19:56 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <20080617141947.GC639@cgi.jachomes.com> On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: > That's pretty much how you upgrade the source dist too:-). > Install the new one to its own directory in /opt, use > upgrade_MailScanner_conf on the old file, copy over any modified > ruleset files... stop MS, relink to the new install, star > MailScanner... Did I miss anything? Don't think so:-) You missed that I don't know it as well as you do. :-) > Install the new one to its own directory in /opt Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be damned. :-) > use upgrade_MailScanner_conf on the old file "On the old install"? It sounds like you mean "run the upgrade script supplied with the new install against the old one". Do you? > copy over any modified ruleset files... from the old install to the new one...? > stop MS, relink to the new install, start MailScanner... This part I *think* I get, but I'm not 100% certain how the Sendmail 8.13 -> MailScanner link works. Is it in fact enough if I make sure that /opt/MailScanner points to the new install's home directory once I'm done? Is the only interface through the filesystem? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From glenn.steen at gmail.com Tue Jun 17 15:39:07 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 15:39:18 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <223f97700806161146x1649089cl9cc7bc9c65d03209@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> Message-ID: <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> 2008/6/17 Devon Harding : > > > On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen wrote: >> >> 2008/6/17 Devon Harding : >> > >> > >> > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen >> > wrote: >> >> >> >> 2008/6/17 Glenn Steen : >> >> > 2008/6/16 Devon Harding : >> >> >> >> >> >> >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen >> >> >> wrote: >> >> >>> >> >> >>> 2008/6/16 Devon Harding : >> >> >>> > >> >> >>> > >> >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen >> >> >>> > >> >> >>> > wrote: >> >> >>> >> >> >> >>> >> 2008/6/16 Devon Harding : >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> Devon Harding wrote: >> >> >>> >> >>>> | I'm getting alot of spam coming through and it >> >> >>> >> >>>> seems >> >> >>> >> >>>> like >> >> >>> >> >>>> the cause of >> >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. I'm >> >> >>> >> >>>> running >> >> >>> >> >>>> MS 4.68.8 >> >> >>> >> >>>> | with SA *Le Service des Technologies de >> >> >>> >> >>>> l'Information >> >> >>> >> >>>> de >> >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" qui >> >> >>> >> >>>> semble >> >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. >> >> >>> >> >>>> >> >> >>> >> >>>> <*Le Service des Technologies de l'Information de >> >> >>> >> >>>> l'UdeS >> >> >>> >> >>>> veut >> >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble ?tre >> >> >>> >> >>>> une >> >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've >> >> >>> >> >>>> already >> >> >>> >> >>>> trained hundreds of >> >> >>> >> >>>> >> >> >>> >> >>>> | messages like these as spam and it doesn't seem to >> >> >>> >> >>>> work. >> >> >>> >> >>>> What else can >> >> >>> >> >>>> | I do? >> >> >>> >> >>>> >> >> >>> >> >>>> My guess is that you are training the wrong >> >> >>> >> >>>> database. >> >> >>> >> >>>> You >> >> >>> >> >>>> train another >> >> >>> >> >>>> database and not the one you are using with >> >> >>> >> >>>> MailScanner. >> >> >>> >> >>>> >> >> >>> >> >>>> Hugo. >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB is >> >> >>> >> >>>> located >> >> >>> >> >>>> here: >> >> >>> >> >>>> >> >> >>> >> >>>> /etc/MailScanner/.spamassassin >> >> >>> >> >>>> >> >> >>> >> >>>> >> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it >> >> >>> >> >>>> from >> >> >>> >> >>>> scratch? >> >> >>> >> >>>> >> >> >>> >> >>> Devon, >> >> >>> >> >>> >> >> >>> >> >>> Look here for a starter kit: >> >> >>> >> >>> http://www.fsl.com/resources.html >> >> >>> >> >>> >> >> >>> >> >>> Denis >> >> >>> >> >>> >> >> >>> >> >>> -- >> >> >>> >> >> >> >> >>> >> >> I've restored the starter DB and I do see the new files in >> >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and >> >> >>> >> >> removed >> >> >>> >> >> the >> >> >>> >> >> one >> >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows >> >> >>> >> >> nothing. >> >> >>> >> >> When I >> >> >>> >> >> do a >> >> >>> >> >> lint from the Tools tab, i Get the following: >> >> >>> >> >> >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: >> >> >>> >> >> //.spamassassin/bayes_toks >> >> >>> >> > >> >> >>> >> > >> >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner >> >> >>> >> > --debug >> >> >>> >> > --debug-sa >> >> >>> >> > after the restore and did see: >> >> >>> >> > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> >>> >> > /root/.spamassassin/bayes_toks >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W >> >> >>> >> > /root/.spamassassin/bayes_seen >> >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 >> >> >>> >> > 11:52:13 [5879] dbg: bayes: learned >> >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', >> >> >>> >> > atime: >> >> >>> >> > 1213631520 >> >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing >> >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock >> >> >>> >> > >> >> >>> >> > It seems that MailWatch is the one thats not working right. >> >> >>> >> > Any >> >> >>> >> > way >> >> >>> >> > to >> >> >>> >> > relink this? >> >> >>> >> > >> >> >>> >> > -Devon >> >> >>> >> > >> >> >>> >> Make sure your apahce user (the one running your httpd >> >> >>> >> processes... >> >> >>> >> hence the one running MailWatch:-) can actually read the bayes >> >> >>> >> files... "su" is your friend here... and if you want to be able >> >> >>> >> to >> >> >>> >> learn via MailWatch, make sure the same user can write them too. >> >> >>> >> >> >> >>> >> Cheers >> >> >>> >> -- >> >> >>> > >> >> >>> > I have the right permissions set, the thing is MailWatch is not >> >> >>> > showing >> >> >>> > any >> >> >>> > data for 'Bayes Database Information'. What is the tie in for >> >> >>> > MailWatch? >> >> >>> > >> >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal >> >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex >> >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen >> >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks >> >> >>> > >> >> >>> > -Devon >> >> >>> > >> >> >>> But can the apache user access the directory? >> >> >>> MailWatch isn't particularly "magical" here, it uses the same info >> >> >>> as >> >> >>> all else... >> >> >>> >> >> >>> Try something like "su - apache -s /bin/bash" and then "cd >> >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) >> >> >>> >> >> >>> Cheers >> >> >>> -- >> >> >>> -- Glenn >> >> >> >> >> >> User apache can access this fine. I didn't see anything in the >> >> >> MailWatch >> >> >> .conf file on Bayes >> >> >> >> >> > That's because there is nothing there....:-). >> >> > It uses the same info all else do (through the normal SA method... >> >> > The >> >> > .cf files). >> >> > >> >> > Unless this is something hardcoded into the scriptlet handling the SA >> >> > db dump... Haven't checked that (and will not be anwhere I can check >> >> > it until tomorrow... You have a look:-). >> >> > >> >> > Cheers >> >> >> >> Nope, nothing strange here, the call is to >> >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic >> >> in bayes_info.php ... Where /path/to/MailScanner likely expands as >> >> /etc/MailScanner or similar (this is from the SA_PREFS setting in >> >> conf.php). >> >> >> >> As the apache user, can you run the above command? What do you get? >> >> >> >> Cheers >> >> -- >> >> -- Glenn >> > >> > This was run as apache: >> > >> > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump >> > magic >> > 0.000 0 3 0 non-token data: bayes db version >> > 0.000 0 448 0 non-token data: nspam >> > 0.000 0 1287 0 non-token data: nham >> > 0.000 0 170860 0 non-token data: ntokens >> > 0.000 0 1171294928 0 non-token data: oldest atime >> > 0.000 0 1213703845 0 non-token data: newest atime >> > 0.000 0 1213700281 0 non-token data: last journal >> > sync >> > atime >> > 0.000 0 1213671060 0 non-token data: last expiry >> > atime >> > 0.000 0 11059200 0 non-token data: last expire >> > atime >> > delta >> > 0.000 0 24264 0 non-token data: last expire >> > reduction count >> > bash-3.1$ >> > >> Ok, and if you do (as the apache user) >> spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf >> (in reality, one should change MW to not use the -p preference file, >> since this is included as a .cf already... Don't do much harm >> though:-) Do you get the db error then? >> >> Cheers >> -- >> -- Glenn > > No error and it even finds bayes installed. I think its something with MW. > > [26297] dbg: replacetags: done replacing tags > [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_toks > [26297] dbg: bayes: tie-ing to DB file R/O /var/www/.spamassassin/bayes_seen > [26297] dbg: bayes: found bayes db version 3 > [26297] dbg: bayes: DB journal sync: last sync: 1213700281 > [26297] dbg: config: score set 2 chosen. > Ok, what is your MS_CONFIG setting and your SA_PREFS in conf.php (sorry all you others, this should be on the MW list, I know)? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arthur.sherman at gmail.com Tue Jun 17 15:46:59 2008 From: arthur.sherman at gmail.com (Arthur Sherman) Date: Tue Jun 17 15:47:17 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> Message-ID: <022f01c8d089$00f348e0$0201a8c0@dell> i used to update from DAG's repo on CentOS, in addition to main repos, it always worked fine. this time i had to remove the perl-IO and reinstall MS, as per advice - all forced. i didn't like forcing, seems unclean to me, but up to now it works well. thanks! Best, -- Arthur Sherman _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Jones Sent: Tuesday, June 17, 2008 3:55 PM To: mailscanner Subject: Re: Problem while updating perl >Dave Jones a ?crit : >> >> >> You can reinstall MailScanner but you will still have the same perl >> >> conflicts next time a perl module gets updated on RPMforge (or >> >> whatever your repo is that has the conflicting package). >> >> >> >> I would simply force the install of the perl modules (I do it all the >> >> time) with the conflict from the MailScanner installation: >> >> >> >> # rpm -Uhv --force >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> >> >> Substitute "rpmforge" above with whatever your repository name is and >> >> the RPM file in question. >> >> >> >> Dave >> >> >> >> -- >> >> Dave Jones >> >Dave, >> > >> >It didn't work on my RHEL 5.2 server: >> >[root@smtps ~]# rpm -Uvh --force >> >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found/.*. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/\.journal. >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >specifications for /usr/local/lost\+found. >> >Preparing... ########################################### >> >[100%] >> >1:perl ########################################### >> >[100%] >> >[root@smtps ~]# MailScanner --lint >> > >> > >> >**** ERROR: You must upgrade your perl IO module to at least >> >**** ERROR: version 1.2301 or MailScanner will not work! >> > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >> >perl-Math-BigInt perl-Math-BigRat perl-bignum >> > >> >Denis >> >> Sounds like you might have SELinux active. Run "getenforce" and if it >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then >> run your command again. >> >> If permissive mode allows the package install command to work with >> --force, then disable SELinux or try your hand at updating the SELinux >> policy that is preventing it from installing. RHEL 5 is supposed to >> be much easier to customize SELinux policies but I haven't played with >> it yet. I still just disable it during the install and go... >> >> -- >> Dave Jones > >Dave, > >It is disabled on all my servers (I just checked and getenforce returns >Disabled)... I see the "selinux" messages all the time whenever I >install or upgrade an RPM... to the point where I don't even pay any >attention to them... could have been the reason I had problem, though! > >Denis Now that I see your repo is "rhel-i386-server-5" then there could be a few other things it could be. What repos do you have installed and active? If you have RPMforge installed (which every CentOS box should have), it may overlap some packages with with the RHEL repo. We install RPMforge on our RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we only enable it for specific packages from the command line with the "--enable-repo=rpmforge" option. On a RHEL server like yours, the perl packages should come from the RHEL repo to keep everything clean. Is it possible that perl was updated or installed from another source? You might try removing and reinstalling perl after making sure that the only active repo is "rhel-i386-server-5." -- Dave Jones -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/71c5ce5a/attachment.html From glenn.steen at gmail.com Tue Jun 17 15:49:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 17 15:49:57 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080617141947.GC639@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> Message-ID: <223f97700806170749x6272f4cfl53381d5ed127009a@mail.gmail.com> 2008/6/17 Jay R. Ashworth : > On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: >> That's pretty much how you upgrade the source dist too:-). >> Install the new one to its own directory in /opt, use >> upgrade_MailScanner_conf on the old file, copy over any modified >> ruleset files... stop MS, relink to the new install, star >> MailScanner... Did I miss anything? Don't think so:-) > > You missed that I don't know it as well as you do. :-) :-) >> Install the new one to its own directory in /opt > > Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be > damned. :-) Doesn't matter as lon as the link is where it should:-). >> use upgrade_MailScanner_conf on the old file > > "On the old install"? It sounds like you mean "run the upgrade script > supplied with the new install against the old one". Do you? Sort of. You should run the upgrade script from the new install, supplying the old MailScanner.conf as the old file, and the new MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade script will instruct you correctly if you run it without an argument. It needs the new "default" file so that it can tell what options to remove/add from the old one. It will print the new and improved version on standard output, so just redirect that to a file MailScanner.new, look through that one, so that it looks OK, then move it into place on the new install. >> copy over any modified ruleset files... > > from the old install to the new one...? Yep. >> stop MS, relink to the new install, start MailScanner... > > This part I *think* I get, but I'm not 100% certain how the Sendmail > 8.13 -> MailScanner link works. Is it in fact enough if I make sure > that /opt/MailScanner points to the new install's home directory once > I'm done? Is the only interface through the filesystem? Eh, all it means is that you need use whatever startup script to stop MailScanner, do "rm /opt/MailScanner" to remove the symbolic link to the old install, "ln -s /appl/ms4.69.3 /opt/MailScanner" to create the symbolic link to the new install... and then use the same startup script to actually start it running again. Hope that clears any confusion:-) > Cheers, > -- jra Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Tue Jun 17 17:00:27 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 17 17:00:54 2008 Subject: Oh great Oracle that is the MS list Message-ID: <4857DF9B.9040904@pixelhammer.com> I cannot seen to reach the milter.info website, or the snertsoft.com website. I need to post to the list and to do so I need to sign up a freemail account. For some odd reason I am getting the following error now where I did not when posting to the milters list before. : 82.97.10.34 failed after I sent the message. Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: header #459 (k5GHfI268250091300) Can anyone else reach SnertSoft? Anyone ever see that error before? Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From uxbod at splatnix.net Tue Jun 17 17:08:14 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jun 17 17:08:44 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> Message-ID: <20836166.19491213718894369.JavaMail.root@office.splatnix.net> Cannot get to it from the UK. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "DAve" wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did > not > when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, > > DAve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Tue Jun 17 17:09:05 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Jun 17 17:09:15 2008 Subject: BAYES_00 is killing me In-Reply-To: <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> Message-ID: <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> On Tue, Jun 17, 2008 at 10:39 AM, Glenn Steen wrote: > 2008/6/17 Devon Harding : > > > > > > On Tue, Jun 17, 2008 at 9:51 AM, Glenn Steen > wrote: > >> > >> 2008/6/17 Devon Harding : > >> > > >> > > >> > On Tue, Jun 17, 2008 at 5:11 AM, Glenn Steen > >> > wrote: > >> >> > >> >> 2008/6/17 Glenn Steen : > >> >> > 2008/6/16 Devon Harding : > >> >> >> > >> >> >> > >> >> >> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen < > glenn.steen@gmail.com> > >> >> >> wrote: > >> >> >>> > >> >> >>> 2008/6/16 Devon Harding : > >> >> >>> > > >> >> >>> > > >> >> >>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen > >> >> >>> > > >> >> >>> > wrote: > >> >> >>> >> > >> >> >>> >> 2008/6/16 Devon Harding : > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> Devon Harding wrote: > >> >> >>> >> >>>> | I'm getting alot of spam coming through and it > >> >> >>> >> >>>> seems > >> >> >>> >> >>>> like > >> >> >>> >> >>>> the cause of > >> >> >>> >> >>>> | this is BAYES_00 scoring messages with -2.60. > I'm > >> >> >>> >> >>>> running > >> >> >>> >> >>>> MS 4.68.8 > >> >> >>> >> >>>> | with SA *Le Service des Technologies de > >> >> >>> >> >>>> l'Information > >> >> >>> >> >>>> de > >> >> >>> >> >>>> l'UdeS veut vous mettre en garde contre "3.2.4" > qui > >> >> >>> >> >>>> semble > >> >> >>> >> >>>> ?tre une tentative de fraude envers* 3.2.4. > >> >> >>> >> >>>> > >> >> >>> >> >>>> <*Le Service des Technologies de l'Information de > >> >> >>> >> >>>> l'UdeS > >> >> >>> >> >>>> veut > >> >> >>> >> >>>> vous mettre en garde contre "3.2.4" qui semble > ?tre > >> >> >>> >> >>>> une > >> >> >>> >> >>>> tentative de fraude envers* http://3.2.4.> I've > >> >> >>> >> >>>> already > >> >> >>> >> >>>> trained hundreds of > >> >> >>> >> >>>> > >> >> >>> >> >>>> | messages like these as spam and it doesn't seem > to > >> >> >>> >> >>>> work. > >> >> >>> >> >>>> What else can > >> >> >>> >> >>>> | I do? > >> >> >>> >> >>>> > >> >> >>> >> >>>> My guess is that you are training the wrong > >> >> >>> >> >>>> database. > >> >> >>> >> >>>> You > >> >> >>> >> >>>> train another > >> >> >>> >> >>>> database and not the one you are using with > >> >> >>> >> >>>> MailScanner. > >> >> >>> >> >>>> > >> >> >>> >> >>>> Hugo. > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> For MS, where is the Bayes DB path specified? My DB > is > >> >> >>> >> >>>> located > >> >> >>> >> >>>> here: > >> >> >>> >> >>>> > >> >> >>> >> >>>> /etc/MailScanner/.spamassassin > >> >> >>> >> >>>> > >> >> >>> >> >>>> > >> >> >>> >> >>>> I think my BAYES is all messed up. How do I rebuild it > >> >> >>> >> >>>> from > >> >> >>> >> >>>> scratch? > >> >> >>> >> >>>> > >> >> >>> >> >>> Devon, > >> >> >>> >> >>> > >> >> >>> >> >>> Look here for a starter kit: > >> >> >>> >> >>> http://www.fsl.com/resources.html > >> >> >>> >> >>> > >> >> >>> >> >>> Denis > >> >> >>> >> >>> > >> >> >>> >> >>> -- > >> >> >>> >> >> > >> >> >>> >> >> I've restored the starter DB and I do see the new files in > >> >> >>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and > >> >> >>> >> >> removed > >> >> >>> >> >> the > >> >> >>> >> >> one > >> >> >>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows > >> >> >>> >> >> nothing. > >> >> >>> >> >> When I > >> >> >>> >> >> do a > >> >> >>> >> >> lint from the Tools tab, i Get the following: > >> >> >>> >> >> > >> >> >>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O: > >> >> >>> >> >> //.spamassassin/bayes_toks > >> >> >>> >> > > >> >> >>> >> > > >> >> >>> >> > Hmm....I thing Bayes IS working. I just ran MailScanner > >> >> >>> >> > --debug > >> >> >>> >> > --debug-sa > >> >> >>> >> > after the restore and did see: > >> >> >>> >> > > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >> >>> >> > /root/.spamassassin/bayes_toks > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W > >> >> >>> >> > /root/.spamassassin/bayes_seen > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3 > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: learned > >> >> >>> >> > '88a47a16459989c19d47893de31fec608aa8f41e@sa_generated', > >> >> >>> >> > atime: > >> >> >>> >> > 1213631520 > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: untie-ing > >> >> >>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock > >> >> >>> >> > > >> >> >>> >> > It seems that MailWatch is the one thats not working right. > >> >> >>> >> > Any > >> >> >>> >> > way > >> >> >>> >> > to > >> >> >>> >> > relink this? > >> >> >>> >> > > >> >> >>> >> > -Devon > >> >> >>> >> > > >> >> >>> >> Make sure your apahce user (the one running your httpd > >> >> >>> >> processes... > >> >> >>> >> hence the one running MailWatch:-) can actually read the bayes > >> >> >>> >> files... "su" is your friend here... and if you want to be > able > >> >> >>> >> to > >> >> >>> >> learn via MailWatch, make sure the same user can write them > too. > >> >> >>> >> > >> >> >>> >> Cheers > >> >> >>> >> -- > >> >> >>> > > >> >> >>> > I have the right permissions set, the thing is MailWatch is not > >> >> >>> > showing > >> >> >>> > any > >> >> >>> > data for 'Bayes Database Information'. What is the tie in for > >> >> >>> > MailWatch? > >> >> >>> > > >> >> >>> > -rw-rw---- 1 root apache 78K Jun 16 15:17 bayes_journal > >> >> >>> > -rw-rw---- 1 root apache 895 Jun 16 15:17 bayes.mutex > >> >> >>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen > >> >> >>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks > >> >> >>> > > >> >> >>> > -Devon > >> >> >>> > > >> >> >>> But can the apache user access the directory? > >> >> >>> MailWatch isn't particularly "magical" here, it uses the same > info > >> >> >>> as > >> >> >>> all else... > >> >> >>> > >> >> >>> Try something like "su - apache -s /bin/bash" and then "cd > >> >> >>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-) > >> >> >>> > >> >> >>> Cheers > >> >> >>> -- > >> >> >>> -- Glenn > >> >> >> > >> >> >> User apache can access this fine. I didn't see anything in the > >> >> >> MailWatch > >> >> >> .conf file on Bayes > >> >> >> > >> >> > That's because there is nothing there....:-). > >> >> > It uses the same info all else do (through the normal SA method... > >> >> > The > >> >> > .cf files). > >> >> > > >> >> > Unless this is something hardcoded into the scriptlet handling the > SA > >> >> > db dump... Haven't checked that (and will not be anwhere I can > check > >> >> > it until tomorrow... You have a look:-). > >> >> > > >> >> > Cheers > >> >> > >> >> Nope, nothing strange here, the call is to > >> >> sa-learn -p /path/to/MailScanner/spa.assassin.prefs.conf --dump-magic > >> >> in bayes_info.php ... Where /path/to/MailScanner likely expands as > >> >> /etc/MailScanner or similar (this is from the SA_PREFS setting in > >> >> conf.php). > >> >> > >> >> As the apache user, can you run the above command? What do you get? > >> >> > >> >> Cheers > >> >> -- > >> >> -- Glenn > >> > > >> > This was run as apache: > >> > > >> > bash-3.1$ sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --dump > >> > magic > >> > 0.000 0 3 0 non-token data: bayes db > version > >> > 0.000 0 448 0 non-token data: nspam > >> > 0.000 0 1287 0 non-token data: nham > >> > 0.000 0 170860 0 non-token data: ntokens > >> > 0.000 0 1171294928 0 non-token data: oldest atime > >> > 0.000 0 1213703845 0 non-token data: newest atime > >> > 0.000 0 1213700281 0 non-token data: last journal > >> > sync > >> > atime > >> > 0.000 0 1213671060 0 non-token data: last expiry > >> > atime > >> > 0.000 0 11059200 0 non-token data: last expire > >> > atime > >> > delta > >> > 0.000 0 24264 0 non-token data: last expire > >> > reduction count > >> > bash-3.1$ > >> > > >> Ok, and if you do (as the apache user) > >> spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > >> (in reality, one should change MW to not use the -p preference file, > >> since this is included as a .cf already... Don't do much harm > >> though:-) Do you get the db error then? > >> > >> Cheers > >> -- > >> -- Glenn > > > > No error and it even finds bayes installed. I think its something with > MW. > > > > [26297] dbg: replacetags: done replacing tags > > [26297] dbg: bayes: tie-ing to DB file R/O > /var/www/.spamassassin/bayes_toks > > [26297] dbg: bayes: tie-ing to DB file R/O > /var/www/.spamassassin/bayes_seen > > [26297] dbg: bayes: found bayes db version 3 > > [26297] dbg: bayes: DB journal sync: last sync: 1213700281 > > [26297] dbg: config: score set 2 chosen. > > > Ok, what is your MS_CONFIG setting and your SA_PREFS in conf.php > (sorry all you others, this should be on the MW list, I know)? > -- > -- Glenn > Here are paths: // Paths define(MAILWATCH_HOME, '/var/www/html/mailscanner'); define(MS_CONFIG_DIR, '/etc/MailScanner/'); define(MS_LIB_DIR, '/usr/lib/MailScanner/'); define(CACHE_DIR, './images/cache/'); // JpGraph cache define(TTF_DIR,'./jpgraph/fonts/'); // JpGraph fonts define(SA_DIR,'/usr/bin/'); define(SA_RULES_DIR, '/usr/share/spamassassin/'); define(SA_PREFS, MS_CONFIG_DIR.'spam.assassin.prefs.conf'); define(FPDF_FONTPATH,'./fpdf/font/'); -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/627ee090/attachment.html From steve at fsl.com Tue Jun 17 17:12:36 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Jun 17 17:12:47 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> References: <4857DF9B.9040904@pixelhammer.com> Message-ID: <4857E274.3070008@fsl.com> DAve wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did > not when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, > > DAve > > DAve I've forwarded to Anthony. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From mikea at mikea.ath.cx Tue Jun 17 17:25:08 2008 From: mikea at mikea.ath.cx (Mike Andrews W5EGO) Date: Tue Jun 17 17:25:22 2008 Subject: Oh great Oracle that is the MS list In-Reply-To: <4857DF9B.9040904@pixelhammer.com> References: <4857DF9B.9040904@pixelhammer.com> Message-ID: <20080617162508.GB9074@mikea.ath.cx> On Tue, Jun 17, 2008 at 12:00:27PM -0400, DAve wrote: > I cannot seen to reach the milter.info website, or the snertsoft.com > website. I need to post to the list and to do so I need to sign up a > freemail account. > > For some odd reason I am getting the following error now where I did not > when posting to the milters list before. > > : > 82.97.10.34 failed after I sent the message. > Remote host said: 554 5.6.0 invalid RFC 2822 date-time in Received: > header #459 (k5GHfI268250091300) > > Can anyone else reach SnertSoft? Anyone ever see that error before? > Thanks, At least you were able to get to the SMTP port at mx.snert.net; I'm not getting there, or to anyplace else at milter.info or snert.(com,net), and think there's something strange going on in the routing: 14 xe-10-3-0-0.ams-koo-score-1.interoute.net (84.233.190.5) 138.909 ms e1-0.par-gar-score-1.interoute.net (212.23.42.21) 127.439 ms 6-0-0.par-gar-access-1.interoute.net (212.23.42.6) 121.890 ms -------------------------------------------------------------------------- 15 ae2-0.par-gar-score-2.interoute.net (84.233.190.62) 133.322 ms 89.202.192.90 (89.202.192.90) 142.866 ms ae2-0.par-gar-score-2.interoute.net (84.233.190.62) 144.415 ms -------------------------------------------------------------------------- 16 Gi7-0-0.par-gar-access-1.interoute.net (212.23.42.14) 132.863 ms 89.202.192.90 (89.202.192.90) 140.444 ms Gi7-0-0.par-gar-access-1.interoute.net (212.23.42.14) 135.421 ms -------------------------------------------------------------------------- 17 Vl5-swr-3-sop.tasfrance.net (82.97.0.13) 139.817 ms * 89.202.192.90 (89.202.192.90) 152.109 ms -------------------------------------------------------------------------- 18 * Vl5-swr-3-sop.tasfrance.net (82.97.0.13) 157.719 ms * It appears that there may be a (lossy) routing loop between hop 17 and hop 18, as the same IP address and routername (Vl5-swr-3-sop.tasfrance.net (82.97.0.13)) appear in both -- or I'm misreading the traceroute output or am much mistaken. Comments, corrections, and additional information are invited. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:26:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:26:25 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> Message-ID: <4857E5A3.9080406@ecs.soton.ac.uk> Kevin Miller wrote: > Jay R. Ashworth wrote: > >> On Mon, Jun 16, 2008 at 10:49:36AM -0800, Kevin Miller wrote: >> >>> Welcome to MailScanner - almost as much fun as Rivendell! >>> >> Everyone's Following Me!!! :-) >> > > Great minds think alike? > > > >> I meant to say: Slack 10.2. It's in /opt/MailScanner.version with a >> symlink to it from /opt/MailScanner. >> > > Hmmm - I'm not sure but it sounds like they did a source compile > installation. There's no such thing. MailScanner is written in Perl so it's compiled when you run it. There is no "compiled" version of MailScanner. The RPM installations use /usr/lib/MailScanner and /etc/MailScanner so as to follow the Linux standards. The "Other Unix" installation uses /opt by default as that is usually the best place to put self-contained packages. > My stuff lands in /usr/lib/MailScanner (and > /etc/MailScanner of course) by default which I think is SOP for the rpm > installs. Could be wrong on that - never had to look too closely. Not > sure what the best practice is for that. I'm sure someone will chime in > on it. This is a great group. > > > >> Wow, there's a lot of stuff in my maillogs... >> > > Yeah. Email gateways are busier than a one legged man in a butt kicking > contest. > > > >> I saw something about that. I'm strongly considering just building a >> new dedicated machine (this one is shared) and forklift-upgrading... >> would I need to bring training databases along for that? >> > > If you have a box or two to put it on, that would be the best way to go. > It's saved my bacon more than once. And yes, you definitely want to > migrate the bayes databases over. It's a wealth of data customized to > your site. Whenever I've had to build a box from scratch I just copy > over /etc/MailScanner/MailScanner.conf and the bayes database to the new > machine. There's a few minor edits in the .conf file (hostname and the > like) but just drop the bayes files in place and you'll hit the ground > running... > > > ...Kevin > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:34:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:34:52 2008 Subject: MailScanner website In-Reply-To: References: Message-ID: <4857E79C.70902@ecs.soton.ac.uk> Martyn Routley wrote: > Hmmm > > I have just been looking for some information on the MailScanner > website and I noticed this snippet: > > > "Black shirts, embroidered shirts and other items with an updated > design , ships from Germany" > > Blackshirts, coming from Germany? > Is there something secret about MailScanner that we all need to know > about? :-) LOL! Unintentional, honestly. At that point CafePress weren't selling anything other than white T-shirts I think, so the only way to get black ones was via Germany (spreadshirt.de). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:36:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:36:35 2008 Subject: Syntax error(s) in configuration file In-Reply-To: References: Message-ID: <4857E802.5060907@ecs.soton.ac.uk> Run "upgrade_MailScanner_conf" and it will tell you how to use this command, which will fix this problem for you. Whenever you change your MailScanner version (upgrade or downgrade, it handles both) you should re-run upgrade_MailScanner_conf to fix up your MailScanner.conf file. Martin.Hepworth wrote: > David > > Kinda what it says really....you no longer need a spamassassisinprefs setting in MailScanner.conf. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of David Guillermo >> Sent: 17 June 2008 11:35 >> To: MailScanner discussion >> Subject: Syntax error(s) in configuration file >> >> Hi. >> >> my problem is: >> >> Jun 17 12:20:16 servidor1 MailScanner[26675]: MailScanner >> E-Mail Virus Scanner version 4.69.9 starting... >> Jun 17 12:20:17 servidor1 MailScanner[26675]: Syntax error(s) >> in configuration file: >> Jun 17 12:20:17 servidor1 MailScanner[26675]: Unrecognised >> keyword "spamassassinprefsfile" at line 1412 Jun 17 12:20:17 >> servidor1 MailScanner[26675]: Warning: syntax errors in >> /etc/MailScanner/MailScanner.conf. >> >> in my /etc/MailScanner/MailScanner.conf. >> is >> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >> >> my version... MailScanner -V >> >> This is Fedora Core release 6 (Zod) >> This is Perl version 5.008008 (5.8.8) >> >> This is MailScanner version 4.69.9 >> Module versions are: >> 1.00 AnyDBM_File >> 1.16 Archive::Zip >> 0.21 bignum >> 1.04 Carp >> 1.42 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121_08 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.74 File::Basename >> 2.09 File::Copy >> 2.01 FileHandle >> 1.08 File::Path >> 0.19 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.86 Math::BigInt >> 0.19 Math::BigRat >> 3.07 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.07 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.09 POSIX >> 1.18 Scalar::Util >> 1.78 Socket >> 2.15 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.86 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.30 Archive::Tar >> 0.21 bignum >> missing Business::ISBN >> missing Business::ISBN::Data >> missing Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.56 DBI >> 1.14 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> missing Encode::Detect >> missing Error >> missing ExtUtils::CBuilder >> missing ExtUtils::ParseXS >> 2.36 Getopt::Long >> missing Inline >> missing IO::String >> 1.04 IO::Zlib >> missing IP::Country >> missing Mail::ClamAV >> 3.001009 Mail::SpamAssassin >> missing Mail::SPF >> missing Mail::SPF::Query >> missing Module::Build >> missing Net::CIDR::Lite >> 0.63 Net::DNS >> missing Net::DNS::Resolver::Programmable >> 0.34 Net::LDAP >> missing NetAddr::IP >> missing Parse::RecDescent >> missing SAVI >> 2.56 Test::Harness >> missing Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> missing version >> missing YAML >> >> -- >> -:- j0d3 >> David Guillermo Rodriguez >> Debian Unstable/Sid GNU/Linux >> e-mail: davocasc98@gmail.com >> http://j0d3.blogspot.com >> Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ >> Kernel: 2.6.24.2 >> Linux user #408522 >> -:- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:44:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:44:41 2008 Subject: Disabling sare updates via sa-update In-Reply-To: References: Message-ID: <4857E9E7.1070300@ecs.soton.ac.uk> ram wrote: > The http://www.rulesemporium.com/ site recommends disabling auto updates > of SARE rules > > In MailScanner I dont see any way How this can be done. > > Can I turn off auto sa-update in in MailScanner , Or should I just > remove sare rules from sa-update > The call to sa-update is done by the update_spamassassin cron job in /etc/cron.daily/update_spamassassin. To disable it, just run this command: chmod a-x /etc/cron.daily/update_spamassassin If you later want to re-enable it, change "a-x" to "a+x". To just disable particular sets of rules from your auto-update, you need to look in /etc/sysconfig/MailScanner and find the value of SAUPDATEARGS. That list of options should point to a channel-list file. Edit that file and remove the rules you don't want to auto-update. Hopefully that is enough to get you started. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:48:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:49:18 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> Message-ID: <4857EAFB.5020509@ecs.soton.ac.uk> Jay R. Ashworth wrote: > On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: > >> That's pretty much how you upgrade the source dist too:-). >> Install the new one to its own directory in /opt, use >> upgrade_MailScanner_conf on the old file, copy over any modified >> ruleset files... stop MS, relink to the new install, star >> MailScanner... Did I miss anything? Don't think so:-) >> > > You missed that I don't know it as well as you do. :-) > > >> Install the new one to its own directory in /opt >> > > Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be > damned. :-) > > >> use upgrade_MailScanner_conf on the old file >> > > "On the old install"? It sounds like you mean "run the upgrade script > supplied with the new install against the old one". Do you? > All versions of upgrade_MailScanner_conf are pretty much the same. It's what you pass to it on the command-line that tells it what to do. Diff the two scripts and you will find they are identical, pretty much. I occasionally add a new test, but the differences don't basically affect its operation. > >> copy over any modified ruleset files... >> > > from the old install to the new one...? > Yes. If you have modified any of the report files you might want to copy the old ones to the new one as well. If you have edited languages.conf then there is an upgrade_languages_conf script as well (which is actually a soft-linked copy of upgrade_MailScanner_conf :-) > >> stop MS, relink to the new install, start MailScanner... >> > > This part I *think* I get, but I'm not 100% certain how the Sendmail > 8.13 -> MailScanner link works. Is it in fact enough if I make sure > that /opt/MailScanner points to the new install's home directory once > I'm done? Is the only interface through the filesystem? > The only interface from sendmail to MailScanner is through the filesystem. The only sendmail call that MailScanner makes is to kick it into doing a delivery attempt of each new message as soon as it has been processed. It does that by running "Sendmail2" as defined in MailScanner.conf. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jra at baylink.com Tue Jun 17 17:50:33 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 17:50:46 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857E5A3.9080406@ecs.soton.ac.uk> References: <20080616192508.GC28498@cgi.jachomes.com> <4857E5A3.9080406@ecs.soton.ac.uk> Message-ID: <20080617165033.GL840@cgi.jachomes.com> On Tue, Jun 17, 2008 at 05:26:11PM +0100, Julian Field wrote: > There's no such thing. MailScanner is written in Perl so it's compiled > when you run it. There is no "compiled" version of MailScanner. The RPM > installations use /usr/lib/MailScanner and /etc/MailScanner so as to > follow the Linux standards. The "Other Unix" installation uses /opt by > default as that is usually the best place to put self-contained packages. By habit, I tend to put large application systems not delivered with the OS in /appl, where my first major DBMS liked to live (which was mostly a mount-point/free-space issue originally). (On OSs without package managers, that is.) FWIW, though, my personal opinion is that such packages ought to live in monolithic directories, possible with one additional subdir of /etc for config (if that doesn't live in $PACKDIR/etc), because it makes easier precisely the task I'm on now: installing and testing a new version manually before rolling it out. SA on this machine, for instance, is all over creation, which means I can't practically upgrade it without a tape backup of the whole machine which I can't make right now, because I won't have a backout procedure. It's not the packagers responsibility to save me from myself, there, certainly, but they *could* have chosen an approach -- as you have -- that makes that less painful. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From MailScanner at ecs.soton.ac.uk Tue Jun 17 17:50:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 17:51:14 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> Message-ID: <4857EB6F.60800@ecs.soton.ac.uk> Glenn Steen wrote: > 2008/6/17 Jay R. Ashworth : > >> On Tue, Jun 17, 2008 at 11:27:47AM +0200, Glenn Steen wrote: >> >>> That's pretty much how you upgrade the source dist too:-). >>> Install the new one to its own directory in /opt, use >>> upgrade_MailScanner_conf on the old file, copy over any modified >>> ruleset files... stop MS, relink to the new install, star >>> MailScanner... Did I miss anything? Don't think so:-) >>> >> You missed that I don't know it as well as you do. :-) >> > :-) > > >>> Install the new one to its own directory in /opt >>> >> Check. (well, actually, I'm putting it in /appl/ms4.69.3; FHS be >> damned. :-) >> > Doesn't matter as lon as the link is where it should:-). > > >>> use upgrade_MailScanner_conf on the old file >>> >> "On the old install"? It sounds like you mean "run the upgrade script >> supplied with the new install against the old one". Do you? >> > Sort of. You should run the upgrade script from the new install, > supplying the old MailScanner.conf as the old file, and the new > MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade > script will instruct you correctly if you run it without an argument. > It needs the new "default" file so that it can tell what options to > remove/add from the old one. It will print the new and improved > version on standard output, so just redirect that to a file > MailScanner.new, look through that one, so that it looks OK, then move > it into place on the new install. > It explains all this in pretty straightforward terms when you run it without any command-line parameters at all. > >>> copy over any modified ruleset files... >>> >> from the old install to the new one...? >> > Yep. > > >>> stop MS, relink to the new install, start MailScanner... >>> >> This part I *think* I get, but I'm not 100% certain how the Sendmail >> 8.13 -> MailScanner link works. Is it in fact enough if I make sure >> that /opt/MailScanner points to the new install's home directory once >> I'm done? Is the only interface through the filesystem? >> > Eh, all it means is that you need use whatever startup script to stop > MailScanner, do "rm /opt/MailScanner" to remove the symbolic link to > the old install, "ln -s /appl/ms4.69.3 /opt/MailScanner" to create the > symbolic link to the new install... and then use the same startup > script to actually start it running again. > > Hope that clears any confusion:-) > > >> Cheers, >> -- jra >> > > Cheers > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From submit at zuka.net Tue Jun 17 18:05:40 2008 From: submit at zuka.net (Dave Filchak) Date: Tue Jun 17 18:05:58 2008 Subject: bayes expire questions Message-ID: <4857EEE4.1040208@zuka.net> I have been trying to figure out the best way to handle bayes_toks.expire files. I have a large number of them in my bayes directory (about 1.8 Gb worth) and was trying to understand if it was OK to delete them. Turns out that it appears as though it is ok but their presence in my bayes directory could indicate another issue with my MailScanner set-up (this is on my secondary mail server so it sees most of the spam). This 'issue' appears to be that it is taking too long to expire the old records so MailScanner thinks it is hung and restarts??? So, based on some of the reading I did in the archives, I turned of auto_expire in my spam.assassin.prefs file and upped the expire value in my MailScanner.conf file to one day (86400). However, upon further investigation, I noted that many simply turn this feature off in both places and run sa-learn --rebuild --force-expire from a cron job. J Just curious what most of you do? Which is better? We do not have overly busy mail servers ... about 10K per day average. thanks Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/6da85bd4/attachment-0001.html From jra at baylink.com Tue Jun 17 18:20:14 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 18:20:24 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857EB6F.60800@ecs.soton.ac.uk> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com> <20080617141947.GC639@cgi.jachomes.com> <4857EB6F.60800@ecs.soton.ac.uk> Message-ID: <20080617172014.GQ840@cgi.jachomes.com> On Tue, Jun 17, 2008 at 05:50:55PM +0100, Julian Field wrote: > >Sort of. You should run the upgrade script from the new install, > >supplying the old MailScanner.conf as the old file, and the new > >MailScanner.conf file as the "rpmnew" one:-). I *think* the upgrade > >script will instruct you correctly if you run it without an argument. > >It needs the new "default" file so that it can tell what options to > >remove/add from the old one. It will print the new and improved > >version on standard output, so just redirect that to a file > >MailScanner.new, look through that one, so that it looks OK, then move > >it into place on the new install. > It explains all this in pretty straightforward terms when you run it > without any command-line parameters at all. Yes, I'm sure it does. But the instructions only tell you to *run* it if you're doing an in-place upgrade. I wasn't. I was trying to do a parallel install, so I could test it and be able to back out if I screwed something up, as I noted. So I was using the "fresh install" instructions, and they don't mention it, for oblivious raisins. ;-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From Kevin_Miller at ci.juneau.ak.us Tue Jun 17 18:26:34 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 17 18:26:47 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <4857E5A3.9080406@ecs.soton.ac.uk> References: <20080616140331.GA27476@cgi.jachomes.com> <20080616192508.GC28498@cgi.jachomes.com> <4857E5A3.9080406@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Kevin Miller wrote: >> Hmmm - I'm not sure but it sounds like they did a source compile >> installation. > There's no such thing. MailScanner is written in Perl so it's compiled > when you run it. There is no "compiled" version of MailScanner. The > RPM installations use /usr/lib/MailScanner and /etc/MailScanner so as > to follow the Linux standards. The "Other Unix" installation uses > /opt by default as that is usually the best place to put > self-contained packages. You're right (of course!) Poor choice of words on my part - I was trying to distinguish between the tarball flavor vs. a distro specific package but wasn't very clear. Must have been a Monday... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Tue Jun 17 18:34:10 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jun 17 18:34:20 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: <20080617172014.GQ840@cgi.jachomes.com> References: <20080616140331.GA27476@cgi.jachomes.com><20080616192508.GC28498@cgi.jachomes.com><223f97700806170227o3d15890dj7b79ac61d050fa31@mail.gmail.com><20080617141947.GC639@cgi.jachomes.com><4857EB6F.60800@ecs.soton.ac.uk> <20080617172014.GQ840@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: >> It explains all this in pretty straightforward terms when you run it >> without any command-line parameters at all. > > Yes, I'm sure it does. But the instructions only tell you to *run* it > if you're doing an in-place upgrade. > > I wasn't. I was trying to do a parallel install, so I could test it > and be able to back out if I screwed something up, as I noted. So I > was using the "fresh install" instructions, and they don't mention it, > for oblivious raisins. ;-) What I usually do in that situation is to tar up the /etc/MailScanner tree and copy it to the new host, then do the install. The installer will see the old conf & rule files, and create .rpmnew flavors. It won't care that it isn't really already installed. You can then run the upgrade_MailScanner script with expected results. BTY, Julian's published a book on MailScanner - it's worth the price of admission. Especially if you boss is picking up the tab... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Denis.Beauchemin at USherbrooke.ca Tue Jun 17 19:17:08 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 17 19:17:43 2008 Subject: bayes expire questions In-Reply-To: <4857EEE4.1040208@zuka.net> References: <4857EEE4.1040208@zuka.net> Message-ID: <4857FFA4.2090900@USherbrooke.ca> Dave Filchak a ?crit : > I have been trying to figure out the best way to handle > bayes_toks.expire files. I have a large number of them in my bayes > directory (about 1.8 Gb worth) and was trying to understand if it was > OK to delete them. Turns out that it appears as though it is ok but > their presence in my bayes directory could indicate another issue with > my MailScanner set-up (this is on my secondary mail server so it sees > most of the spam). This 'issue' appears to be that it is taking too > long to expire the old records so MailScanner thinks it is hung and > restarts??? So, based on some of the reading I did in the archives, I > turned of auto_expire in my spam.assassin.prefs file and upped the > expire value in my MailScanner.conf file to one day (86400). However, > upon further investigation, I noted that many simply turn this feature > off in both places and run sa-learn --rebuild --force-expire from a > cron job. J > > Just curious what most of you do? Which is better? We do not have > overly busy mail servers ... about 10K per day average. > > thanks > > Dave Dave, I run the following on all my MS boxes: 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn --force-expire;/sbin/service MailScanner start) 2>&1 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From bpirie at rma.edu Tue Jun 17 19:51:21 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jun 17 19:47:40 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <485807A9.3070608@rma.edu> That's fantastic, Jules! I hope a match is found soon, and your recovery goes well. Best wishes for a long life! Brendan Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > From MailScanner at ecs.soton.ac.uk Tue Jun 17 20:01:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 20:01:55 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <48580A11.8020906@ecs.soton.ac.uk> I would just like to take this opportunity to say a very big thank you to all of you for your kind words of encouragement and wishes. It's very much appreciated! I'll try to get my boss to mail the list when I go in for the op, to let you know how I'm doing. I'll get back online briefly once I'm well enough, and say Hi to you all, with liver version 2 inside me :-) Many thanks to all of you! Best regards, Jules. Brendan Pirie wrote: > That's fantastic, Jules! I hope a match is found soon, and your > recovery goes well. Best wishes for a long life! > > Brendan > > Julian Field wrote: >> Folks, >> >> Just wanted to let you know that, as soon as I send back the consent >> forms, I am officially on the waiting list for a liver transplant. >> No holidays or anything now until I get my call... >> >> Fortunately, I have grown a new vein in the last few months that >> means I will just need a new liver and not a small bowel as well, >> which significantly improves my survival chances. This is very good >> news :-) >> >> Wish me luck! >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jra at baylink.com Tue Jun 17 20:02:45 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 17 20:02:57 2008 Subject: Health update In-Reply-To: <485807A9.3070608@rma.edu> References: <4852BC3D.3050802@ecs.soton.ac.uk> <485807A9.3070608@rma.edu> Message-ID: <20080617190245.GC1556@cgi.jachomes.com> On Tue, Jun 17, 2008 at 02:51:21PM -0400, Brendan Pirie wrote: > That's fantastic, Jules! I hope a match is found soon, and your > recovery goes well. Best wishes for a long life! Indeed. Is UNOS, or your national analogue, interested in any testimonial letters? :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From alex at rtpty.com Tue Jun 17 20:10:21 2008 From: alex at rtpty.com (Alex Neuman) Date: Tue Jun 17 20:10:35 2008 Subject: Health update In-Reply-To: <48580A11.8020906@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> <48580A11.8020906@ecs.soton.ac.uk> Message-ID: Hope it's not "Liver Vista"... I hear it's already bloated by the time they install it, and paralyzes your body every time you need to do something unless you fart in approval. On Jun 17, 2008, at 2:01 PM, Julian Field wrote: > I'll try to get my boss to mail the list when I go in for the op, to > let you know how I'm doing. I'll get back online briefly once I'm > well enough, and say Hi to you all, with liver version 2 inside me :-) From richard.frovarp at sendit.nodak.edu Tue Jun 17 20:19:36 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 17 20:19:46 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <48516337.2020203@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <48580E48.8020601@sendit.nodak.edu> Julian Field wrote: > > >> >> > 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? > I've been holding off from a stable release waiting for F-Secure 7.0.1 > keys, but they haven't appeared so I think I'll just put out a stable > release now unless anyone has any strong objections. Speak now or > forever hold thy pieces. > > Jules > Any update on 4.70.5 going stable? From MailScanner at ecs.soton.ac.uk Tue Jun 17 20:29:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 20:30:02 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> Message-ID: <485810AA.5070508@ecs.soton.ac.uk> Richard Frovarp wrote: > Julian Field wrote: >> >> >>> >>> >> 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? >> I've been holding off from a stable release waiting for F-Secure >> 7.0.1 keys, but they haven't appeared so I think I'll just put out a >> stable release now unless anyone has any strong objections. Speak now >> or forever hold thy pieces. >> >> Jules >> > Any update on 4.70.5 going stable? No-one else seems to have said anything, and I've fixed a couple of other things, so how about I put out a stable release (probably 4.70.6) tomorrow morning (GMT)? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 17 21:05:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 17 21:06:07 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released Message-ID: <4858191B.4010103@ecs.soton.ac.uk> I have just released the latest stable version of MailScanner, version 4.70.6. The main new features this time are: - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. - New setting "Dont Sign HTML If Headers Exist" to provide finer control over placement of HTML signatures. - All known problems with Watermarks fixed. - Improvements to filename and filetype checks to allow for common mistakes in filename patterns. - Added "ID Header" setting to allow the X-MailScanner-ID: header to be customised or removed. - Minor improvements to the phishing net. - Improvement to checking of "Sophos Allowed Error Messages". Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Improvement to OLE document unpacking code, more likely to extract embedded files correctly. 1 Added new setting "Dont Sign HTML If Headers Exist" to provide finer control over placement of HTML signatures. If any of the named headers exist in the message, the message is deemed to be a "reply", and so the HTML signature is not attached. By default this functionality is switched off by not specifying any header names. 2 Improvement to Filename and Filetype checks to catch mistakenly starting a regular expression with a "*" on its own, as in "*.pdf" or just "*". 2 Improved message reporting when Sophos finds password-protected zip archives. 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to upgrade your ClamAV+SpamAssassin installation, using the download package I provide. 3 Improved update_bad_phishing_sites to support proxy_* environment variables. Thanks to Heinz.Knutzen@dataport.de for this. 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV 0.22. 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in SpamAssassin by default now. 3 Improvements to handling of Watermarks to resolve various problems with them. 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install package. 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. Thanks to Anthony Cartmell for this idea. 6 Changed Watermarking, so it only checks if there was a SMTP client IP address as we don't want to block messages we generated on the MailScanner server. 6 Added "ID Header" setting so that you can choose whether or not you want the header showing the MailScanner message id value. If you don't want the header then set this to be blank. 6 Minor improvement to link detection in the phishing net. * Fixes * 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. 2 Fixed output text error in upgrade_MailScanner_conf. 3 Bugfixes to Watermark handling and logging. 4 More fixes to Watermark handling. 5 More fixes to Watermark handling, and a minor header change. 6 Made check for Sophos Allowed Error Messages case-insensitive. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Jun 17 21:20:40 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 17 21:21:05 2008 Subject: BAYES_00 is killing me In-Reply-To: <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> References: <2baac6140806160628w3da668f3n1b3a6dca614b9389@mail.gmail.com> <2baac6140806161224w3e3a60b4s51c39afc079a40c5@mail.gmail.com> <223f97700806161312q12e1d85dm4537783336f60065@mail.gmail.com> <2baac6140806161403j7a8ca3b1ja4ace4e0dfff9dbc@mail.gmail.com> <223f97700806161516n199d18c3m428831ba13b93199@mail.gmail.com> <223f97700806170211k2c7db4e1t2812383d065c5417@mail.gmail.com> <2baac6140806170519s577eca6bp44a0097857381e66@mail.gmail.com> <223f97700806170651p182835b9l80953743864bd563@mail.gmail.com> <2baac6140806170711g4963c7f7r5289e71007523050@mail.gmail.com> <223f97700806170739y5e767004x5a7549323bfe3a1@mail.gmail.com> <2baac6140806170909l2ac9863o511339467e6a147b@mail.gmail.com> Message-ID: <> > -- Glenn > > > Here are paths: > > // Paths > define(MAILWATCH_HOME, '/var/www/html/mailscanner'); > define(MS_CONFIG_DIR, '/etc/MailScanner/'); > define(MS_LIB_DIR, '/usr/lib/MailScanner/'); > define(CACHE_DIR, './images/cache/'); // JpGraph cache > define(TTF_DIR,'./jpgraph/fonts/'); // JpGraph fonts > define(SA_DIR,'/usr/bin/'); > define(SA_RULES_DIR, '/usr/share/spamassassin/'); > define(SA_PREFS, MS_CONFIG_DIR.'spam.assassin.prefs.conf'); > define(FPDF_FONTPATH,'./fpdf/font/'); > Hey guys! How about a little message grooming? ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080617/520a1465/signature.bin From donnieq at quindardonet.net Tue Jun 17 22:55:40 2008 From: donnieq at quindardonet.net (Donnie D. Quindardo) Date: Tue Jun 17 22:57:53 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: <4858191B.4010103@ecs.soton.ac.uk> References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <485832DC.4020802@quindardonet.net> Hi Jules, Best of luck with the operation and future health. Thank you for your help on my previous questions. One other thing that I've been pondering: - I currently use CentOS and was wondering if extracting the mailscanner*.rpm from the stable download tar.gz file and running rpm -Uvh mailscanner*.rpm would be okay? Thanks, Don Q. Julian Field wrote: > I have just released the latest stable version of MailScanner, version > 4.70.6. > > The main new features this time are: > - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. > - New setting "Dont Sign HTML If Headers Exist" to provide finer control > over placement of HTML signatures. > - All known problems with Watermarks fixed. > - Improvements to filename and filetype checks to allow for common > mistakes in filename patterns. > - Added "ID Header" setting to allow the X-MailScanner-ID: header to be > customised or removed. > - Minor improvements to the phishing net. > - Improvement to checking of "Sophos Allowed Error Messages". > > Download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > 1 Improvement to OLE document unpacking code, more likely to extract > embedded > files correctly. > 1 Added new setting "Dont Sign HTML If Headers Exist" to provide finer > control > over placement of HTML signatures. If any of the named headers exist in > the message, the message is deemed to be a "reply", and so the HTML > signature is not attached. By default this functionality is switched off > by not specifying any header names. > 2 Improvement to Filename and Filetype checks to catch mistakenly > starting a > regular expression with a "*" on its own, as in "*.pdf" or just "*". > 2 Improved message reporting when Sophos finds password-protected zip > archives. > 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to > upgrade your > ClamAV+SpamAssassin installation, using the download package I provide. > 3 Improved update_bad_phishing_sites to support proxy_* environment > variables. > Thanks to Heinz.Knutzen@dataport.de for this. > 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV 0.22. > 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in > SpamAssassin by default now. > 3 Improvements to handling of Watermarks to resolve various problems > with them. > 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install package. > 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. > Thanks > to Anthony Cartmell for this idea. > 6 Changed Watermarking, so it only checks if there was a SMTP client IP > address > as we don't want to block messages we generated on the MailScanner server. > 6 Added "ID Header" setting so that you can choose whether or not you want > the header showing the MailScanner message id value. If you don't want the > header then set this to be blank. > 6 Minor improvement to link detection in the phishing net. > > * Fixes * > 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. > 2 Fixed output text error in upgrade_MailScanner_conf. > 3 Bugfixes to Watermark handling and logging. > 4 More fixes to Watermark handling. > 5 More fixes to Watermark handling, and a minor header change. > 6 Made check for Sophos Allowed Error Messages case-insensitive. > > Jules > From lists at designmedia.com Tue Jun 17 23:59:23 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 17 23:59:48 2008 Subject: What is the best way to collect SPAM from users? References: <48469ABC.6010208@gmail.com> Message-ID: Yashodhan Barve gmail.com> writes: > I was thinking of having a common mailbox in exchange to which users > would move SPAM & HAM and then I would POP it and feed it to sa-learn. > > So what is a good approach that works? and how do I automate it? Hi, What did you end up doing? I'm trying to figure out how to do the same thing on my Exchange 2007 setup. I've setup a public folder that my users can dump ham/spam into but I'm not sure what the next step is. How do I enable that public folder for IMAP so I can run some of the scripts that everyone mentions whenever I google? Or alternative, how I convert all of the .msg's into a format that sa-learn can use? Thanks. From ram at netcore.co.in Wed Jun 18 06:31:01 2008 From: ram at netcore.co.in (ram) Date: Wed Jun 18 06:31:16 2008 Subject: Disabling sare updates via sa-update In-Reply-To: References: Message-ID: <1213767061.14722.37.camel@localhost.localdomain> On Tue, 2008-06-17 at 15:11 +0100, Martin.Hepworth wrote: > Ram > > This is a sa-update issue nothing to do with mailscanner.. > > -- But sa-update is run automatically by Mailscanner From lists at designmedia.com Wed Jun 18 06:43:41 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 18 06:44:03 2008 Subject: Moving spam/ham from public folders into MailScanner for learning? Message-ID: Hi, Am in the final stages of tweaking the MailScanner/Exchange2K7 config. Have set up public folders ("spam" & "ham") so users can move their messages for learning. Not sure how to move them from the public folder into the MailScanner box so I can run sa-learn. Have seen references to several perl/python scripts that will do the job but don't know where they reside or if they will work with Exchange 2007 public folders. I think I have to mail-enable the public folders and also add a normal IMAP connector (since it's Secure IMAP only by default). Any links or tips would be appreciated. Thanks. From mailwatch.kp at gmail.com Wed Jun 18 08:27:44 2008 From: mailwatch.kp at gmail.com (vinayan KP) Date: Wed Jun 18 08:27:54 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> Message-ID: <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> Sir, I am trying to fix the problem of mailscanner+spamassassin installed on my new postfix server not detecting mails with low SA score as spam. But I can see my old mailscanner which receives mails and forwards it to new postfix server detects them as spam and tags them {Spam?}. I am saying a sorry in advance that I won't be able to try your suggestions the same day and respond with results. I will be able to do whatever you suggest when I get enough time. I have been suggested by Mr.Scott to install pyzor, set the bayes file path, permission for the beyes files, then do sa-learn etc and I have done all of them. Still my new mailscanner+spamassassin dont detect low scoring spams which my older mailscanner+spamassassing sytem detects. Please see the mails below this, which contains the outputs of: spamassassin -D --ling spamassasin --dump magic . Now I am getting [15396] dbg: rules: local tests only, ignoring RBL eval When I run a # spamassassin -D --lint or # spamassassin -D --ling < ..messages I use the following postfix.2.3.2-28 Spamassassin.3.1.6-15 MailScanner 4.58.9 on SUSE 10.2 >From various posting I learnd that the -L option for spamd has to be removed for spamassassin to do netword tests. I removed the -L option the and ps aux shows as follows: (On another system with SUSE 10.1 with spamassassin.3.1.1, it does network checks and I can see that in spamassassin -D --lint but not with spamassassin.3.1.6-15) mail:/usr/lib # ps aux | grep spamd root 13965 0.0 1.2 27832 25164 ? Ss 11:32 0:00 /usr/sbin/spamd -d -c -r /var/run/spamd.pid root 13967 0.0 1.2 29472 26712 ? S 11:32 0:00 spamd child root 13968 0.0 1.1 27832 23512 ? S 11:32 0:00 spamd child root 15642 0.0 0.0 1960 672 pts/1 S+ 12:14 0:00 grep spamd Could someone please help me so that I can get rid of the old MailScanner computer which is almost 7 years old and is giving problems. regards Vinu On Mon, Jun 16, 2008 at 12:02 PM, vinayan KP wrote: > Sir, > I sent the following reply 12 days back and I was wondering why I was > not getting any reply. Noticed the bounced messages saying my mail > exceeded the limit and I guess it was because of the attachement to > show how my existing mailscanner before my posftix server. > > Hope some one will have time to go through it and guide me... > > Regards > Vinau > > > ---------- Forwarded message ---------- > From: vinayan KP > Date: Thu, Jun 5, 2008 at 3:59 PM > Subject: Re: Help with spamassassin+mailscanner > To: MailScanner discussion > > > Sir, > Sorry for the delayed response. I could work on the issue only day > before afte I received your suggestions and I did the fillowing as per > your mails. But still Mails with low SA Score gets through as clean > mail. > > (I get to knwo this because of the following : For us the mails are > received by a system that runs mailscanner, which was installed more > than 4 years back by a private party and they charge for configuring > and maintaining it. Earlier we were using a qmail system and the > private party could not configure mailscanner for qmail on the mail > server (again managed by another private party on contract). So they > installed it on a separate system which would receive all the mails > for our domain and do the spam check, tag the subject line and then > forward it to the mail server. This old mailscanner still works well > and catches low and high scoring mails properly. About 18 months back > the old qmail server had a problem and I installed a new mail server > using postfix. Now the old mailscanner system is started showing > problems which made me to install mailscanner, clamave and > spamassassin on the new postfix server. My new mailscanner on the new > postfix (for which i am asking my doubts) system catchs only those > mails where SA score is > Required SpamAssassin Score (i set is as > 3). But I can see the old mailscanner catches mails where SA score is > < Required SpamAssassin Score = 3 > and tags it as {Spam?} and when that mails reaches the new postfix > server, the mailscanner on it lets the mail go as clean!!! I am > attaching a screen shot of the mailwatch which shows this). > > I did the followign as per your mail: > > (1) > Installed pysor > ------------------------------------------------------------------------------------------------------------------------------------ > (2) set the bays path and permissions: > > I set the bayes_pasth in /etc/MailScanner/spam.assassin.prefs.conf > and restarted spamd and MailScanner: > > bayes_path /var/spool/MailScanner/spamassassin/bayes > > This created the bayes_* files in > /var/spool/MailScanner/spamassassin/ and the permissions are ass > follows, where spamassing is run by spamuser : > > mail:/var/spool/MailScanner # ls -l > total 12 > drwx------ 7 postfix postfix 4096 Jun 5 14:30 incoming > drwx------ 113 postfix www 4096 Jun 5 06:14 quarantine > drwxr-xr-x 2 postfix postfix 4096 Jun 4 15:49 spamassassin > > mail:/var/spool/MailScanner/spamassassin # ls -l > total 11732 > -rw------- 1 spamuser postfix 1134 Jun 5 14:30 bayes.mutex > -rw-rw---- 1 spamuser postfix 104928 Jun 5 14:30 bayes_journal > -rw------- 1 spamuser postfix 10416128 Jun 5 13:59 bayes_seen > -rw-rw---- 1 spamuser postfix 5455872 Jun 5 14:30 bayes_toks > > ------------------------------------------------------------------------------------------------------------------------------------ > (3) Trained spamassassin+mailscaner > > Ran the sa-learn as follows : > > mail:/ # sa-learn --no-sync --spam /home/user1/Maildir/.spam/cur/ > Learned tokens from 1388 message(s) (1388 message(s) examined) > > > mail:/ # sa-learn --no-sync --ham /home/user1/Maildir/cur/ > Learned tokens from 438 message(s) (459 message(s) examined) > > > ------------------------------------------------------------------------------------------------------------------------------------ > > > Ran spamassassin -D - - lint and didnt show any error or warning : > > mail:/etc/MailScanner # spamassassin -D --lint > > [23477] dbg: logger: adding facilities: all > [23477] dbg: logger: logging level is DBG > [23477] dbg: generic: SpamAssassin version 3.1.6 > [23477] dbg: config: score set 0 chosen. > [23477] dbg: util: running in taint mode? yes > [23477] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [23477] dbg: util: PATH included '/sbin', keeping > [23477] dbg: util: PATH included '/usr/sbin', keeping > [23477] dbg: util: PATH included '/usr/local/sbin', keeping > [23477] dbg: util: PATH included '/opt/gnome/sbin', keeping > [23477] dbg: util: PATH included '/root/bin', keeping > [23477] dbg: util: PATH included '/usr/local/bin', keeping > [23477] dbg: util: PATH included '/usr/bin', keeping > [23477] dbg: util: PATH included '/usr/X11R6/bin', keeping > [23477] dbg: util: PATH included '/bin', keeping > [23477] dbg: util: PATH included '/usr/games', keeping > [23477] dbg: util: PATH included '/opt/gnome/bin', keeping > [23477] dbg: util: PATH included '/opt/kde3/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/mit/bin', keeping > [23477] dbg: util: PATH included '/usr/lib/mit/sbin', keeping > [23477] dbg: util: PATH included '/usr/lib/qt3/bin', keeping > [23477] dbg: util: final PATH set to: > /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin > [23477] dbg: message: ---- MIME PARSER START ---- > [23477] dbg: message: main message type: text/plain > [23477] dbg: message: parsing normal part > [23477] dbg: message: added part, type: text/plain > [23477] dbg: message: ---- MIME PARSER END ---- > [23477] dbg: dns: is Net::DNS::Resolver available? yes > [23477] dbg: dns: Net::DNS version: 0.59 > [23477] dbg: diag: perl platform: 5.008008 linux > [23477] dbg: diag: module installed: Digest::SHA1, version 2.11 > [23477] dbg: diag: module installed: HTML::Parser, version 3.55 > [23477] dbg: diag: module installed: MIME::Base64, version 3.07 > [23477] dbg: diag: module installed: DB_File, version 1.814 > [23477] dbg: diag: module installed: Net::DNS, version 0.59 > [23477] dbg: diag: module installed: Net::SMTP, version 2.29 > [23477] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) > [23477] dbg: diag: module not installed: IP::Country::Fast ('require' failed) > [23477] dbg: diag: module not installed: Razor2::Client::Agent > ('require' failed) > [23477] dbg: diag: module not installed: Net::Ident ('require' failed) > [23477] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) > [23477] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) > [23477] dbg: diag: module installed: Time::HiRes, version 1.86 > [23477] dbg: diag: module installed: DBI, version 1.52 > [23477] dbg: diag: module installed: Getopt::Long, version 2.35 > [23477] dbg: diag: module installed: LWP::UserAgent, version 2.033 > [23477] dbg: diag: module installed: HTTP::Date, version 1.47 > [23477] dbg: diag: module installed: Archive::Tar, version 1.30 > [23477] dbg: diag: module installed: IO::Zlib, version 1.04 > [23477] dbg: ignore: using a test message to lint rules > [23477] dbg: config: using "/etc/mail/spamassassin" for site rules pre files > [23477] dbg: config: read file /etc/mail/spamassassin/init.pre > [23477] dbg: config: read file /etc/mail/spamassassin/v310.pre > [23477] dbg: config: read file /etc/mail/spamassassin/v312.pre > [23477] dbg: config: using "/usr/share/spamassassin" for sys rules pre files > [23477] dbg: config: using "/usr/share/spamassassin" for default rules dir > [23477] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [23477] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [23477] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [23477] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [23477] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [23477] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [23477] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf > [23477] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [23477] dbg: config: read file /etc/mail/spamassassin/local.cf > [23477] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d728c) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa404) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [23477] dbg: pyzor: local tests only, disabling Pyzor > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9110c64) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [23477] dbg: razor2: local tests only, skipping Razor > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcecc) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [23477] dbg: reporter: local tests only, disabling SpamCop > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df794) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [23477] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a478) > [23477] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917971c) > [23477] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185ed4) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192b04) > [23477] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [23477] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) > [23477] dbg: config: adding redirector regex: > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [23477] dbg: config: adding redirector regex: > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [23477] dbg: config: adding redirector regex: > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [23477] dbg: config: adding redirector regex: > m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i > [23477] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b86c) implements > 'finish_parsing_end' > [23477] dbg: replacetags: replacing tags > [23477] dbg: replacetags: done replacing tags > [23477] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_toks > [23477] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_seen > [23477] dbg: bayes: found bayes db version 3 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: config: score set 2 chosen. > [23477] dbg: message: ---- MIME PARSER START ---- > [23477] dbg: message: main message type: text/plain > [23477] dbg: message: parsing normal part > [23477] dbg: message: added part, type: text/plain > [23477] dbg: message: ---- MIME PARSER END ---- > [23477] dbg: dns: is DNS available? 0 > [23477] dbg: metadata: X-Spam-Relays-Trusted: > [23477] dbg: metadata: X-Spam-Relays-Untrusted: > [23477] dbg: metadata: X-Spam-Relays-Internal: > [23477] dbg: metadata: X-Spam-Relays-External: > [23477] dbg: message: no encoding detected > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'parsed_metadata' > [23477] dbg: rules: local tests only, ignoring RBL eval > [23477] dbg: check: running tests for priority: 0 > [23477] dbg: rules: running header regexp tests; score so far=0 > [23477] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > [23477] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: > "1212657279" > [23477] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > "<1212657279@lint_rules> > [23477] dbg: rules: " > [23477] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: > "@lint_rules>" > [23477] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org > [23477] dbg: eval: all '*To' addrs: > [23477] dbg: rules: ran eval rule NO_RELAYS ======> got hit > [23477] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit > [23477] dbg: rules: running body-text per-line regexp tests; score so far=-0.001 > [23477] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > [23477] dbg: uri: running uri tests; score so far=-0.001 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: bayes: corpus size: nspam = 32262, nham = 41823 > [23477] dbg: bayes: score = 0.155182683190695 > [23477] dbg: bayes: DB expiry: tokens in DB: 145489, Expiry max size: > 150000, Oldest atime: 1211879603, Newest atime: 1212656437, Last > expire: 1212572821, Current time: 1212657280 > [23477] dbg: bayes: DB journal sync: last sync: 1212657053 > [23477] dbg: bayes: untie-ing > [23477] dbg: bayes: untie-ing db_toks > [23477] dbg: bayes: untie-ing db_seen > [23477] dbg: rules: ran eval rule BAYES_20 ======> got hit > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=-0.741 > [23477] dbg: rules: running full-text regexp tests; score so far=-0.741 > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'check_tick' > [23477] dbg: check: running tests for priority: 500 > [23477] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f04c) implements > 'check_post_dnsbl' > [23477] dbg: rules: running meta tests; score so far=-0.741 > [23477] info: rules: meta test DIGEST_MULTIPLE has undefined > dependency 'DCC_CHECK' > [23477] dbg: rules: running header regexp tests; score so far=1.416 > [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 > [23477] dbg: uri: running uri tests; score so far=1.416 > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=1.416 > [23477] dbg: rules: running full-text regexp tests; score so far=1.416 > [23477] dbg: check: running tests for priority: 1000 > [23477] dbg: rules: running meta tests; score so far=1.416 > [23477] dbg: rules: running header regexp tests; score so far=1.416 > [23477] dbg: rules: running body-text per-line regexp tests; score so far=1.416 > [23477] dbg: uri: running uri tests; score so far=1.416 > [23477] dbg: rules: running raw-body-text per-line regexp tests; score > so far=1.416 > [23477] dbg: rules: running full-text regexp tests; score so far=1.416 > [23477] dbg: check: is spam? score=1.416 required=3 > [23477] dbg: check: > tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [23477] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > --------------------------------------------------------------------------------------------------------------------------------- > Then I set the following in /etc/MailScanner/MailScanner.conf and > restarted MailScanner: > > Spam Checks = yes > Spam List = spamhaus.org SBL+XBL > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 2 > > -------------------------------------------------------------------------------------------------------------------------------- > My /etc/MailScanner/MailScanner.conf is as follows: > > %org-name% = < This i am not giving> > %org-long-name% = < this i am not giving > > %web-site% = www.your-organisation.com > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/en > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > > > > > Max Children = 5 > Run As User = postfix > Run As Group = postfix > Queue Scan Interval = 6 > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = postfix > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > > > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = root > Quarantine Group = www > Quarantine Permissions = 0660 > > > > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Max Normal Queue Size = 800 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 2 > Find Archives By Content = yes > > Virus Scanning = yes > Virus Scanners = clamav > Virus Scanner Timeout = 300 > Deliver Disinfected Files = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = no > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/local/Sophos/ide > Sophos Lib Dir = /usr/local/Sophos/lib > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum Compression Ratio = 250 > > > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > > > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.rules.conf > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > > Quarantine Infections = yes > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > > Stored Bad Content Message Report = %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > > Disinfected Report = %report-dir%/disinfected.report.txt > > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 5 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet > E-Mail Service Provider for details > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > > > Scanned Subject Text = {Scanned} > Virus Modify Subject = start > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = start > High Scoring Spam Subject Text = {Spam?} > > Warning Is Attachment = yes > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = ISO-8859-1 > Archive Mail = > Send Notices = yes > Notices Include Full Headers = yes > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = postmaster > Local Postmaster = postmaster > > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = spamhaus.org SBL+XBL > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 2 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Max Spam Check Size = 150000 > > Use SpamAssassin = yes > Max SpamAssassin Size = 40k > Required SpamAssassin Score = 3 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > > MCP Modify Subject = start > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {MCP?} > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.58.9 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > > Always Looked Up Last = &MailWatchLogging > Always Looked Up Last After Batch = no > Deliver In Background = yes > > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions > Lock Type = > Minimum Code Status = supported > > -------------------------------------------------------------------------------------------------------------------------------------- > My /etc/MailScanner/spam.assassin.prefs.conf is as follows: > > dns_available yes > bayes_path /var/spool/MailScanner/spamassassin/bayes > bayes_file_mode 0770 > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information > > lock_method flock > > use_auto_whitelist 0 > > ifplugin Mail::SpamAssassin::Plugin::Pyzor > pyzor_path /usr/local/bin/pyzor > endif > > ifplugin Mail::SpamAssassin::Plugin::DCC > dcc_path /usr/local/bin/dccproc > endif > > score RCVD_IN_BL_SPAMCOP_NET 4 > > envelope_sender_header X-MailScanner-From > > ------------------------------------------------------------------------------------------------------------------------------------- > sa-learn --dump magic -D shows the follows: > > mail:/var/spool/MailScanner/spamassassin # sa-learn --dump magic -D > > [27360] dbg: logger: adding facilities: all > [27360] dbg: logger: logging level is DBG > [27360] dbg: generic: SpamAssassin version 3.1.6 > [27360] dbg: config: score set 0 chosen. > [27360] dbg: util: running in taint mode? yes > [27360] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [27360] dbg: util: PATH included '/sbin', keeping > [27360] dbg: util: PATH included '/usr/sbin', keeping > [27360] dbg: util: PATH included '/usr/local/sbin', keeping > [27360] dbg: util: PATH included '/opt/gnome/sbin', keeping > [27360] dbg: util: PATH included '/root/bin', keeping > [27360] dbg: util: PATH included '/usr/local/bin', keeping > [27360] dbg: util: PATH included '/usr/bin', keeping > [27360] dbg: util: PATH included '/usr/X11R6/bin', keeping > [27360] dbg: util: PATH included '/bin', keeping > [27360] dbg: util: PATH included '/usr/games', keeping > [27360] dbg: util: PATH included '/opt/gnome/bin', keeping > [27360] dbg: util: PATH included '/opt/kde3/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/mit/bin', keeping > [27360] dbg: util: PATH included '/usr/lib/mit/sbin', keeping > [27360] dbg: util: PATH included '/usr/lib/qt3/bin', keeping > [27360] dbg: util: final PATH set to: > /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin > [27360] dbg: message: ---- MIME PARSER START ---- > [27360] dbg: message: main message type: text/plain > [27360] dbg: message: parsing normal part > [27360] dbg: message: added part, type: text/plain > [27360] dbg: message: ---- MIME PARSER END ---- > [27360] dbg: dns: is Net::DNS::Resolver available? yes > [27360] dbg: dns: Net::DNS version: 0.59 > [27360] dbg: config: using "/etc/mail/spamassassin" for site rules pre files > [27360] dbg: config: read file /etc/mail/spamassassin/init.pre > [27360] dbg: config: read file /etc/mail/spamassassin/v310.pre > [27360] dbg: config: read file /etc/mail/spamassassin/v312.pre > [27360] dbg: config: using "/usr/share/spamassassin" for sys rules pre files > [27360] dbg: config: using "/usr/share/spamassassin" for default rules dir > [27360] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [27360] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [27360] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [27360] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [27360] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [27360] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [27360] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf > [27360] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [27360] dbg: config: read file /etc/mail/spamassassin/local.cf > [27360] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f090) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e115ec) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e34804) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [27360] dbg: pyzor: network tests on, attempting Pyzor > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e3a0bc) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [27360] dbg: razor2: razor2 is not available > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13f68) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [27360] dbg: reporter: network tests on, attempting SpamCop > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3f54) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [27360] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b2d4) > [27360] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043ef8) > [27360] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f50) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052c34) > [27360] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [27360] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) > [27360] dbg: config: adding redirector regex: > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [27360] dbg: config: adding redirector regex: > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [27360] dbg: config: adding redirector regex: > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [27360] dbg: config: adding redirector regex: > m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i > [27360] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i > [27360] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9065fb0) implements > 'finish_parsing_end' > [27360] dbg: replacetags: replacing tags > [27360] dbg: replacetags: done replacing tags > [27360] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_toks > [27360] dbg: bayes: tie-ing to DB file R/O > /var/spool/MailScanner/spamassassin/bayes_seen > [27360] dbg: bayes: found bayes db version 3 > [27360] dbg: bayes: DB journal sync: last sync: 1212657053 > [27360] dbg: config: score set 3 chosen. > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 32262 0 non-token data: nspam > 0.000 0 41829 0 non-token data: nham > 0.000 0 145597 0 non-token data: ntokens > 0.000 0 1211879603 0 non-token data: oldest atime > 0.000 0 1212660698 0 non-token data: newest atime > 0.000 0 1212657053 0 non-token data: last journal sync atime > 0.000 0 1212572821 0 non-token data: last expiry atime > 0.000 0 691200 0 non-token data: last expire atime delta > 0.000 0 59972 0 non-token data: last expire > reduction count > [27360] dbg: bayes: untie-ing > [27360] dbg: bayes: untie-ing db_toks > [27360] dbg: bayes: untie-ing db_seen > > > ------------------------------------------------------------------------------------------------------------------------------------- > > Please help me so that i can fix my mailscanner to catch low scoring > spams. Also please tell me how do i know whether mailscanner is using > and checking the lists specified in SPAM LIST. I can not see any > error in /var/log/mail. > > I can see spamd entries getting logged only when our users send mails, > not when receiving mails from outside like the following: > > ----------------------------------------- > Jun 5 15:32:39 mail spamd[23430]: spamd: result: . -3 - > ALL_TRUSTED,BAYES_00 > scantime=0.6,size=2036,user=spamuser,uid=3000,required_score=3.0, > rhost=localhost,raddr=127.0.0.1,rport=27589,mid=<1675.122.163.77.164.1212660155. > squirrel@mail.econdse.org>,bayes=5.55111512312578e-17,autolearn=ham > -------------------------------------------------------------------------------- > > Hope you would be kind enough to go through my mail and help me out. > > Regards > vinu > > > > > > > > On Tue, May 27, 2008 at 8:49 PM, Scott Silva wrote: >> Comments are inline ... >> >>> Dear all, >>> I am just a beginner to postfix,spamassassin,Mailscanner and >>> mailwatch. I recently installed a mail server with the following and >>> is working fine except for one problem that mailscanner+spamassassin >>> combination is not detecting mails with SA Score lower than the >>> Required Spamassassin score ( I use 3) as spam though they are >>> definitely spam. The mailscanner+spamassassin combination tags mails >>> with SA score greater than the Required Spamassassin score as spam. >>> >>> postfix.2.3.2-28 >>> Spamassassin.3.1.6-15 >>> MailScanner 4.58.9 >> >> All older versions of the software. It might be adding to your problems. >>> >>> I have been reading different posts on mailscanner and about >>> spamassassin to understand why low scoring mails are not detected as >>> spam by mailscanner+spamassassin. >>> >>> The following are the things I could find out . >>> >>> 1. The headers of mails does not contain "autolearn=spam" in the mail >>> header and rest of the fields are there. (See below) >>> >>> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >>> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09, >>> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00, >>> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12, >>> INFO_TLD 1.27) >>> >>> 2. the /root/.spamassassin folder does not contain any bayes related >>> database. >> >> When running with postfix, MailScanner runs as postfix and cannot access the >> /root directory. Maybe you missed some steps in the postfix howtos. >> http://www.mailscanner.info/postfix.html and >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation >> You need the bayes directory somewhere that the postfix user can access. >> >> Maybe Glenn will chime in here. >> >> >>> >>> 3. I could not see anything in /var/log/mail which says mailscanner >>> is checking the Spam Lists. >>> >>> *********************************************** >>> When I tried to test the spamassassin configuration with "spamassassin >>> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please >>> rerun with debug enabled for more information" >>> >>> Please see the result below. : >>> >>> >>> --------------------------------------------------------------------------------------------- >>> mail:/etc/MailScanner # spamassassin -D --lint >>> >>> [4882] dbg: logger: adding facilities: all >>> [4882] dbg: logger: logging level is DBG >>> [4882] dbg: generic: SpamAssassin version 3.1.6 >>> [4882] dbg: config: score set 0 chosen. >>> [4882] dbg: util: running in taint mode? yes >>> [4882] dbg: util: taint mode: deleting unsafe environment variables, >>> resetting PATH >>> [4882] dbg: util: PATH included '/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/local/sbin', keeping >>> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping >>> [4882] dbg: util: PATH included '/root/bin', keeping >>> [4882] dbg: util: PATH included '/usr/local/bin', keeping >>> [4882] dbg: util: PATH included '/usr/bin', keeping >>> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping >>> [4882] dbg: util: PATH included '/bin', keeping >>> [4882] dbg: util: PATH included '/usr/games', keeping >>> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping >>> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >>> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >>> [4882] dbg: util: final PATH set to: >>> >>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >>> [4882] dbg: message: ---- MIME PARSER START ---- >>> [4882] dbg: message: main message type: text/plain >>> [4882] dbg: message: parsing normal part >>> [4882] dbg: message: added part, type: text/plain >>> [4882] dbg: message: ---- MIME PARSER END ---- >>> [4882] dbg: dns: is Net::DNS::Resolver available? yes >>> [4882] dbg: dns: Net::DNS version: 0.59 >>> [4882] dbg: diag: perl platform: 5.008008 linux >>> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11 >>> [4882] dbg: diag: module installed: HTML::Parser, version 3.55 >>> [4882] dbg: diag: module installed: MIME::Base64, version 3.07 >>> [4882] dbg: diag: module installed: DB_File, version 1.814 >>> [4882] dbg: diag: module installed: Net::DNS, version 0.59 >>> [4882] dbg: diag: module installed: Net::SMTP, version 2.29 >>> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require' >>> failed) >>> [4882] dbg: diag: module not installed: IP::Country::Fast ('require' >>> failed) >>> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' >>> failed) >>> [4882] dbg: diag: module not installed: Net::Ident ('require' failed) >>> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' >>> failed) >>> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >>> [4882] dbg: diag: module installed: Time::HiRes, version 1.86 >>> [4882] dbg: diag: module installed: DBI, version 1.52 >>> [4882] dbg: diag: module installed: Getopt::Long, version 2.35 >>> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033 >>> [4882] dbg: diag: module installed: HTTP::Date, version 1.47 >>> [4882] dbg: diag: module installed: Archive::Tar, version 1.30 >>> [4882] dbg: diag: module installed: IO::Zlib, version 1.04 >>> [4882] dbg: ignore: using a test message to lint rules >>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre >>> files >>> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre >>> files >>> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir >>> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [4882] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >>> [4882] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir >>> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [4882] dbg: pyzor: local tests only, disabling Pyzor >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [4882] dbg: razor2: local tests only, skipping Razor >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [4882] dbg: reporter: local tests only, disabling SpamCop >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8) >>> [4882] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c) >>> [4882] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >>> @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844) >>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >>> @INC >>> [4882] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >>> [4882] dbg: config: adding redirector regex: >>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >>> [4882] dbg: config: adding redirector regex: >>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >>> [4882] dbg: config: adding redirector regex: >>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >>> [4882] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [4882] warn: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements >>> 'finish_parsing_end' >>> [4882] dbg: replacetags: replacing tags >>> [4882] dbg: replacetags: done replacing tags >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >> >> Here is your error. Mailscanner running as postfix cannot access /root >> directory. You need to set a bayes path somewhere that postfix has access, >> and then you will need to do some training. >> >>> [4882] dbg: config: score set 0 chosen. >>> [4882] dbg: message: ---- MIME PARSER START ---- >>> [4882] dbg: message: main message type: text/plain >>> [4882] dbg: message: parsing normal part >>> [4882] dbg: message: added part, type: text/plain >>> [4882] dbg: message: ---- MIME PARSER END ---- >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [4882] dbg: dns: is DNS available? 0 >>> [4882] dbg: metadata: X-Spam-Relays-Trusted: >>> [4882] dbg: metadata: X-Spam-Relays-Untrusted: >>> [4882] dbg: metadata: X-Spam-Relays-Internal: >>> [4882] dbg: metadata: X-Spam-Relays-External: >>> [4882] dbg: message: no encoding detected >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'parsed_metadata' >>> [4882] dbg: rules: local tests only, ignoring RBL eval >>> [4882] dbg: check: running tests for priority: 0 >>> [4882] dbg: rules: running header regexp tests; score so far=0 >>> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" >>> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: >>> "1211883990" >>> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit: >>> "<1211883990@lint_rules> >>> [4882] dbg: rules: " >>> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: >>> "@lint_rules>" >>> [4882] dbg: eval: all '*From' addrs: >>> ignore@compiling.spamassassin.taint.org >>> [4882] dbg: eval: all '*To' addrs: >>> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit >>> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=-0.001 >>> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" >>> [4882] dbg: uri: running uri tests; score so far=-0.001 >>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [4882] dbg: bayes: not scoring message, returning undef >>> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=-0.001 >>> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001 >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'check_tick' >>> [4882] dbg: check: running tests for priority: 500 >>> [4882] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements >>> 'check_post_dnsbl' >>> [4882] dbg: rules: running meta tests; score so far=-0.001 >>> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency >>> 'DCC_CHECK' >>> [4882] dbg: rules: running header regexp tests; score so far=1.866 >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=1.866 >>> [4882] dbg: uri: running uri tests; score so far=1.866 >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=1.866 >>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >>> [4882] dbg: check: running tests for priority: 1000 >>> [4882] dbg: rules: running meta tests; score so far=1.866 >>> [4882] dbg: rules: running header regexp tests; score so far=1.866 >>> [4882] dbg: rules: running body-text per-line regexp tests; score so >>> far=1.866 >>> [4882] dbg: uri: running uri tests; score so far=1.866 >>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score >>> so far=1.866 >>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866 >>> [4882] dbg: check: is spam? score=1.866 required=5 >>> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE >>> [4882] dbg: check: >>> >>> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >>> [4882] warn: lint: 1 issues detected, please rerun with debug enabled >>> for more information >>> >>> >>> ------------------------------------------------------------------------------------------------------------------------------------------------------ >>> >>> Is the warning because of >>> >>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [4882] warn: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> >>> and can I ignore it?? ( I dont have pyzor installed. Is it a must to >>> have pyzor installed??) >> >> Either install pyzor, or disable the plugin line that tries to load it. >> Look in all your .pre files in /etc/mail/spamassassin >>> >>> >>> ******************************************************************************************************************* >>> >>> >>> When I tried sa-learn --dump magic -D, I got the following error : >>> >>> ERROR: Bayes dump returned an error, please re-run with -D for more >>> information >> >> Again, no bayes db to dump. >>> >>> >>> >>> ----------------------------------------------------------------------------------------- >>> mail:/etc/mail/spamassassin # sa-learn --dump magic -D >>> [2675] dbg: logger: adding facilities: all >>> [2675] dbg: logger: logging level is DBG >>> [2675] dbg: generic: SpamAssassin version 3.1.6 >>> [2675] dbg: config: score set 0 chosen. >>> [2675] dbg: util: running in taint mode? yes >>> [2675] dbg: util: taint mode: deleting unsafe environment variables, >>> resetting PATH >>> [2675] dbg: util: PATH included '/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/local/sbin', keeping >>> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping >>> [2675] dbg: util: PATH included '/root/bin', keeping >>> [2675] dbg: util: PATH included '/usr/local/bin', keeping >>> [2675] dbg: util: PATH included '/usr/bin', keeping >>> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping >>> [2675] dbg: util: PATH included '/bin', keeping >>> [2675] dbg: util: PATH included '/usr/games', keeping >>> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping >>> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping >>> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping >>> [2675] dbg: util: final PATH set to: >>> >>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin >>> [2675] dbg: message: ---- MIME PARSER START ---- >>> [2675] dbg: message: main message type: text/plain >>> [2675] dbg: message: parsing normal part >>> [2675] dbg: message: added part, type: text/plain >>> [2675] dbg: message: ---- MIME PARSER END ---- >>> [2675] dbg: dns: is Net::DNS::Resolver available? yes >>> [2675] dbg: dns: Net::DNS version: 0.59 >>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre >>> files >>> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre >>> files >>> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir >>> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [2675] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf >>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf >>> [2675] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir >>> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [2675] dbg: pyzor: network tests on, attempting Pyzor >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [2675] dbg: razor2: razor2 is not available >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [2675] dbg: reporter: network tests on, attempting SpamCop >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0) >>> [2675] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14) >>> [2675] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >>> @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8) >>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from >>> @INC >>> [2675] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i >>> [2675] dbg: config: adding redirector regex: >>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i >>> [2675] dbg: config: adding redirector regex: >>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i >>> [2675] dbg: config: adding redirector regex: >>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i >>> [2675] dbg: config: adding redirector regex: >>> >>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i >>> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable >>> [2675] info: config: SpamAssassin failed to parse line, >>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path >>> /usr/bin/pyzor >>> [2675] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements >>> 'finish_parsing_end' >>> [2675] dbg: replacetags: replacing tags >>> [2675] dbg: replacetags: done replacing tags >>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [2675] dbg: config: score set 1 chosen. >>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> ERROR: Bayes dump returned an error, please re-run with -D for more >>> information >>> >>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> --> Am I getting this error because there are no bayes related files >>> in the /root/.spamassassin directory?? (its empty now) >>> >>> --> If yes, should I use the following command to create them?? >>> >>> # sa-learn --showdots --spam >>> /home//Maildir/cur (this is my inbox) >>> >>> >>> # sa-learn --showdots --ham /home/Maildir/.spam/cur >>> (this is where i filter all my {spam?} tagged mails) >>> >>> >>> ---> After this if i restart spamassassin, will >>> spamassassin+mailscanner start doing the bayes autolearn and check the >>> lists specified in Spam Lists option of the mailscanner? If not, what >>> should I do to get my spamassassin+mailscanner start doing the bayes >>> autolearn and check the lists specified in Spam Lists option of the >>> mailscanner? >>> >>> >>> Hope someone would be kind enough to help me. >>> >>> Expecting an early reply >>> >>> sincerely yours >> >> >> -- >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > From velda.midanovic at trezor.sr.gov.yu Wed Jun 18 10:02:55 2008 From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic) Date: Wed Jun 18 10:08:36 2008 Subject: Upgrade of MailScanner Message-ID: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> I have a following combination : RH4, MailScanner 4.58.9, ClamAV, SmapAssassin, all working very well together. The problem is that I get quite some backscatter on some of my users, and since watermarking may solve at least some of my problems, I plant to use it. Alas!!! My version of MailScanner does not support watermarking.... So I should upgrade. BUT I installed all from TAR packages. So how do I do it? Here is my output of #MailScanner -v : This is MailScanner version 4.58.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001008 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.24 Net::IP 0.57 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Pllease help. Velda -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/bb8da3ce/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jun 18 10:47:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 18 10:48:04 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <4858D9C4.4000901@ecs.soton.ac.uk> Donnie D. Quindardo wrote: > Hi Jules, > > Best of luck with the operation and future health. Thank you for your > help on my previous questions. > > One other thing that I've been pondering: > > - I currently use CentOS and was wondering if extracting the > mailscanner*.rpm from the stable download tar.gz file and running > rpm -Uvh mailscanner*.rpm would be okay? That all depends on what you have installed at the moment. If I were you I would just run ./install.sh fast and it will get through the install process pretty quickly. > > > Julian Field wrote: >> I have just released the latest stable version of MailScanner, >> version 4.70.6. >> >> The main new features this time are: >> - Now supports Mail::ClamAV 0.22, ClamAV 0.93.1, and SpamAssassin 3.2.5. >> - New setting "Dont Sign HTML If Headers Exist" to provide finer >> control over placement of HTML signatures. >> - All known problems with Watermarks fixed. >> - Improvements to filename and filetype checks to allow for common >> mistakes in filename patterns. >> - Added "ID Header" setting to allow the X-MailScanner-ID: header to >> be customised or removed. >> - Minor improvements to the phishing net. >> - Improvement to checking of "Sophos Allowed Error Messages". >> >> Download as usual from www.mailscanner.info. >> >> The full Change Log is this: >> >> * New Features and Improvements * >> 1 Improvement to OLE document unpacking code, more likely to extract >> embedded >> files correctly. >> 1 Added new setting "Dont Sign HTML If Headers Exist" to provide >> finer control >> over placement of HTML signatures. If any of the named headers exist in >> the message, the message is deemed to be a "reply", and so the HTML >> signature is not attached. By default this functionality is switched >> off >> by not specifying any header names. >> 2 Improvement to Filename and Filetype checks to catch mistakenly >> starting a >> regular expression with a "*" on its own, as in "*.pdf" or just "*". >> 2 Improved message reporting when Sophos finds password-protected zip >> archives. >> 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to >> upgrade your >> ClamAV+SpamAssassin installation, using the download package I provide. >> 3 Improved update_bad_phishing_sites to support proxy_* environment >> variables. >> Thanks to Heinz.Knutzen@dataport.de for this. >> 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV >> 0.22. >> 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in >> SpamAssassin by default now. >> 3 Improvements to handling of Watermarks to resolve various problems >> with them. >> 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install >> package. >> 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. >> Thanks >> to Anthony Cartmell for this idea. >> 6 Changed Watermarking, so it only checks if there was a SMTP client >> IP address >> as we don't want to block messages we generated on the MailScanner >> server. >> 6 Added "ID Header" setting so that you can choose whether or not you >> want >> the header showing the MailScanner message id value. If you don't >> want the >> header then set this to be blank. >> 6 Minor improvement to link detection in the phishing net. >> >> * Fixes * >> 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. >> 2 Fixed output text error in upgrade_MailScanner_conf. >> 3 Bugfixes to Watermark handling and logging. >> 4 More fixes to Watermark handling. >> 5 More fixes to Watermark handling, and a minor header change. >> 6 Made check for Sophos Allowed Error Messages case-insensitive. >> >> Jules >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Wed Jun 18 10:47:27 2008 From: ja at conviator.com (Jan Agermose) Date: Wed Jun 18 10:48:46 2008 Subject: whitelisting/sorbs Message-ID: hi this might actually not be mailscanner related - maybe its more sendmail - if so forgive me. we are using sorbs blacklist and its blacklisting gmail and one of our partners. How can I whitelist the IPs - make sure that sorbs is not asked or something for the IPs I know to be OK? Can I add the IPS in /etc/mail/access or something? regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/b74b45aa/attachment.html From telecaadmin at gmail.com Wed Jun 18 11:00:44 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Jun 18 11:03:13 2008 Subject: whitelisting/sorbs In-Reply-To: References: Message-ID: <4858DCCC.4040002@gmail.com> > we are using sorbs blacklist and its blacklisting gmail and one of our > partners. How can I whitelist the IPs - make sure that sorbs is not > asked or something for the IPs I know to be OK? Can I add the IPS in > /etc/mail/access or something? The question is HOW you use the sorbs lists. 1) If you're using RBLs on the SMTP level, you must make sure that you have a whitelist file which "overrides" all later checkes. As I'm a postfixer, this is done by eg specifying check_sender_access hash:/etc/postfix/from_force_accepts, textually BEFORE any of the RBL checks. "from_force_accepts" will say "OK" and then all following checks are skipped. 2) You will have to ALSO whitelist them in MailScanner, by using a rule for the spam checks (can't think of the according config directive at the moment). That way the mails will be scanned, but not spam checked against the RBLs and rules and whatnot. Cheers, Ronny From craig at csfs.co.za Wed Jun 18 11:06:34 2008 From: craig at csfs.co.za (Craig Retief) Date: Wed Jun 18 11:09:09 2008 Subject: Upgrade of MailScanner In-Reply-To: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> References: <004501c8d122$1f1ee1f0$5d5ca5d0$@midanovic@trezor.sr.gov.yu> Message-ID: <1213783594.7222.18.camel@cX> On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: > I have a following combination : RH4, MailScanner 4.58.9, ClamAV, > SmapAssassin, all working very well together. > > The problem is that I get quite some backscatter on some of my users, > and since watermarking may solve at least some of my problems, I plant > to use it. > > Alas!!! > > My version of MailScanner does not support watermarking.... > > So I should upgrade. BUT I installed all from TAR packages. So how do > I do it? > What I usually do is the following after downloading the tarball to your server: 1. disable the check_mailscanner command in crontab with # 2. move the softlink in /opt like this : [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 3. unpack Jules's TAR package 4. Run the install.sh script 5. change directory to /opt/MailScanner/etc and run the following command: [root@host]# ../bin/upgrade_MailScanner_conf /opt/MailScanner_4.58.9/etc/MailScanner.conf /opt/MailScanner/etc/MailScanner.conf > MailScanner.new [root@host]# vi MailScanner.new (here I check that all the settings are still correct and see what new toys Jules added to the mix) [root@host]# mv MailScanner.conf MailScanner.old [root@host]# mv MailScanner.new MailScanner.conf 6. change directory to reports/en and run the following command: [root@host]# ../../../bin/upgrade_languages_conf /opt/MailScanner_4.58.9/etc/reports/en/languages.conf /opt/MailScanner/etc/reports/en/languages.conf > languages.new [root@host]# mv languages.conf languages.old [root@host]# mv languages.new languages.conf [root@host]# cp /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) [root@host]# ?cp /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and MailWatch.pm files to the new install like this: [root@host]# cd /opt/MailScanner/lib/MailScanner/CustomFunctions/ [root@host]# cp /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBlackWhiteList.pm ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?MailWatch.pm . (note the dot) 8. That shoudl be about all, then you can run the follwing command and monitor the log file for any errors: [root@host]# /opt/MailScanner/bin/check_mailscanner; tail -f /var/log/maillog 9. Re-enable the cronjob if all went well If I missed a step someone might like to point it out. Cheers Craig > Here is my output of #MailScanner ?v : > > This is MailScanner version 4.58.9 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.14 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.10 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.18 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.814 DB_File > > 1.12 DBD::SQLite > > 1.50 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.10 Digest::SHA1 > > 0.44 Inline > > missing Mail::ClamAV > > 3.001008 Mail::SpamAssassin > > 1.999001 Mail::SPF::Query > > 0.20 Net::CIDR::Lite > > 1.24 Net::IP > > 0.57 Net::DNS > > 0.31 Net::LDAP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.56 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > Pllease help. > > Velda > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/531d7269/attachment.html From martinh at solidstatelogic.com Wed Jun 18 11:44:06 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 18 11:44:18 2008 Subject: Upgrade of MailScanner In-Reply-To: <1213783594.7222.18.camel@cX> Message-ID: <0cd6dd129330114f83a330924db36921@solidstatelogic.com> Slight variation.. 1. login to the mailscanner computer and download the latest version of the software 2 .extract the archive with tar zxf MailScanner-install-.tar.gz 3 cd to the directory extracted and su to root 4 run the installer which will put the files onto /opt/MailScanner- an d install ant perl modules requires with ./install.sh 5 cd to the newly created directory in /opt and copy the rule files etc over from the running system: 6 cd /opt/MailScanner- 7 cd ../lib/MailScanner/CustomFunctions 8 cp /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm . 9 cd ../../../etc/rules 10 cp /opt/MailScanner/etc/rules/*.rules . 11 cd ../reports/en 12 cp /opt/MailScanner/etc/reports/en/inline.sig.* . 13 cd ../../ 14 cp /opt/MailScanner/etc/spam.assassin.prefs.conf . 15 finally merge in the existing settings file with the new one using the following: 16 ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new 17 mv MailScanner.conf MailScanner.old 18 mv MailScanner.new MailScanner.conf The last stage is to run the new version rather than the old: 19 cd /opt 20 /usr/local/etc/rc.d/MailScanner.sh stop (or whatever you use to stop) 21 rm MailScanner 22 ln -s MailScanner- MailScanner 23 /usr/local/etc/rc.d/MailScanner.sh start Steps 19-23 are the only time when you need to stop MS, therefore downtime is pretty minimal Backout if things go wrong is easy - redo 19-23 using the oldversion of MS rather than new version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Craig Retief > Sent: 18 June 2008 11:07 > To: MailScanner discussion > Subject: Re: Upgrade of MailScanner > > > > On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: > > I have a following combination : RH4, MailScanner > 4.58.9, ClamAV, SmapAssassin, all working very well together. > > The problem is that I get quite some backscatter on > some of my users, and since watermarking may solve at least > some of my problems, I plant to use it. > > Alas!!! > > My version of MailScanner does not support watermarking.... > > So I should upgrade. BUT I installed all from TAR > packages. So how do I do it? > > > > What I usually do is the following after downloading the > tarball to your server: > > 1. disable the check_mailscanner command in crontab with # > 2. move the softlink in /opt like this : > [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 > 3. unpack Jules's TAR package > 4. Run the install.sh script > 5. change directory to /opt/MailScanner/etc and run the > following command: > [root@host]# ../bin/upgrade_MailScanner_conf > /opt/MailScanner_4.58.9/etc/MailScanner.conf > /opt/MailScanner/etc/MailScanner.conf > MailScanner.new > [root@host]# vi MailScanner.new (here I check that > all the settings are still correct and see what new toys > Jules added to the mix) > [root@host]# mv MailScanner.conf MailScanner.old > [root@host]# mv MailScanner.new MailScanner.conf > 6. change directory to reports/en and run the following command: > [root@host]# ../../../bin/upgrade_languages_conf > /opt/MailScanner_4.58.9/etc/reports/en/languages.conf > /opt/MailScanner/etc/reports/en/languages.conf > languages.new > [root@host]# mv languages.conf languages.old > [root@host]# mv languages.new languages.conf > [root@host]# cp > /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) > [root@host]# ?cp > /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the > dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and > MailWatch.pm files to the new install like this: > [root@host]# cd > /opt/MailScanner/lib/MailScanner/CustomFunctions/ > [root@host]# cp > /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBl > ackWhiteList.pm > ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?Mail > Watch.pm . (note the dot) > 8. That shoudl be about all, then you can run the follwing > command and monitor the log file for any errors: > [root@host]# /opt/MailScanner/bin/check_mailscanner; tail > -f /var/log/maillog 9. Re-enable the cronjob if all went well > > > If I missed a step someone might like to point it out. > > Cheers > > Craig > > > > > Here is my output of #MailScanner ?v : > > This is MailScanner version 4.58.9 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.14 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.10 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.18 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.814 DB_File > > 1.12 DBD::SQLite > > 1.50 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.10 Digest::SHA1 > > 0.44 Inline > > missing Mail::ClamAV > > 3.001008 Mail::SpamAssassin > > 1.999001 Mail::SPF::Query > > 0.20 Net::CIDR::Lite > > 1.24 Net::IP > > 0.57 Net::DNS > > 0.31 Net::LDAP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.56 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > Pllease help. > > Velda > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner > , and is > believed to be clean. > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From craig at csfs.co.za Wed Jun 18 12:03:43 2008 From: craig at csfs.co.za (Craig Retief) Date: Wed Jun 18 12:07:02 2008 Subject: MailScanner ANNOUNCE: 4.70.6 released In-Reply-To: <4858191B.4010103@ecs.soton.ac.uk> References: <4858191B.4010103@ecs.soton.ac.uk> Message-ID: <1213787023.7222.27.camel@cX> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: stock_smiley-1.png Type: image/png Size: 873 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/069b63fc/stock_smiley-1.png From theodrake at comcast.net Wed Jun 18 13:25:43 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:26:09 2008 Subject: Health update In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> Message-ID: <4858FEC7.1010004@comcast.net> Christian Rasmussen wrote: > I've been a sysadmin for so long I don't think anyone would have much > use for my liver. > LOL. If I ever need a liver I'm moving to Utah. later, From theodrake at comcast.net Wed Jun 18 13:27:08 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:27:31 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4858FF1C.6010709@comcast.net> Luck Jules. From theodrake at comcast.net Wed Jun 18 13:28:58 2008 From: theodrake at comcast.net (Ed) Date: Wed Jun 18 13:29:18 2008 Subject: Health update In-Reply-To: <48561153.3080806@tradoc.fr> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> <48561153.3080806@tradoc.fr> Message-ID: <4858FF8A.1040305@comcast.net> John Wilcock wrote: > --[ UxBoD ]-- a ?crit : >> All the best Jules ... Wish you a short wait and a very speedy >> recovery ... Make sure the nice nurse keeps your laptop well out of >> reach! > > I beg to differ ;-) Keeping Julian from his laptop would be terrible > for his mental well-being! > > Julian, may the time that you're *not* straining to get at your laptop > after the op be as short as possible! I'm looking forward to another right up on how he gets past all the internet security. From Denis.Beauchemin at USherbrooke.ca Wed Jun 18 13:54:36 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 18 13:55:05 2008 Subject: Problem while updating perl In-Reply-To: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> References: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> Message-ID: <4859058C.6070803@USherbrooke.ca> Dave Jones a ?crit : > >Dave Jones a ?crit : > >> > >> >> You can reinstall MailScanner but you will still have the same perl > >> >> conflicts next time a perl module gets updated on RPMforge (or > >> >> whatever your repo is that has the conflicting package). > >> >> > >> >> I would simply force the install of the perl modules (I do it > all the > >> >> time) with the conflict from the MailScanner installation: > >> >> > >> >> # rpm -Uhv --force > >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm > >> >> > >> >> Substitute "rpmforge" above with whatever your repository name > is and > >> >> the RPM file in question. > >> >> > >> >> Dave > >> >> > >> >> -- > >> >> Dave Jones > >> >Dave, > >> > > >> >It didn't work on my RHEL 5.2 server: > >> >[root@smtps ~]# rpm -Uvh --force > >> > >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/lost\+found/.*. > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/\.journal. > >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same > >> >specifications for /usr/local/lost\+found. > >> >Preparing... > ########################################### > >> >[100%] > >> >1:perl ########################################### > >> >[100%] > >> >[root@smtps ~]# MailScanner --lint > >> > > >> > > >> >**** ERROR: You must upgrade your perl IO module to at least > >> >**** ERROR: version 1.2301 or MailScanner will not work! > >> > > >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp > >> >perl-Math-BigInt perl-Math-BigRat perl-bignum > >> > > >> >Denis > >> > >> Sounds like you might have SELinux active. Run "getenforce" and if it > >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then > >> run your command again. > >> > >> If permissive mode allows the package install command to work with > >> --force, then disable SELinux or try your hand at updating the SELinux > >> policy that is preventing it from installing. RHEL 5 is supposed to > >> be much easier to customize SELinux policies but I haven't played with > >> it yet. I still just disable it during the install and go... > >> > >> -- > >> Dave Jones > > > >Dave, > > > >It is disabled on all my servers (I just checked and getenforce returns > >Disabled)... I see the "selinux" messages all the time whenever I > >install or upgrade an RPM... to the point where I don't even pay any > >attention to them... could have been the reason I had problem, though! > > > >Denis > Now that I see your repo is "rhel-i386-server-5" then there could be a few > other things it could be. What repos do you have installed and > active? If > you have RPMforge installed (which every CentOS box should have), it may > overlap some packages with with the RHEL repo. We install RPMforge on our > RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). Then we > only enable it for specific packages from the command line with the > "--enable-repo=rpmforge" option. > > On a RHEL server like yours, the perl packages should come from the RHEL > repo to keep everything clean. Is it possible that perl was updated or > installed from another source? You might try removing and > reinstalling perl > after making sure that the only active repo is "rhel-i386-server-5." > -- > Dave Jones Dave, The only repo I used until 1 week ago was RedHat's. I added rpmforge since but didn't upgrade anything from them (just used it to install clamd). So this behaviour is really RedHat's own. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Robert.Meurlin at se.fujitsu.com Wed Jun 18 14:26:17 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed Jun 18 14:43:59 2008 Subject: SV: SV: SV: mailscanner dont process email at all In-Reply-To: <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org><797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x><485660C0.1080803@USherbrooke.ca><797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> Message-ID: <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> root 3432 0.0 0.8 66852 35056 ? Ss 15:09 0:00 MailScanner: master waiting for children, sleeping root 3433 100 1.4 94092 57864 ? R 15:09 2:36 MailScanner: starting children If I start MailScanner with sendmail , it will just hang as seen. Can it be something with clam? MailScanner --lint configtest doesn't give anything. Iam running this on Suse Enterprise 64 bit and it was installed trough rpm packages. Is there any command to start mailscanner med n?got trace option? Robert -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 17 juni 2008 11:39 Till: MailScanner discussion ?mne: Re: SV: SV: mailscanner dont process email at all 2008/6/17 Meurlin Robert : > Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. > > Is the last option to reinstall mailscanner? All points to that is the problem. > Hej Robert, You mention configtest ... Is this a command? What is it supposed to do for you? Is this running on cPanel or similar? How did you do the install? What version of OS/distro are you using? The more details the better answers:-). Tjena -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mi6 at orcon.net.nz Wed Jun 18 14:56:49 2008 From: mi6 at orcon.net.nz (Charlie) Date: Wed Jun 18 14:56:59 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Thanks for all the replies. In response to some of them: - we have now installed nscd, so output is now: # /etc/init.d/nscd status Status of Name Service Cache Daemon service: running - we have added 2 more MS children - we'll look into adding more RAM > 2-5 seconds per batch is pretty fast. Anything under 1 minute is > acceptable IMHO. > Why the concern about scan times?? Email isn't IM :-). Seriously why the > concern about scan times? The concern is that I am eventually looking to have over 10,000 users, so will be receiving, and then sending, multiple emails per second. Even now, with only 1,500 users, people have started reporting "Too many concurrent SMTP connections; Please try again later" They only started seeing this message after I turned on SpamAssassin. I am thinking that perhaps, as 99% of the emails we receive are not spam, that scanning for spam may be an unnecessary luxury, once email volumes reach a certain level. From alex at rtpty.com Wed Jun 18 15:02:54 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jun 18 15:03:22 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> References: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: <676D8DAA-5F99-4ECA-981E-29D021E18488@rtpty.com> Correlation is not causation. SpamAssassin doesn't increase the number of concurrent SMTP connections, as you receive e-mail normally *and then* have it scanned in batches, not "in-line". You should either increase (within reason) the number of possible incoming SMTP connections in your MTA so that this doesn't happen. If by increasing the possible incoming connections on the MTA your performance goes down, you should look into either increasing your hardware resources, tweaking your existing config, or getting more bandwidth if that's your bottleneck. On Jun 18, 2008, at 8:56 AM, Charlie wrote: > Even now, with only 1,500 users, people have started reporting "Too > many concurrent SMTP connections; Please try again later" From martinh at solidstatelogic.com Wed Jun 18 15:12:56 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 18 15:13:09 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: Charlie That's an MTA setup issue.....not mailscanner! Have you got a gateway machine ot you running mailscanner on the mailserver -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 18 June 2008 14:57 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > Thanks for all the replies. In response to some of them: > > - we have now installed nscd, so output is now: > # /etc/init.d/nscd status > Status of Name Service Cache Daemon service: running > > - we have added 2 more MS children > - we'll look into adding more RAM > > > 2-5 seconds per batch is pretty fast. Anything under 1 minute is > > acceptable IMHO. > > Why the concern about scan times?? Email isn't IM :-). > Seriously why > > the concern about scan times? > > The concern is that I am eventually looking to have over > 10,000 users, so will be receiving, and then sending, > multiple emails per second. > Even now, with only 1,500 users, people have started > reporting "Too many concurrent SMTP connections; Please try > again later" > They only started seeing this message after I turned on > SpamAssassin. I am thinking that perhaps, as 99% of the > emails we receive are not spam, that scanning for spam may be > an unnecessary luxury, once email volumes reach a certain level. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Rich at GlaserTechnology.com Wed Jun 18 16:05:16 2008 From: Rich at GlaserTechnology.com (Rich Berrill) Date: Wed Jun 18 16:05:30 2008 Subject: MailScanner stops processing Message-ID: <86AE6EB9FC22024D91E76C0802A7D530646DC4@glaser-sbs.Glaser.local> I have MailScanner and SpamAssassin running on Ubuntu Server. About once a day it will stop processing email and the incoming mail will stack up in /var/spool/postfix/hold sometimes it gets up to 4 or 500 messages before it finally processes them and begins to empty. When it does empty it runs very fast. I removed the RBL's thinking they could be causing this and I also tested external DNS on some of the messages it was getting stuck on and I am seeing no problems at all there. I ran a MailScaner -debug -sa-debug the first time and saw that my bayes tables were reporting that they were damage so I repaired that. The next time I ran it, it completed but it hung for a good 2 minutes on the following line: [17790] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__M SOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__ TVD_BODY,__UNUSABLE_MSGID Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/e30a8fa4/attachment.html From jra at baylink.com Wed Jun 18 16:45:05 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jun 18 16:45:15 2008 Subject: Updating an adopted installation from 4.54 In-Reply-To: References: <20080617172014.GQ840@cgi.jachomes.com> Message-ID: <20080618154505.GB6584@cgi.jachomes.com> On Tue, Jun 17, 2008 at 09:34:10AM -0800, Kevin Miller wrote: > > Yes, I'm sure it does. But the instructions only tell you to *run* it > > if you're doing an in-place upgrade. > > > > I wasn't. I was trying to do a parallel install, so I could test it > > and be able to back out if I screwed something up, as I noted. So I > > was using the "fresh install" instructions, and they don't mention it, > > for oblivious raisins. ;-) > > What I usually do in that situation is to tar up the /etc/MailScanner > tree and copy it to the new host, then do the install. The installer > will see the old conf & rule files, and create .rpmnew flavors. It > won't care that it isn't really already installed. You can then run the > upgrade_MailScanner script with expected results. I wasn't, at the time, trying to put it on a separate box. I am now. > BTY, Julian's published a book on MailScanner - it's worth the price of > admission. Especially if you boss is picking up the tab... Saw that; thanks for the good review. I'll grab it. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From MailScanner at ecs.soton.ac.uk Wed Jun 18 17:57:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 18 17:58:07 2008 Subject: Upgrade of MailScanner In-Reply-To: References: Message-ID: <48593E8A.7040205@ecs.soton.ac.uk> Can you put that somewhere prominent in the wiki please? How about we try to script some of this and I provide it in the distribution? Martin.Hepworth wrote: > Slight variation.. > > 1. login to the mailscanner computer and download the latest version of the software > > 2 .extract the archive with tar zxf MailScanner-install-.tar.gz > > 3 cd to the directory extracted and su to root > > 4 run the installer which will put the files onto /opt/MailScanner- an d install ant perl modules requires with ./install.sh > > 5 cd to the newly created directory in /opt and copy the rule files etc over from the running system: > > 6 cd /opt/MailScanner- > > 7 cd ../lib/MailScanner/CustomFunctions > > 8 cp /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm . > > 9 cd ../../../etc/rules > > 10 cp /opt/MailScanner/etc/rules/*.rules . > > 11 cd ../reports/en > > 12 cp /opt/MailScanner/etc/reports/en/inline.sig.* . > > 13 cd ../../ > > 14 cp /opt/MailScanner/etc/spam.assassin.prefs.conf . > > 15 finally merge in the existing settings file with the new one using the following: > > 16 ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new > > 17 mv MailScanner.conf MailScanner.old > > 18 mv MailScanner.new MailScanner.conf > > The last stage is to run the new version rather than the old: > > 19 cd /opt > > 20 /usr/local/etc/rc.d/MailScanner.sh stop (or whatever you use to stop) > > 21 rm MailScanner > > 22 ln -s MailScanner- MailScanner > > 23 /usr/local/etc/rc.d/MailScanner.sh start > > > Steps 19-23 are the only time when you need to stop MS, therefore downtime is pretty minimal > > Backout if things go wrong is easy - redo 19-23 using the oldversion of MS rather than new version. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Craig Retief >> Sent: 18 June 2008 11:07 >> To: MailScanner discussion >> Subject: Re: Upgrade of MailScanner >> >> >> >> On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: >> >> I have a following combination : RH4, MailScanner >> 4.58.9, ClamAV, SmapAssassin, all working very well together. >> >> The problem is that I get quite some backscatter on >> some of my users, and since watermarking may solve at least >> some of my problems, I plant to use it. >> >> Alas!!! >> >> My version of MailScanner does not support watermarking.... >> >> So I should upgrade. BUT I installed all from TAR >> packages. So how do I do it? >> >> >> >> What I usually do is the following after downloading the >> tarball to your server: >> >> 1. disable the check_mailscanner command in crontab with # >> 2. move the softlink in /opt like this : >> [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 >> 3. unpack Jules's TAR package >> 4. Run the install.sh script >> 5. change directory to /opt/MailScanner/etc and run the >> following command: >> [root@host]# ../bin/upgrade_MailScanner_conf >> /opt/MailScanner_4.58.9/etc/MailScanner.conf >> /opt/MailScanner/etc/MailScanner.conf > MailScanner.new >> [root@host]# vi MailScanner.new (here I check that >> all the settings are still correct and see what new toys >> Jules added to the mix) >> [root@host]# mv MailScanner.conf MailScanner.old >> [root@host]# mv MailScanner.new MailScanner.conf >> 6. change directory to reports/en and run the following command: >> [root@host]# ../../../bin/upgrade_languages_conf >> /opt/MailScanner_4.58.9/etc/reports/en/languages.conf >> /opt/MailScanner/etc/reports/en/languages.conf > languages.new >> [root@host]# mv languages.conf languages.old >> [root@host]# mv languages.new languages.conf >> [root@host]# cp >> /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) >> [root@host]# ?cp >> /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the >> dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and >> MailWatch.pm files to the new install like this: >> [root@host]# cd >> /opt/MailScanner/lib/MailScanner/CustomFunctions/ >> [root@host]# cp >> /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBl >> ackWhiteList.pm >> ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?Mail >> Watch.pm . (note the dot) >> 8. That shoudl be about all, then you can run the follwing >> command and monitor the log file for any errors: >> [root@host]# /opt/MailScanner/bin/check_mailscanner; tail >> -f /var/log/maillog 9. Re-enable the cronjob if all went well >> >> >> If I missed a step someone might like to point it out. >> >> Cheers >> >> Craig >> >> >> >> >> Here is my output of #MailScanner ?v : >> >> This is MailScanner version 4.58.9 >> >> Module versions are: >> >> 1.00 AnyDBM_File >> >> 1.16 Archive::Zip >> >> 1.03 Carp >> >> 1.119 Convert::BinHex >> >> 1.00 DirHandle >> >> 1.05 Fcntl >> >> 2.73 File::Basename >> >> 2.08 File::Copy >> >> 2.01 FileHandle >> >> 1.06 File::Path >> >> 0.14 File::Temp >> >> 0.90 Filesys::Df >> >> 1.35 HTML::Entities >> >> 3.54 HTML::Parser >> >> 2.37 HTML::TokeParser >> >> 1.21 IO >> >> 1.10 IO::File >> >> 1.123 IO::Pipe >> >> 1.71 Mail::Header >> >> 3.05 MIME::Base64 >> >> 5.420 MIME::Decoder >> >> 5.420 MIME::Decoder::UU >> >> 5.420 MIME::Head >> >> 5.420 MIME::Parser >> >> 3.03 MIME::QuotedPrint >> >> 5.420 MIME::Tools >> >> 0.10 Net::CIDR >> >> 1.08 POSIX >> >> 1.77 Socket >> >> 1.4 Sys::Hostname::Long >> >> 0.18 Sys::Syslog >> >> 1.86 Time::HiRes >> >> 1.02 Time::localtime >> >> >> >> Optional module versions are: >> >> 0.17 Convert::TNEF >> >> 1.814 DB_File >> >> 1.12 DBD::SQLite >> >> 1.50 DBI >> >> 1.15 Digest >> >> 1.01 Digest::HMAC >> >> 2.36 Digest::MD5 >> >> 2.10 Digest::SHA1 >> >> 0.44 Inline >> >> missing Mail::ClamAV >> >> 3.001008 Mail::SpamAssassin >> >> 1.999001 Mail::SPF::Query >> >> 0.20 Net::CIDR::Lite >> >> 1.24 Net::IP >> >> 0.57 Net::DNS >> >> 0.31 Net::LDAP >> >> 1.94 Parse::RecDescent >> >> missing SAVI >> >> 2.56 Test::Harness >> >> 0.47 Test::Simple >> >> 1.95 Text::Balanced >> >> 1.35 URI >> >> >> >> Pllease help. >> >> Velda >> >> >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner >> , and is >> believed to be clean. >> >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jun 18 20:20:27 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:20:55 2008 Subject: Health update In-Reply-To: <4858FEC7.1010004@comcast.net> References: <4852BC3D.3050802@ecs.soton.ac.uk><200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <7C62BFED4DC0CE488F93865D83A61E64743C0D@sprocket.columbiafuels.com> <4858FEC7.1010004@comcast.net> Message-ID: on 6-18-2008 5:25 AM Ed spake the following: > Christian Rasmussen wrote: >> I've been a sysadmin for so long I don't think anyone would have much >> use for my liver. > > LOL. If I ever need a liver I'm moving to Utah. > > later, I've been in Utah. You would be surprised at how much of the non-Mormon population might not be that great of a liver donor! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/e37f2903/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:27:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:28:14 2008 Subject: Health update In-Reply-To: <4858FF8A.1040305@comcast.net> References: <31647067.16941213432830191.JavaMail.root@office.splatnix.net> <48561153.3080806@tradoc.fr> <4858FF8A.1040305@comcast.net> Message-ID: on 6-18-2008 5:28 AM Ed spake the following: > John Wilcock wrote: >> --[ UxBoD ]-- a ?crit : >>> All the best Jules ... Wish you a short wait and a very speedy >>> recovery ... Make sure the nice nurse keeps your laptop well out of >>> reach! >> >> I beg to differ ;-) Keeping Julian from his laptop would be terrible >> for his mental well-being! >> >> Julian, may the time that you're *not* straining to get at your laptop >> after the op be as short as possible! > I'm looking forward to another right up on how he gets past all the > internet security. If it can be done, Julian will do it! I.m sure that for the first few weeks he might be in semi-isolation as the anti-rejection drugs can mess with your immunity for a while. That means nothing will come in that can't be sterilized. And for his health sake, I hope he follows the rules. We will just have to be content with whatever stable release we have and not ask for the next "world domination" feature for a while. The list has enough competent admin's to help with the newbies until he fells better and gets the restrictions lifted. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/19d60b6f/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:31:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:35:11 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> Message-ID: on 6-18-2008 12:27 AM vinayan KP spake the following: > Sir, > > I am trying to fix the problem of mailscanner+spamassassin installed > on my new postfix server not detecting mails with low SA score as > spam. But I can see my old mailscanner which receives mails and > forwards it to new postfix server detects them as spam and tags them > {Spam?}. I am saying a sorry in advance that I won't be able to try > your suggestions the same day and respond with results. I will be > able to do whatever you suggest when I get enough time. > > I have been suggested by Mr.Scott to install pyzor, set the bayes file > path, permission for the beyes files, then do sa-learn etc and I have > done all of them. Still my new mailscanner+spamassassin dont detect > low scoring spams which my older mailscanner+spamassassing sytem > detects. Please see the mails below this, which contains the outputs > of: > > spamassassin -D --ling > spamassasin --dump magic > . > > Now I am getting > [15396] dbg: rules: local tests only, ignoring RBL eval > When I run a > # spamassassin -D --lint or > # spamassassin -D --ling < ..messages > > I use the following > > postfix.2.3.2-28 > Spamassassin.3.1.6-15 > MailScanner 4.58.9 on SUSE 10.2 > > Looks like very old versions of spamassassin and mailscanner. Why build a new server with old software? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/7890ab1b/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:38:59 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:40:13 2008 Subject: Disabling sare updates via sa-update In-Reply-To: <1213767061.14722.37.camel@localhost.localdomain> References: <1213767061.14722.37.camel@localhost.localdomain> Message-ID: on 6-17-2008 10:31 PM ram spake the following: > On Tue, 2008-06-17 at 15:11 +0100, Martin.Hepworth wrote: >> Ram >> >> This is a sa-update issue nothing to do with mailscanner.. >> >> -- > > But sa-update is run automatically by Mailscanner > Just remove any changes that you added to get the sare stuff added. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/0fffa7d5/signature.bin From ssilva at sgvwater.com Wed Jun 18 20:36:15 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 18 20:45:11 2008 Subject: Problem while updating perl In-Reply-To: <4859058C.6070803@USherbrooke.ca> References: <67a55ed50806170555s4de8a74atea137e73b2fe12f@mail.gmail.com> <4859058C.6070803@USherbrooke.ca> Message-ID: on 6-18-2008 5:54 AM Denis Beauchemin spake the following: > Dave Jones a ?crit : >> >Dave Jones a ?crit : >> >> >> >> >> You can reinstall MailScanner but you will still have the same perl >> >> >> conflicts next time a perl module gets updated on RPMforge (or >> >> >> whatever your repo is that has the conflicting package). >> >> >> >> >> >> I would simply force the install of the perl modules (I do it >> all the >> >> >> time) with the conflict from the MailScanner installation: >> >> >> >> >> >> # rpm -Uhv --force >> >> >> /var/cache/yum/rpmforge/packages/perl-Sys-Syslog-0.18-1.rpm >> >> >> >> >> >> Substitute "rpmforge" above with whatever your repository name >> is and >> >> >> the RPM file in question. >> >> >> >> >> >> Dave >> >> >> >> >> >> -- >> >> >> Dave Jones >> >> >Dave, >> >> > >> >> >It didn't work on my RHEL 5.2 server: >> >> >[root@smtps ~]# rpm -Uvh --force >> >> >> >/var/cache/yum/rhel-i386-server-5/packages/perl-5.8.8-10.el5_2.3.i386.rpm >> >> >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >> >specifications for /usr/local/lost\+found/.*. >> >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >> >specifications for /usr/local/\.journal. >> >> >/etc/selinux/targeted/contexts/files/file_contexts: Multiple same >> >> >specifications for /usr/local/lost\+found. >> >> >Preparing... >> ########################################### >> >> >[100%] >> >> >1:perl >> ########################################### >> >> >[100%] >> >> >[root@smtps ~]# MailScanner --lint >> >> > >> >> > >> >> >**** ERROR: You must upgrade your perl IO module to at least >> >> >**** ERROR: version 1.2301 or MailScanner will not work! >> >> > >> >> >I am now reinstalling the following MS' RPMs: perl-IO perl-File-Temp >> >> >perl-Math-BigInt perl-Math-BigRat perl-bignum >> >> > >> >> >Denis >> >> >> >> Sounds like you might have SELinux active. Run "getenforce" and if it >> >> is "Enforcing" then run "setenforce 0" to make it "Permissive". Then >> >> run your command again. >> >> >> >> If permissive mode allows the package install command to work with >> >> --force, then disable SELinux or try your hand at updating the SELinux >> >> policy that is preventing it from installing. RHEL 5 is supposed to >> >> be much easier to customize SELinux policies but I haven't played with >> >> it yet. I still just disable it during the install and go... >> >> >> >> -- >> >> Dave Jones >> > >> >Dave, >> > >> >It is disabled on all my servers (I just checked and getenforce returns >> >Disabled)... I see the "selinux" messages all the time whenever I >> >install or upgrade an RPM... to the point where I don't even pay any >> >attention to them... could have been the reason I had problem, though! >> > >> >Denis >> Now that I see your repo is "rhel-i386-server-5" then there could be a >> few >> other things it could be. What repos do you have installed and >> active? If >> you have RPMforge installed (which every CentOS box should have), it may >> overlap some packages with with the RHEL repo. We install RPMforge on >> our >> RHEL boxes but keep it disabled (/etc/yum.repos.d/rpmforge.repo). >> Then we >> only enable it for specific packages from the command line with the >> "--enable-repo=rpmforge" option. >> >> On a RHEL server like yours, the perl packages should come from the RHEL >> repo to keep everything clean. Is it possible that perl was updated or >> installed from another source? You might try removing and >> reinstalling perl >> after making sure that the only active repo is "rhel-i386-server-5." >> -- >> Dave Jones > > Dave, > > The only repo I used until 1 week ago was RedHat's. I added rpmforge > since but didn't upgrade anything from them (just used it to install > clamd). So this behaviour is really RedHat's own. > > Denis > The problem is that RedHat uses a fairly monolithic perl package, and any added changes like the packages that mailscanner adds will play havoc in the rpm database. Since RedHat doesn't usually upgrade versions of core stuff unless they can't backport an important security fix, it doesn't happen that often. You need to rpm -e all the modules that were installed by mailscanner, update the perl rpm and reinstall mailscanner. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/0386a26a/signature.bin From richard.frovarp at sendit.nodak.edu Wed Jun 18 21:26:17 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 18 21:26:30 2008 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.5 available In-Reply-To: <485810AA.5070508@ecs.soton.ac.uk> References: <200806121601.m5CG1Y3o025702@safir.blacknight.ie> <48514A7C.8060900@maddoc.net><224FA7E11EA39E45843E11CEBBD3A36FB50BB5@HOUPEX01.nfsmith.info> <4851569F.5090503@maddoc.net> <224FA7E11EA39E45843E11CEBBD3A36FB50BCE@HOUPEX01.nfsmith.info> <48516337.2020203@ecs.soton.ac.uk> <485810AA.5070508@ecs.soton.ac.uk> Message-ID: <48596F69.3040401@sendit.nodak.edu> Julian Field wrote: > > > Richard Frovarp wrote: >> Julian Field wrote: >>> >>> >>>> >>>> >>> 4.70.5 should support the newest Mail::ClamAV. It does, doesn't it? >>> I've been holding off from a stable release waiting for F-Secure >>> 7.0.1 keys, but they haven't appeared so I think I'll just put out a >>> stable release now unless anyone has any strong objections. Speak >>> now or forever hold thy pieces. >>> >>> Jules >>> >> Any update on 4.70.5 going stable? > No-one else seems to have said anything, and I've fixed a couple of > other things, so how about I put out a stable release (probably > 4.70.6) tomorrow morning (GMT)? > > Jules > Thanks got it installed and running. From jra at baylink.com Wed Jun 18 21:33:43 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jun 18 21:33:52 2008 Subject: Upgrade of MailScanner In-Reply-To: <48593E8A.7040205@ecs.soton.ac.uk> References: <48593E8A.7040205@ecs.soton.ac.uk> Message-ID: <20080618203343.GB7293@cgi.jachomes.com> On Wed, Jun 18, 2008 at 05:57:46PM +0100, Julian Field wrote: > Can you put that somewhere prominent in the wiki please? > > How about we try to script some of this and I provide it in the > distribution? If he doesn't, I will. Do I need any special approval to sign up that I should deal with now, even though I'm unreasonably busy? :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From Alan.Charlton at caseware.com Wed Jun 18 21:47:10 2008 From: Alan.Charlton at caseware.com (Alan Charlton) Date: Wed Jun 18 21:47:24 2008 Subject: Variables that can be used in inline.warning.txt and .html reports In-Reply-To: <200806031020.m53AKSIu021097@safir.blacknight.ie> References: <200806031020.m53AKSIu021097@safir.blacknight.ie> Message-ID: <5864E8A48D189F4999A1D1BAE37305168297B8@queen.caseware.cwi.local> > Message: 8 > Date: Mon, 02 Jun 2008 22:13:14 +0100 > From: Julian Field > Subject: Re: Variables that can be used in inline.warning.txt and > .html reports > To: MailScanner discussion > Message-ID: <4844626A.5030109@ecs.soton.ac.uk> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Alan Charlton wrote: > >> ------------------------------ > >> > >> Message: 20 > >> Date: Mon, 19 May 2008 21:24:53 -0400 > >> From: "Alan Charlton" > >> Subject: Variables that can be used in inline.warning.txt and .html > >> reports > >> To: > >> Message-ID: > >> > >> > > <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local> > > > >> Content-Type: text/plain; charset="us-ascii" > >> > >> We've been trying to use some variables in the inline.warning.txt/html > >> files that don't seem to work. Specifically $datenumber and $to. > >> > >> We'd like to be able to provide our users with a link to release 'bad > >> content' or even 'virus' messages that they know are legitimate, > >> > > similar > > > >> to what's in the recipient.spam.report.txt: > >> > >> > >> > > http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t > > > >> o=$to > >> > >> I know it's a little risky, but we're a software development company > >> > > and > > > >> we often get attachments that get caught, and our users tend to be > >> reasonably intelligent and cautious... and too impatient to submit a > >> ticket to IT every time a file is caught. > >> > >> Also for proper backup and archiving we'd like all legitimate emails > >> > > to > > > >> reach the end users' mailboxes... > >> > >> For more details on what we're trying to do check out: > >> http://www.global-domination.org/forum/viewtopic.php?t=968 > >> > >> My searches for a solution turned up the following thread: > >> > >> > > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803 > > > >> 0.html > >> > >> ...Which seems to imply that these variables need to be specifically > >> added to work in a given report. > >> > >> Is there any way we can add the variables ourselves? Or do we need to > >> request that they be added in a new release? > >> > >> Thanks, > >> Alan > >> > >> > >> ------------------------------ > >> > > > > Bumping this up for another try... Does anyone know how to get > > $datenumber and $to to work in the inline.warning.txt and .html reports? > > > > Any help would be appreciated. > > > > Thanks, > > Alan > > > At the moment, the only variables it appears you can use are these: > $filename = join(', ', keys %infected); > $id = $this->{id}; > $from = $this->{from}; > $subject = $this->{subject}; > > I can add more if several people need them. If your Perl is up to it, > you want to add code to sub ReadVirusWarning in Message.pm. Otherwise > you'll have to bribe me to add them for you :-) > > Jules > > -- Ok let's talk bribes... I tried doing it myself but I'm not very familiar with Perl and only succeeded at breaking things. :) Alan From glenn.steen at gmail.com Wed Jun 18 22:04:39 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 18 22:04:48 2008 Subject: SV: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x> <48536FD4.4090300@vanderkooij.org> <797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x> <485660C0.1080803@USherbrooke.ca> <797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x> <797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x> <223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> Message-ID: <223f97700806181404w48e9b8a4rab596f5fe03bbf92@mail.gmail.com> 2008/6/18 Meurlin Robert : > root 3432 0.0 0.8 66852 35056 ? Ss 15:09 0:00 MailScanner: master waiting for children, sleeping > > root 3433 100 1.4 94092 57864 ? R 15:09 2:36 MailScanner: starting children > > If I start MailScanner with sendmail , it will just hang as seen. Can it be something with clam? > > MailScanner --lint configtest doesn't give anything. Iam running this on Suse Enterprise 64 bit and it was installed trough rpm packages. Ah. Now I get it:-). When you say it doesn't give anything... Do you mean "no information about any error" or "no output at all"? > Is there any command to start mailscanner med n?got trace option? Swenglish.... Glad to see it:-):-). Try MailScanner --debug --debug-sa and we'll go from there. > Robert > (trimming especially for friend Scott... Snippety-snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rick at duvals.ca Wed Jun 18 22:29:20 2008 From: rick at duvals.ca (Rick Duval) Date: Wed Jun 18 22:29:31 2008 Subject: Where are logs written? Message-ID: <4baa40ce0806181429t60ca7719j48d397ef2b15d637@mail.gmail.com> I'm using MailScanner and MailWatch and I'm trying to find out where the logs are written to the MySQL database. Can anybody point me to the right module? Also, is it a native function of MailScanner or a MailWatch "addon" to write to the MySQL database? Thanks' Rick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/78218ffb/attachment.html From rick at duvals.ca Wed Jun 18 22:34:59 2008 From: rick at duvals.ca (Rick Duval) Date: Wed Jun 18 22:35:08 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> References: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: <4baa40ce0806181434n2c971cdcnb0a7ccfb27a41b8a@mail.gmail.com> 99% of the emails you receive are NOT spam? Holy crap? I wish my servers were on your planet ;^) On Wed, Jun 18, 2008 at 9:56 AM, Charlie wrote: > Thanks for all the replies. In response to some of them: > > - we have now installed nscd, so output is now: > # /etc/init.d/nscd status > Status of Name Service Cache Daemon service: running > > - we have added 2 more MS children > - we'll look into adding more RAM > > 2-5 seconds per batch is pretty fast. Anything under 1 minute is >> acceptable IMHO. >> Why the concern about scan times?? Email isn't IM :-). Seriously why the >> concern about scan times? >> > > The concern is that I am eventually looking to have over 10,000 users, so > will be receiving, and then sending, multiple emails per second. > Even now, with only 1,500 users, people have started reporting "Too many > concurrent SMTP connections; Please try again later" > They only started seeing this message after I turned on SpamAssassin. I am > thinking that perhaps, as 99% of the emails we receive are not spam, that > scanning for spam may be an unnecessary luxury, once email volumes reach a > certain level. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message has been scanned for > viruses and dangerous content by Accurate Anti-Spam Technologies > and is believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment.html From james at gray.net.au Thu Jun 19 00:53:05 2008 From: james at gray.net.au (James Gray) Date: Thu Jun 19 00:53:25 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> References: <45a601c8d14b$27cb81e0$0300a8c0@CharlieCompaq> Message-ID: On 18/06/2008, at 11:56 PM, Charlie wrote: > The concern is that I am eventually looking to have over 10,000 > users, so will be receiving, and then sending, multiple emails per > second. > Even now, with only 1,500 users, people have started reporting "Too > many concurrent SMTP connections; Please try again later" I manage a mail cluster for an ISP that has about 100,000 subscribers online at any given time. I'd hazard a guess that close to all of those subscribers have a mail client running the whole time. We have implemented an exim set up that allows 3 concurrent connections from the subscriber IP pools, 5 from from other IP's and a maximum number of simultaneous SMTP sessions of 1000 per server. This is on each server in the cluster (4 servers in total) and we only ever see the maximum concurrent per IP rules being hit, never the maximum total. As you didn't mention which MTA you're using, I can't give config examples, but make sure you pay close attention to the default max-per- IP and max-total SMTP session limits. If these are still the defaults, they are probably far too restrictive for a multi-thousand user mail hub. Also, if you're not already, put some thought into connection mitigation techniques such as RBL's, grey listing, etc. These will have a dramatic effect on external sites chewing up all your SMTP connections. Also if your users are the sort of people who sit there smashing the "send and receive" button in their mail client, you may also want to think about rate-limiting connections from any single IP...be careful if you implement this, you can DoS your users if it isn't done right!! HTH, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/3047000e/smime.bin From mi6 at orcon.net.nz Thu Jun 19 01:40:50 2008 From: mi6 at orcon.net.nz (Charlie) Date: Thu Jun 19 01:41:00 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? Message-ID: <491b01c8d1a5$1fa51260$0300a8c0@CharlieCompaq> >> The concern is that I am eventually looking to have over 10,000 >> users, so will be receiving, and then sending, multiple emails per >> second. >> Even now, with only 1,500 users, people have started reporting "Too > many concurrent SMTP connections; Please try again later" >I manage a mail cluster for an ISP that has about 100,000 subscribers >online at any given time. I'd hazard a guess that close to all of >those subscribers have a mail client running the whole time. We have >implemented an exim set up that allows 3 concurrent connections from >the subscriber IP pools, 5 from from other IP's and a maximum number >of simultaneous SMTP sessions of 1000 per server. This is on each >server in the cluster (4 servers in total) and we only ever see the >maximum concurrent per IP rules being hit, never the maximum total. >As you didn't mention which MTA you're using, I can't give config >examples, but make sure you pay close attention to the default max-per- >IP and max-total SMTP session limits. If these are still the >defaults, they are probably far too restrictive for a multi-thousand >user mail hub. Also, if you're not already, put some thought into >connection mitigation techniques such as RBL's, grey listing, etc. >These will have a dramatic effect on external sites chewing up all >your SMTP connections. Also if your users are the sort of people who >sit there smashing the "send and receive" button in their mail client, >you may also want to think about rate-limiting connections from any >single IP...be careful if you implement this, you can DoS your users >if it isn't done right!! Thank you James - this will be very helpful I suspect. We also are using Exim as the MTA, so any specific config advice for Exim would also be greatly appreciated :) BTW we are using one server (Pentium 4, 2.4GHz, 1GB RAM), currently have 1500 active paid users, and am expecting up to 10,000-15,000 active paid users in the future (say, 1 or 2 years from now). From butler at globeserver.com Thu Jun 19 02:27:17 2008 From: butler at globeserver.com (Philip Butler) Date: Thu Jun 19 02:29:03 2008 Subject: Spam attack.... Message-ID: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Hi all, This may have been discussed here before, but I am going to throw it out again... I have set up a few "mailbag" machines for some of my customers to grab their incoming email and process it for spam. This then goes into POP mailboxes and their mail servers then grab the mail. The intent is that it be a black-hole for spam and takes some of the load off of their systems. A while back, I determined that most spam (for these customers anyway) was being marked with a spamscore of about 20, so I set the spam threshold on these mailbag machines to be 15. These machines run MailScanner (of course), SpamAssassin, and Razor. Everything works fine and transparently most of the time, but occasionally (i.e. the last few days), email is coming in and clogging the MailScanner incoming queue. I havent' measured, but at times it's around 1 new message per second. At times there may be 10-15 thousand messages waiting to be processed. If left alone, it doesn't seem to correct itself. What I have done is transferred 10k messages or so from the machine that clogs up to another machine and then they get processed quickly. This almost seems to be a DNS-type problem with RBL lookups or something. I have tried to figure out where the messages are coming from, but I don't see a pattern. If most messages were coming from a handful of machines, then I would just put an IP-filter on them and drop any packets from them. Unfortunately, I have not seen any pattern - so I am back to square one. Any ideas as to what I should check, etc. to figure out why these customers are being excessively spam-bombed. This seems to happen maybe once every month or two - then it goes away. Phil From submit at zuka.net Thu Jun 19 06:55:46 2008 From: submit at zuka.net (Dave Filchak) Date: Thu Jun 19 06:56:05 2008 Subject: sa-learn --force-expire errors Message-ID: <4859F4E2.20903@zuka.net> Hello all, I am trying to tune my MailScanner install on my backup mail server. I updates my MailScanner stuff, my clamav and my spamassassin. I then set my expire settings for bayes to 0 in both my MailScanner.conf file, as well as my spam.assassin.conf file. I installed a crontab to run the following: 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn --force-expire;/sbin/service MailScanner start) 2>&1 (Thanks to Denis Beauchemin) I get the following errors when this runs. I assume it might be looking at the wrong config file. Don't see how though. Any ideas anyone? config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. more of the same here. Dave From submit at zuka.net Thu Jun 19 07:10:21 2008 From: submit at zuka.net (Dave Filchak) Date: Thu Jun 19 07:10:41 2008 Subject: sa-learn --force-expire errors Message-ID: <4859F84D.9060002@zuka.net> I am trying ti tune up my backup MX and so, have updated MailScanner, updated ClamAV as well as SpamAssassin. I have also tweaked the expire bayes.toks process by turning this off in both MailScanner.conf and spam.assassin.conf and added the following to root crontab: 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn --force-expire;/sbin/service MailScanner start) 2>&1 However, when this runs, I get the following errors, which I am guessing is due to my last upgrade. Can someone give me some direction here? Dave config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. and many more after this. My config:: his is MailScanner version 4.70.6 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML From ssilva at sgvwater.com Thu Jun 19 07:12:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 19 07:13:18 2008 Subject: Spam attack.... In-Reply-To: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: on 6-18-2008 6:27 PM Philip Butler spake the following: > Hi all, > > This may have been discussed here before, but I am going to throw it out > again... > > I have set up a few "mailbag" machines for some of my customers to grab > their incoming email and process it for spam. This then goes into POP > mailboxes and their mail servers then grab the mail. The intent is that > it be a black-hole for spam and takes some of the load off of their > systems. A while back, I determined that most spam (for these customers > anyway) was being marked with a spamscore of about 20, so I set the spam > threshold on these mailbag machines to be 15. > > These machines run MailScanner (of course), SpamAssassin, and Razor. > > Everything works fine and transparently most of the time, but > occasionally (i.e. the last few days), email is coming in and clogging > the MailScanner incoming queue. I havent' measured, but at times it's > around 1 new message per second. At times there may be 10-15 thousand > messages waiting to be processed. If left alone, it doesn't seem to > correct itself. What I have done is transferred 10k messages or so from > the machine that clogs up to another machine and then they get processed > quickly. This almost seems to be a DNS-type problem with RBL lookups or > something. > > I have tried to figure out where the messages are coming from, but I > don't see a pattern. If most messages were coming from a handful of > machines, then I would just put an IP-filter on them and drop any > packets from them. Unfortunately, I have not seen any pattern - so I am > back to square one. > > Any ideas as to what I should check, etc. to figure out why these > customers are being excessively spam-bombed. This seems to happen maybe > once every month or two - then it goes away. > > Phil > Have you tried anything like connection rate throttling? It is probably a large chain of spambots, and their IP's change fairly frequently. Limiting how many connections that can come from one IP should help some. You can try to collect addresses and blackhole them, but they will probably stop shortly as they go on to their next target. If you are using sendmail this page could help; http://www.technoids.org/dossed.html I'm sure there are similar features in Exim or Postfix, but I haven't come over to the "dark side" yet so I don't know their secret incantations. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/02384af7/signature.bin From simon at vum.co.za Thu Jun 19 08:00:29 2008 From: simon at vum.co.za (VUM) Date: Thu Jun 19 08:01:05 2008 Subject: Qmail install References: <001001c8c08a$fbc1efb0$0400a8c0@Simonc> <12dfdf1f534ec423b6a82842e5285137@localhost> Message-ID: <017a01c8d1da$28ebd900$0400a8c0@Simonc> Hi Philippe, Do you know of any good websites that will direct us through this process. Thanks Simon ----- Original Message ----- From: Philippe BEAU To: MailScanner discussion Sent: Wednesday, May 28, 2008 10:18 AM Subject: Re: Qmail install Hi Simon, Yes for sure but in backend :) (postfix+mailscanner in front) Regards Philippe, On Wed, 28 May 2008 08:20:54 +0200, "VUM" wrote: Hi, Does anyone have a working qmail MTA that is working with Mailscanner. Please advise. Simon ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/607b354a/attachment.html From martinh at solidstatelogic.com Thu Jun 19 08:59:12 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 19 08:59:26 2008 Subject: Upgrade of MailScanner In-Reply-To: <48593E8A.7040205@ecs.soton.ac.uk> Message-ID: <002fb374121c5c4fb633c56b19468d44@solidstatelogic.com> Jules OK - this is basically the script I run...will prob be tomorrow before I can get this onto the wiki as I'm snowed under with "the day job" today. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 18 June 2008 17:58 > To: MailScanner discussion > Subject: Re: Upgrade of MailScanner > > Can you put that somewhere prominent in the wiki please? > > How about we try to script some of this and I provide it in > the distribution? > > Martin.Hepworth wrote: > > Slight variation.. > > > > 1. login to the mailscanner computer and download the > latest version > > of the software > > > > 2 .extract the archive with tar zxf > > MailScanner-install-.tar.gz > > > > 3 cd to the directory extracted and su to root > > > > 4 run the installer which will put the files onto > > /opt/MailScanner- an d install ant perl modules > requires with > > ./install.sh > > > > 5 cd to the newly created directory in /opt and copy the > rule files etc over from the running system: > > > > 6 cd /opt/MailScanner- > > > > 7 cd ../lib/MailScanner/CustomFunctions > > > > 8 cp /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm . > > > > 9 cd ../../../etc/rules > > > > 10 cp /opt/MailScanner/etc/rules/*.rules . > > > > 11 cd ../reports/en > > > > 12 cp /opt/MailScanner/etc/reports/en/inline.sig.* . > > > > 13 cd ../../ > > > > 14 cp /opt/MailScanner/etc/spam.assassin.prefs.conf . > > > > 15 finally merge in the existing settings file with the new > one using the following: > > > > 16 ../bin/upgrade_MailScanner_conf > > /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > > > MailScanner.new > > > > 17 mv MailScanner.conf MailScanner.old > > > > 18 mv MailScanner.new MailScanner.conf > > > > The last stage is to run the new version rather than the old: > > > > 19 cd /opt > > > > 20 /usr/local/etc/rc.d/MailScanner.sh stop (or whatever you use to > > stop) > > > > 21 rm MailScanner > > > > 22 ln -s MailScanner- MailScanner > > > > 23 /usr/local/etc/rc.d/MailScanner.sh start > > > > > > Steps 19-23 are the only time when you need to stop MS, therefore > > downtime is pretty minimal > > > > Backout if things go wrong is easy - redo 19-23 using the > oldversion of MS rather than new version. > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Craig Retief > >> Sent: 18 June 2008 11:07 > >> To: MailScanner discussion > >> Subject: Re: Upgrade of MailScanner > >> > >> > >> > >> On Wed, 2008-06-18 at 11:02 +0200, Velda Midanovic wrote: > >> > >> I have a following combination : RH4, MailScanner > 4.58.9, ClamAV, > >> SmapAssassin, all working very well together. > >> > >> The problem is that I get quite some backscatter on some of my > >> users, and since watermarking may solve at least some of > my problems, > >> I plant to use it. > >> > >> Alas!!! > >> > >> My version of MailScanner does not support watermarking.... > >> > >> So I should upgrade. BUT I installed all from TAR > packages. So how > >> do I do it? > >> > >> > >> > >> What I usually do is the following after downloading the > tarball to > >> your server: > >> > >> 1. disable the check_mailscanner command in crontab with # > >> 2. move the softlink in /opt like this : > >> [root@host]# mv /opt/MailScanner /opt/MailScanner_4.58.9 > >> 3. unpack Jules's TAR package > >> 4. Run the install.sh script > >> 5. change directory to /opt/MailScanner/etc and run the > >> following command: > >> [root@host]# ../bin/upgrade_MailScanner_conf > >> /opt/MailScanner_4.58.9/etc/MailScanner.conf > >> /opt/MailScanner/etc/MailScanner.conf > MailScanner.new > >> [root@host]# vi MailScanner.new (here I check that all the > >> settings are still correct and see what new toys Jules > added to the > >> mix) > >> [root@host]# mv MailScanner.conf MailScanner.old > >> [root@host]# mv MailScanner.new MailScanner.conf > >> 6. change directory to reports/en and run the following command: > >> [root@host]# ../../../bin/upgrade_languages_conf > >> /opt/MailScanner_4.58.9/etc/reports/en/languages.conf > >> /opt/MailScanner/etc/reports/en/languages.conf > languages.new > >> [root@host]# mv languages.conf languages.old > >> [root@host]# mv languages.new languages.conf > >> [root@host]# cp > >> /opt/MailScanner_4.58.9/etc/reports/en/*.txt . (note the dot) > >> [root@host]# ?cp > >> /opt/MailScanner_4.58.9/etc/reports/en/*.html . (note the > >> dot) 7. If using MailWatch, copy the SQLBlackWhiteList.pm and > >> MailWatch.pm files to the new install like this: > >> [root@host]# cd > >> /opt/MailScanner/lib/MailScanner/CustomFunctions/ > >> [root@host]# cp > >> /opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?SQLBl > >> ackWhiteList.pm > >> ?/opt/MailScanner_4.58.9/lib/MailScanner/CustomFunctions/?Mail > >> Watch.pm . (note the dot) > >> 8. That shoudl be about all, then you can run the follwing > >> command and monitor the log file for any errors: > >> [root@host]# /opt/MailScanner/bin/check_mailscanner; tail -f > >> /var/log/maillog 9. Re-enable the cronjob if all went well > >> > >> > >> If I missed a step someone might like to point it out. > >> > >> Cheers > >> > >> Craig > >> > >> > >> > >> > >> Here is my output of #MailScanner ?v : > >> > >> This is MailScanner version 4.58.9 > >> > >> Module versions are: > >> > >> 1.00 AnyDBM_File > >> > >> 1.16 Archive::Zip > >> > >> 1.03 Carp > >> > >> 1.119 Convert::BinHex > >> > >> 1.00 DirHandle > >> > >> 1.05 Fcntl > >> > >> 2.73 File::Basename > >> > >> 2.08 File::Copy > >> > >> 2.01 FileHandle > >> > >> 1.06 File::Path > >> > >> 0.14 File::Temp > >> > >> 0.90 Filesys::Df > >> > >> 1.35 HTML::Entities > >> > >> 3.54 HTML::Parser > >> > >> 2.37 HTML::TokeParser > >> > >> 1.21 IO > >> > >> 1.10 IO::File > >> > >> 1.123 IO::Pipe > >> > >> 1.71 Mail::Header > >> > >> 3.05 MIME::Base64 > >> > >> 5.420 MIME::Decoder > >> > >> 5.420 MIME::Decoder::UU > >> > >> 5.420 MIME::Head > >> > >> 5.420 MIME::Parser > >> > >> 3.03 MIME::QuotedPrint > >> > >> 5.420 MIME::Tools > >> > >> 0.10 Net::CIDR > >> > >> 1.08 POSIX > >> > >> 1.77 Socket > >> > >> 1.4 Sys::Hostname::Long > >> > >> 0.18 Sys::Syslog > >> > >> 1.86 Time::HiRes > >> > >> 1.02 Time::localtime > >> > >> > >> > >> Optional module versions are: > >> > >> 0.17 Convert::TNEF > >> > >> 1.814 DB_File > >> > >> 1.12 DBD::SQLite > >> > >> 1.50 DBI > >> > >> 1.15 Digest > >> > >> 1.01 Digest::HMAC > >> > >> 2.36 Digest::MD5 > >> > >> 2.10 Digest::SHA1 > >> > >> 0.44 Inline > >> > >> missing Mail::ClamAV > >> > >> 3.001008 Mail::SpamAssassin > >> > >> 1.999001 Mail::SPF::Query > >> > >> 0.20 Net::CIDR::Lite > >> > >> 1.24 Net::IP > >> > >> 0.57 Net::DNS > >> > >> 0.31 Net::LDAP > >> > >> 1.94 Parse::RecDescent > >> > >> missing SAVI > >> > >> 2.56 Test::Harness > >> > >> 0.47 Test::Simple > >> > >> 1.95 Text::Balanced > >> > >> 1.35 URI > >> > >> > >> > >> Pllease help. > >> > >> Velda > >> > >> > >> > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner > >> , and is > >> believed to be clean. > >> > >> > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 1RU, United Kingdom > > > ********************************************************************** > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Thu Jun 19 09:01:29 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 19 09:01:39 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <491b01c8d1a5$1fa51260$0300a8c0@CharlieCompaq> Message-ID: <9d0ec84506d6734bb3714ada8eb56e10@solidstatelogic.com> Charlie Reject non-valid email recipients on the incoming MTA. If you're growing at that rate I suggest you get a couple of machines to round robin DNS load share the mailscanner job, then if one goes pop the other will be to carry on. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Charlie > Sent: 19 June 2008 01:41 > To: MailScanner discussion > Subject: Spamassassin is slow - any tips or good commercial > alternative? > > > >> The concern is that I am eventually looking to have over 10,000 > >> users, so will be receiving, and then sending, multiple emails per > >> second. > >> Even now, with only 1,500 users, people have started reporting "Too > > many concurrent SMTP connections; Please try again later" > > >I manage a mail cluster for an ISP that has about 100,000 > subscribers > >online at any given time. I'd hazard a guess that close to all of > >those subscribers have a mail client running the whole time. > We have > >implemented an exim set up that allows 3 concurrent connections from > >the subscriber IP pools, 5 from from other IP's and a > maximum number of > >simultaneous SMTP sessions of 1000 per server. This is on > each server > >in the cluster (4 servers in total) and we only ever see the maximum > >concurrent per IP rules being hit, never the maximum total. > > >As you didn't mention which MTA you're using, I can't give config > >examples, but make sure you pay close attention to the > default max-per- > >IP and max-total SMTP session limits. If these are still > the defaults, > >they are probably far too restrictive for a multi-thousand user mail > >hub. Also, if you're not already, put some thought into connection > >mitigation techniques such as RBL's, grey listing, etc. > >These will have a dramatic effect on external sites chewing > up all your > >SMTP connections. Also if your users are the sort of people who sit > >there smashing the "send and receive" button in their mail > client, you > >may also want to think about rate-limiting connections from > any single > >IP...be careful if you implement this, you can DoS your users if it > >isn't done right!! > > Thank you James - this will be very helpful I suspect. > We also are using Exim as the MTA, so any specific config > advice for Exim would also be greatly appreciated :) BTW we > are using one server (Pentium 4, 2.4GHz, 1GB RAM), currently > have 1500 active paid users, and am expecting up to > 10,000-15,000 active paid users in the future (say, > 1 or 2 years from now). > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Thu Jun 19 09:10:48 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 19 09:11:00 2008 Subject: Upgrade of MailScanner In-Reply-To: <20080618203343.GB7293@cgi.jachomes.com> Message-ID: <85590bfcf4f17c4383564ea62d82ab4b@solidstatelogic.com> Jay Go for it - I'm stupid busy today and maybe tomorrow. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jay R. Ashworth > Sent: 18 June 2008 21:34 > To: MailScanner discussion > Subject: Re: Upgrade of MailScanner > > On Wed, Jun 18, 2008 at 05:57:46PM +0100, Julian Field wrote: > > Can you put that somewhere prominent in the wiki please? > > > > How about we try to script some of this and I provide it in the > > distribution? > > If he doesn't, I will. Do I need any special approval to > sign up that I should deal with now, even though I'm > unreasonably busy? :-) > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > jra@baylink.com > Designer The Things I Think > RFC 2100 > Ashworth & Associates http://baylink.pitas.com > '87 e24 > St Petersburg FL USA http://photo.imageinc.us > +1 727 647 1274 > > Those who cast the vote decide nothing. > Those who count the vote decide everything. > -- (Joseph Stalin) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From J.Ede at birchenallhowden.co.uk Thu Jun 19 09:12:36 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Jun 19 09:16:12 2008 Subject: speed of bayes (mysql) Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B045E4@server02.bhl.local> I've bayes running in mysql and after upgrading I ran it in debug mode to see what the times were like... Generally it was fine apart from the bayes check which took ages! (batch size was 10 messages) 08:52:10 [7768] dbg: bayes: database connection established 08:52:10 [7768] dbg: bayes: found bayes db version 3 08:52:10 [7768] dbg: bayes: Using userid: 5 08:53:56 [7768] dbg: bayes: seen (c21a23d9453de70a43644e737a49e81c47640d54@sa_generated) put 08:53:56 [7768] dbg: bayes: learned 'c21a23d9453de70a43644e737a49e81c47640d54@sa_generated', atime: 1213858923 08:53:56 [7768] dbg: learn: initializing learner 08:53:56 [7768] dbg: check: is spam? score=-3.598 required=5 08:53:56 [7768] dbg: check: tests=BAYES_00,HTML_MESSAGE,RCVD_IN_DNSWL_LOW Any ideas on things I can check/investigate to speed this up? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/2422c67d/attachment.html From MailScanner at ecs.soton.ac.uk Thu Jun 19 09:32:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 19 09:32:39 2008 Subject: Where are logs written? In-Reply-To: References: Message-ID: <485A1996.10107@ecs.soton.ac.uk> Rick Duval wrote: > I'm using MailScanner and MailWatch and I'm trying to find out where > the logs are written to the MySQL database. Can anybody point me to > the right module? It's in MailWatch somewhere. > > Also, is it a native function of MailScanner or a MailWatch "addon" > to write to the MySQL database? It's a MailWatch addon. MailScanner logs using syslog. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Jun 19 10:05:39 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 19 10:06:00 2008 Subject: Spam attack.... In-Reply-To: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0406C805@HC-MBX02.herefordshire.gov.uk> It's time to start using RBLs on your MTA. cbl.abuseat.org & bl.spamcop.net spring to mind as reliable ones, or, if you have the money and don't mind a bit of config, subscribe to SpamHaus's blacklists and use zen.spamhaus.org on your MTA. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Philip Butler Sent: 19 June 2008 02:27 To: MailScanner discussion Subject: Spam attack.... Hi all, This may have been discussed here before, but I am going to throw it out again... I have set up a few "mailbag" machines for some of my customers to grab their incoming email and process it for spam. This then goes into POP mailboxes and their mail servers then grab the mail. The intent is that it be a black-hole for spam and takes some of the load off of their systems. A while back, I determined that most spam (for these customers anyway) was being marked with a spamscore of about 20, so I set the spam threshold on these mailbag machines to be 15. These machines run MailScanner (of course), SpamAssassin, and Razor. Everything works fine and transparently most of the time, but occasionally (i.e. the last few days), email is coming in and clogging the MailScanner incoming queue. I havent' measured, but at times it's around 1 new message per second. At times there may be 10-15 thousand messages waiting to be processed. If left alone, it doesn't seem to correct itself. What I have done is transferred 10k messages or so from the machine that clogs up to another machine and then they get processed quickly. This almost seems to be a DNS-type problem with RBL lookups or something. I have tried to figure out where the messages are coming from, but I don't see a pattern. If most messages were coming from a handful of machines, then I would just put an IP-filter on them and drop any packets from them. Unfortunately, I have not seen any pattern - so I am back to square one. Any ideas as to what I should check, etc. to figure out why these customers are being excessively spam-bombed. This seems to happen maybe once every month or two - then it goes away. Phil -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From telecaadmin at gmail.com Thu Jun 19 10:40:13 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jun 19 10:42:49 2008 Subject: Spam attack.... In-Reply-To: References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: <485A297D.7070307@gmail.com> > Have you tried anything like connection rate throttling? [...] > I'm sure there are similar features in Exim or Postfix, but I haven't > come over to the "dark side" yet so I don't know their secret incantations. > Just a quick chime in - postfixy is this: # 30 times per 60 seconds smtpd_client_connection_rate_limit = 30 client_connection_rate_time_unit = 60s But that may not the only problem solution; give us some time to think. Cheers, Ronny From peter at farrows.org Thu Jun 19 11:10:02 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Jun 19 11:10:41 2008 Subject: Spam attack.... In-Reply-To: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: <485A307A.7000309@farrows.org> Philip Butler wrote: > Hi all, > > This may have been discussed here before, but I am going to throw it > out again... > > I have set up a few "mailbag" machines for some of my customers to > grab their incoming email and process it for spam. This then goes > into POP mailboxes and their mail servers then grab the mail. The > intent is that it be a black-hole for spam and takes some of the load > off of their systems. A while back, I determined that most spam (for > these customers anyway) was being marked with a spamscore of about 20, > so I set the spam threshold on these mailbag machines to be 15. > > These machines run MailScanner (of course), SpamAssassin, and Razor. > > Everything works fine and transparently most of the time, but > occasionally (i.e. the last few days), email is coming in and clogging > the MailScanner incoming queue. I havent' measured, but at times it's > around 1 new message per second. At times there may be 10-15 thousand > messages waiting to be processed. If left alone, it doesn't seem to > correct itself. What I have done is transferred 10k messages or so > from the machine that clogs up to another machine and then they get > processed quickly. This almost seems to be a DNS-type problem with > RBL lookups or something. > > I have tried to figure out where the messages are coming from, but I > don't see a pattern. If most messages were coming from a handful of > machines, then I would just put an IP-filter on them and drop any > packets from them. Unfortunately, I have not seen any pattern - so I > am back to square one. > > Any ideas as to what I should check, etc. to figure out why these > customers are being excessively spam-bombed. This seems to happen > maybe once every month or two - then it goes away. > > Phil > If you are using a Linux box, you can simply use iptables to limit-burst and connection rate limit at the firewall end on a per-ip basis.... P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [1]. http://www.inexcom.co.uk From Denis.Beauchemin at USherbrooke.ca Thu Jun 19 13:24:53 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 19 14:50:20 2008 Subject: sa-learn --force-expire errors In-Reply-To: <4859F84D.9060002@zuka.net> References: <4859F84D.9060002@zuka.net> Message-ID: <485A5015.9060709@USherbrooke.ca> Dave Filchak a ?crit : > I am trying ti tune up my backup MX and so, have updated MailScanner, > updated ClamAV as well as SpamAssassin. I have also tweaked the expire > bayes.toks process by turning this off in both MailScanner.conf and > spam.assassin.conf and added the following to root crontab: > > 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn > --force-expire;/sbin/service MailScanner start) 2>&1 > > However, when this runs, I get the following errors, which I am > guessing is due to my last upgrade. Can someone give me some direction > here? > > Dave > > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > > > and many more after this. > > My config:: > > his is MailScanner version 4.70.6 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > Dave, You seem to have a mismatch in your SA files... What does "/usr/bin/sa-learn -V" return? How about "/usr/bin/spamassassin --lint"? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From rick at duvals.ca Thu Jun 19 16:40:56 2008 From: rick at duvals.ca (Rick Duval) Date: Thu Jun 19 16:41:05 2008 Subject: Where are logs written? In-Reply-To: <485A1996.10107@ecs.soton.ac.uk> References: <485A1996.10107@ecs.soton.ac.uk> Message-ID: <4baa40ce0806190840r34684769r44eefa441257eb8c@mail.gmail.com> Thanks Jules, I actually found it in the MailWatch.pm in customfuncitons dir Rick On Thu, Jun 19, 2008 at 4:32 AM, Julian Field wrote: > > > Rick Duval wrote: > >> I'm using MailScanner and MailWatch and I'm trying to find out where the >> logs are written to the MySQL database. Can anybody point me to the right >> module? >> > It's in MailWatch somewhere. > >> >> Also, is it a native function of MailScanner or a MailWatch "addon" to >> write to the MySQL database? >> > It's a MailWatch addon. MailScanner logs using syslog. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message has been scanned for > viruses and dangerous content by Accurate Anti-Spam Technologies > and is believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/fcfedb2b/attachment.html From philippe at beau.nom.fr Thu Jun 19 21:42:52 2008 From: philippe at beau.nom.fr (Philippe BEAU) Date: Thu Jun 19 21:43:08 2008 Subject: Qmail install In-Reply-To: <017a01c8d1da$28ebd900$0400a8c0@Simonc> References: <001001c8c08a$fbc1efb0$0400a8c0@Simonc> <12dfdf1f534ec423b6a82842e5285137@localhost> <017a01c8d1da$28ebd900$0400a8c0@Simonc> Message-ID: <82be1f409579297a9e525597b5107db0@localhost> Hi Simon, No, the only website i use is my head and hand. So i can help you about this installation in private for confidentiality Regards Philippe, On Thu, 19 Jun 2008 09:00:29 +0200, "VUM" wrote: ? Hi Philippe, Do you know of any good websites that will direct us through this process. Thanks Simon ----- Original Message ----- From: Philippe BEAU [1] To: MailScanner discussion [2] Sent: Wednesday, May 28, 2008 10:18 AM Subject: Re: Qmail install Hi Simon, Yes for sure but in backend :) (postfix+mailscanner in front) Regards Philippe, On Wed, 28 May 2008 08:20:54 +0200, "VUM" wrote: Hi, Does anyone have a working qmail MTA that is working with Mailscanner. Please advise. Simon ------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info [2] http://lists.mailscanner.info/mailman/listinfo/mailscanner [3] Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Links: ------ [1] mailto:philippe@beau.nom.fr [2] mailto:mailscanner@lists.mailscanner.info [3] http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/8f11b0b4/attachment.html From tdeering at comcast.net Fri Jun 20 04:20:07 2008 From: tdeering at comcast.net (Todd Deering) Date: Fri Jun 20 04:20:13 2008 Subject: unsubscribe Message-ID: "Neque porro quisquam est qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit..." "There is no one who loves pain itself, who seeks after it and wants to have it, simply because it is pain..." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080619/254331b9/attachment.html From mgarcia at nettix.com.pe Fri Jun 20 06:01:41 2008 From: mgarcia at nettix.com.pe (Martin Garcia) Date: Fri Jun 20 06:01:47 2008 Subject: Spamassassin is slow - any tips or good commercial, alternative? In-Reply-To: <200806191101.m5JB0Kuv010917@safir.blacknight.ie> References: <200806191101.m5JB0Kuv010917@safir.blacknight.ie> Message-ID: <485B39B5.20005@nettix.com.pe> Hey there, I believe receiving 99% of legitimate emails is good, I dont think is a MailScanner topic, since I believe you can improve your email gateway (which I presume you have) using RBLs, SPF, greylisting etc. which will drop down the use of resources (SA), and even would improve your antispam techniques. http://wiki.mailscanner.info/doku.php?id=maq:index <--- this really helped me, so I recommend you to read it. Regards -- Cualquier duda o consulta estoy a su disposicion. Atentamente / Sincerely MARTIN GARCIA Consultor Linux y redes Nettix Peru EIRL telf: +(511)9-9735-4848 mailto:mgarcia@nettix.com.pe > Message: 2 > Date: Wed, 18 Jun 2008 17:34:59 -0400 > From: "Rick Duval" > Subject: Re: Spamassassin is slow - any tips or good commercial > alternative? > To: "MailScanner discussion" > Message-ID: > <4baa40ce0806181434n2c971cdcnb0a7ccfb27a41b8a@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > 99% of the emails you receive are NOT spam? Holy crap? I wish my servers > were on your planet ;^) > > > > On Wed, Jun 18, 2008 at 9:56 AM, Charlie wrote: > > >> Thanks for all the replies. In response to some of them: >> >> - we have now installed nscd, so output is now: >> # /etc/init.d/nscd status >> Status of Name Service Cache Daemon service: running >> >> - we have added 2 more MS children >> - we'll look into adding more RAM >> >> 2-5 seconds per batch is pretty fast. Anything under 1 minute is >> >>> acceptable IMHO. >>> Why the concern about scan times?? Email isn't IM :-). Seriously why the >>> concern about scan times? >>> >>> >> The concern is that I am eventually looking to have over 10,000 users, so >> will be receiving, and then sending, multiple emails per second. >> Even now, with only 1,500 users, people have started reporting "Too many >> concurrent SMTP connections; Please try again later" >> They only started seeing this message after I turned on SpamAssassin. I am >> thinking that perhaps, as 99% of the emails we receive are not spam, that >> scanning for spam may be an unnecessary luxury, once email volumes reach a >> certain level. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> This message has been scanned for >> viruses and dangerous content by Accurate Anti-Spam Technologies >> and is believed to be clean. >> >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html > > ------------------------------ > > "dark side" yet so I don't know their secret incantations. > > -- Este mensaje ha sido analizado por Nettix Peru - MailScanner en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. Para soluciones Antispam/Antivirus visite http://www.nettix.com.pe From mailwatch.kp at gmail.com Fri Jun 20 06:38:00 2008 From: mailwatch.kp at gmail.com (vinayan KP) Date: Fri Jun 20 06:38:11 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> Message-ID: <6a7195cc0806192238m7c823b85p281516020b968dbc@mail.gmail.com> Sir, When I built the server, I had only SUSE 10.2 and SUSE 10.3 was just out I think. Our old server had a motherboard failure and could not find a replacement quickly. So had to buy a new server and get the server ready in a day. I wish you will be kind enough to help me fix my problem. As I told you for SA score > Required SpamAssassin Score (= 3) it works. see the 3 sample headers below: Where X-yoursite-MailScanner ---> is the old mailscanner before mail server (M1) X-econdse-MailScanner ---> is the new postfix server (M2) ========================================================== X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=35.003, required 3, autolearn=spam, BAYES_99 3.50, FORGED_MUA_OUTLOOK 4.06, FORGED_RCVD_HELO 0.14, INVALID_MSGID 2.19, RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) X-yoursite-MailScanner-SpamScore: sssssssssssssssssssssssssssssssssss X-yoursite-MailScanner-From: rosendowithoutholden@greenbuilder.com Subject: {Spam?} Most Popular Watches of All Trademarks X-Spam-Status: Yes, Yes X-econdse-MailScanner-Information: Please contact the ISP for more information X-econdse-MailScanner: Found to be clean X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=11.515, required 3, BAYES_99 3.50, FORGED_MUA_OUTLOOK 4.06, FORGED_RCVD_HELO 0.14, INVALID_MSGID 2.19, URIBL_SBL 1.64) X-econdse-MailScanner-SpamScore: sssssssssss ============================================================= X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=20.545, required 3, autolearn=spam, BAD_ENC_HEADER 3.10, BAYES_99 3.50, FROM_EXCESS_QP 0.00, RCVD_IN_BL_SPAMCOP_NET 4.00, RCVD_IN_SORBS_DUL 2.05, SUBJECT_EXCESS_QP 0.00, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09) X-yoursite-MailScanner-SpamScore: ssssssssssssssssssss X-yoursite-MailScanner-From: tracy-hlahjaks@tombushmazda.dealerspace.com X-Spam-Status: Yes, Yes X-econdse-MailScanner-Information: Please contact the ISP for more information X-econdse-MailScanner: Found to be clean X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.146, required 3, BAD_ENC_HEADER 3.10, BAYES_60 1.00, FROM_EXCESS_QP 0.00, RCVD_IN_SORBS_DUL 2.05, SUBJECT_EXCESS_QP 0.00) X-econdse-MailScanner-SpamScore: ssssss ================================================================= X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=21.744, required 3, BAYES_99 3.50, SUBJECT_DRUG_GAP_P 0.70, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) X-yoursite-MailScanner-SpamScore: sssssssssssssssssssss X-yoursite-MailScanner-From: leonore_fideliaeb@focusers.com X-Spam-Status: Yes, Yes X-econdse-MailScanner-Information: Please contact the ISP for more information X-econdse-MailScanner: Found to be clean X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=20.244, required 3, BAYES_80 2.00, SUBJECT_DRUG_GAP_P 0.70, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) X-econdse-MailScanner-SpamScore: ssssssssssssssssssss ================================================================= Here the mailscanner on new server gets almost equal score in 3rd heardr, less in 2nd header and very less score in 3rd header and check lesser lists. Why this happens? Find below 2 headers for mails which the old mailscanner finds as spam and the new mailscanner finds as clean. ----------------------------------------------------------------------------------------------------------------------------- X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=10.601, required 3, BAYES_50 0.00, HTML_10_20 1.35, HTML_MESSAGE 0.00, PLING_QUERY 0.51, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL 1.64) X-yoursite-MailScanner-SpamScore: ssssssssss X-yoursite-MailScanner-From: surjeet1978@gmail.com X-Spam-Status: Yes, No X-econdse-MailScanner-Information: Please contact the ISP for more information X-econdse-MailScanner: Found to be clean X-econdse-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.678, required 3, BAYES_05 -1.11, HTML_MESSAGE 0.00, INFO_TLD 1.27, PLING_QUERY 0.51) -------------------------------------------------------------------------------------------------------------------------- X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=27.176, required 3, autolearn=spam, BAYES_99 3.50, RCVD_IN_BL_SPAMCOP_NET 4.00, RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) X-yoursite-MailScanner-SpamScore: sssssssssssssssssssssssssss X-yoursite-MailScanner-From: c_rosamaria_iz@honeywell.com X-Spam-Status: Yes, No X-econdse-MailScanner-Information: Please contact the ISP for more information X-econdse-MailScanner: Found to be clean X-econdse-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.298, required 3, BAYES_00 -2.60, RCVD_IN_XBL 3.90) X-econdse-MailScanner-SpamScore: s X-econdse-MailScanner-From: c_rosamaria_iz@honeywell.com ------------------------------------------------------------------------------------------------------------------------------- What should I do so that new mailscanner also gets a high score for the above two mails and get tagged as {Spam?} Regards Vinu On Thu, Jun 19, 2008 at 1:01 AM, Scott Silva wrote: > on 6-18-2008 12:27 AM vinayan KP spake the following: >> >> Sir, >> >> I am trying to fix the problem of mailscanner+spamassassin installed >> on my new postfix server not detecting mails with low SA score as >> spam. But I can see my old mailscanner which receives mails and >> forwards it to new postfix server detects them as spam and tags them >> {Spam?}. I am saying a sorry in advance that I won't be able to try >> your suggestions the same day and respond with results. I will be >> able to do whatever you suggest when I get enough time. >> >> I have been suggested by Mr.Scott to install pyzor, set the bayes file >> path, permission for the beyes files, then do sa-learn etc and I have >> done all of them. Still my new mailscanner+spamassassin dont detect >> low scoring spams which my older mailscanner+spamassassing sytem >> detects. Please see the mails below this, which contains the outputs >> of: >> >> spamassassin -D --ling >> spamassasin --dump magic >> . >> >> Now I am getting >> [15396] dbg: rules: local tests only, ignoring RBL eval >> When I run a >> # spamassassin -D --lint or >> # spamassassin -D --ling < ..messages >> >> I use the following >> >> postfix.2.3.2-28 >> Spamassassin.3.1.6-15 >> MailScanner 4.58.9 on SUSE 10.2 >> >> > Looks like very old versions of spamassassin and mailscanner. Why build a > new server with old software? > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From nils.o.bekken at hiof.no Fri Jun 20 12:20:56 2008 From: nils.o.bekken at hiof.no (Nils Olav Brandstorp Bekken) Date: Fri Jun 20 12:21:05 2008 Subject: MailScanner 4.68.8 and F-Secure 5.54 on Debian Etch In-Reply-To: <200806180734.m5I7XPde011890@safir.blacknight.ie> References: <200806180734.m5I7XPde011890@safir.blacknight.ie> Message-ID: <485B9298.2070209@hiof.no> Hi I've been running MailScanner with F-Secure Antivirus 4.65 on Debian Sarge for some time, and when I upgraded to Etch and installed F-Secure Server Security 5.54 (command line only) I noticed that I needed something newer than the MailScanner version in Etch to support it, so I pulled down the version from Debian testing, but still have some problems. MailScanner and the F-secure 4.65 version has kept the mailboxes here free of viruses, but it seems like F-Secure 4.65 isn't even on the product list with F-Secure anymore and even 5 is EOL May 2009 so I thought it was time to move on instead of getting a nasty suprise one Friday afternoon (when these things usually happen :-( When I try sending an email it finds the virus, but the entire email is still delivered including the virus/Eicar file. I've search most (I think) of web/wiki pages without finding anything about this Any ideas? Thanks in advance Nils O. Bekken maillogs, output from MailScanner --lint follows (Mailscanner in debug mode): MailScanner[7141]: MailScanner E-Mail Virus Scanner version 4.68.8 starting... MailScanner[7141]: Read 817 hostnames from the phishing whitelist MailScanner[7141]: Read 5141 hostnames from the phishing blacklist MailScanner[7141]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp MailScanner[7141]: Using SpamAssassin results cache MailScanner[7141]: Connected to SpamAssassin cache database MailScanner[7141]: Enabling SpamAssassin auto-whitelist functionality... MailScanner[7141]: lock.pl sees Config LockType = posix MailScanner[7141]: lock.pl sees have_module = 0 MailScanner[7141]: Using locktype = posix MailScanner[7141]: New Batch: Scanning 1 messages, 73835 bytes MailScanner[7141]: Created attachment dirs for 1 messages MailScanner[7141]: Spam Checks: Starting MailScanner[7141]: SpamAssassin returned 0 MailScanner[7141]: Virus and Content Scanning: Starting MailScanner[7141]: Commencing scanning by f-secure... MailScanner[7141]: Found F-Secure version 1.12=1.12 MailScanner[7141]: Scan ended at Wed Jun 18 10:02:26 2008 MailScanner[7141]: 3 files scanned MailScanner[7141]: 1 file infected MailScanner[7141]: Completed scanning by f-secure MailScanner[7141]: About to deliver 1 messages MailScanner[7141]: Uninfected: Delivered 1 messages MailScanner[7141]: MailScanner child dying of old age starfury:~# fsav DC1200.JPG_Pictures.com F-Secure Security Platform version 1.12 build 7113 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved. Scan started at Wed Jun 18 10:03:48 2008 Database version: 2008-06-18_03 DC1200.JPG_Pictures.com: Infected: Trojan.Win32.VB.dee [AVP] DC1200.JPG_Pictures.com: Disinfect? (Yes, No, yes to All) .... Scan ended at Wed Jun 18 10:04:01 2008 1 file scanned 1 file infected MailScanner --lint Trying to setlogsock(unix) Read 817 hostnames from the phishing whitelist Read 5141 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (8) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = f-secure" Found these virus scanners installed: f-secure =========================================================================== Virus and Content Scanning: Starting Found F-Secure version 1.12=1.12 Scan ended at Wed Jun 18 11:06:46 2008 2 files scanned 1 file infected =========================================================================== If any of your virus scanners (f-secure) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From Denis.Beauchemin at USherbrooke.ca Fri Jun 20 13:34:09 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 20 13:34:51 2008 Subject: Re Help with spamassassin+mailscanner In-Reply-To: <6a7195cc0806192238m7c823b85p281516020b968dbc@mail.gmail.com> References: <6a7195cc0806152332g378d7afqfe30223d76cf0b17@mail.gmail.com> <6a7195cc0806180027q5e4b9fd5p37d30383217cab72@mail.gmail.com> <6a7195cc0806192238m7c823b85p281516020b968dbc@mail.gmail.com> Message-ID: <485BA3C1.2030604@USherbrooke.ca> vinayan KP a ?crit : > Sir, > When I built the server, I had only SUSE 10.2 and SUSE 10.3 was just > out I think. Our old server had a motherboard failure and could not > find a replacement quickly. So had to buy a new server and get the > server ready in a day. I wish you will be kind enough to help me fix > my problem. > > > As I told you for SA score > Required SpamAssassin Score (= 3) it works. > > > see the 3 sample headers below: > > Where > > X-yoursite-MailScanner ---> is the old mailscanner before mail server (M1) > X-econdse-MailScanner ---> is the new postfix server (M2) > > ========================================================== > X-yoursite-MailScanner-Information: Please contact the ISP for more information > X-yoursite-MailScanner: Found to be clean > X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=35.003, > required 3, autolearn=spam, BAYES_99 3.50, FORGED_MUA_OUTLOOK 4.06, > FORGED_RCVD_HELO 0.14, INVALID_MSGID 2.19, RCVD_IN_SORBS_DUL 2.05, > RCVD_IN_XBL 3.90, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, > URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, > URIBL_WS_SURBL 2.14) > X-yoursite-MailScanner-SpamScore: sssssssssssssssssssssssssssssssssss > X-yoursite-MailScanner-From: rosendowithoutholden@greenbuilder.com > Subject: {Spam?} Most Popular Watches of All Trademarks > X-Spam-Status: Yes, Yes > X-econdse-MailScanner-Information: Please contact the ISP for more information > X-econdse-MailScanner: Found to be clean > X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=11.515, required 3, BAYES_99 3.50, FORGED_MUA_OUTLOOK 4.06, > FORGED_RCVD_HELO 0.14, INVALID_MSGID 2.19, URIBL_SBL 1.64) > X-econdse-MailScanner-SpamScore: sssssssssss > ============================================================= > > X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=20.545, > required 3, autolearn=spam, BAD_ENC_HEADER 3.10, BAYES_99 3.50, > FROM_EXCESS_QP 0.00, RCVD_IN_BL_SPAMCOP_NET 4.00, > RCVD_IN_SORBS_DUL 2.05, SUBJECT_EXCESS_QP 0.00, URIBL_AB_SURBL 3.81, > URIBL_JP_SURBL 4.09) > X-yoursite-MailScanner-SpamScore: ssssssssssssssssssss > X-yoursite-MailScanner-From: tracy-hlahjaks@tombushmazda.dealerspace.com > X-Spam-Status: Yes, Yes > X-econdse-MailScanner-Information: Please contact the ISP for more information > X-econdse-MailScanner: Found to be clean > X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.146, > required 3, BAD_ENC_HEADER 3.10, BAYES_60 1.00, FROM_EXCESS_QP 0.00, > RCVD_IN_SORBS_DUL 2.05, SUBJECT_EXCESS_QP 0.00) > X-econdse-MailScanner-SpamScore: ssssss > > ================================================================= > > X-yoursite-MailScanner-Information: Please contact the ISP for more information > X-yoursite-MailScanner: Found to be clean > X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=21.744, > required 3, BAYES_99 3.50, SUBJECT_DRUG_GAP_P 0.70, > URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, > URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) > X-yoursite-MailScanner-SpamScore: sssssssssssssssssssss > X-yoursite-MailScanner-From: leonore_fideliaeb@focusers.com > X-Spam-Status: Yes, Yes > X-econdse-MailScanner-Information: Please contact the ISP for more information > X-econdse-MailScanner: Found to be clean > X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=20.244, required 3, BAYES_80 2.00, SUBJECT_DRUG_GAP_P 0.70, > URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, > URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) > X-econdse-MailScanner-SpamScore: ssssssssssssssssssss > > ================================================================= > Here the mailscanner on new server gets almost equal score in 3rd > heardr, less in 2nd header and very less score in 3rd header and check > lesser lists. Why this happens? > > > > > > Find below 2 headers for mails which the old mailscanner finds as spam > and the new mailscanner finds as clean. > > ----------------------------------------------------------------------------------------------------------------------------- > X-yoursite-MailScanner-Information: Please contact the ISP for more information > X-yoursite-MailScanner: Found to be clean > X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=10.601, > required 3, BAYES_50 0.00, HTML_10_20 1.35, HTML_MESSAGE 0.00, > PLING_QUERY 0.51, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, > URIBL_SBL 1.64) > X-yoursite-MailScanner-SpamScore: ssssssssss > X-yoursite-MailScanner-From: surjeet1978@gmail.com > X-Spam-Status: Yes, No > X-econdse-MailScanner-Information: Please contact the ISP for more information > X-econdse-MailScanner: Found to be clean > X-econdse-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.678, required 3, BAYES_05 -1.11, HTML_MESSAGE 0.00, > INFO_TLD 1.27, PLING_QUERY 0.51) > > -------------------------------------------------------------------------------------------------------------------------- > X-yoursite-MailScanner-Information: Please contact the ISP for more information > X-yoursite-MailScanner: Found to be clean > X-yoursite-MailScanner-SpamCheck: spam, SpamAssassin (score=27.176, > required 3, autolearn=spam, BAYES_99 3.50, > RCVD_IN_BL_SPAMCOP_NET 4.00, RCVD_IN_SORBS_DUL 2.05, > RCVD_IN_XBL 3.90, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, > URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) > X-yoursite-MailScanner-SpamScore: sssssssssssssssssssssssssss > X-yoursite-MailScanner-From: c_rosamaria_iz@honeywell.com > X-Spam-Status: Yes, No > X-econdse-MailScanner-Information: Please contact the ISP for more information > X-econdse-MailScanner: Found to be clean > X-econdse-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=1.298, required 3, BAYES_00 -2.60, RCVD_IN_XBL 3.90) > X-econdse-MailScanner-SpamScore: s > X-econdse-MailScanner-From: c_rosamaria_iz@honeywell.com > ------------------------------------------------------------------------------------------------------------------------------- > > What should I do so that new mailscanner also gets a high score for > the above two mails and get tagged as {Spam?} > > Regards > Vinu > > Vinu, Go to /etc/mail/spamassassin on your old server and grep URIBL in all files. You will most likely find a .cf file with many URIBL hits (mine is called spamcop_uri.cf). Copy that file to /etc/mail/spamassassin on your new server to score the URIBL* rules that you are looking for. Also on your new server, make sure you have the following lines in any of the *.pre files (from my 3.2.4 files): loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::Bayes loadplugin Mail::SpamAssassin::Plugin::BodyEval loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::MIMEEval loadplugin Mail::SpamAssassin::Plugin::RelayEval loadplugin Mail::SpamAssassin::Plugin::URIEval loadplugin Mail::SpamAssassin::Plugin::WLBLEval Then, reload MailScanner. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From gordon at itnt.co.za Fri Jun 20 14:16:45 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Fri Jun 20 14:17:00 2008 Subject: Sendmail/mailscanner intermittent problem with sendmail accepting messages but not being handed to mailscanner Message-ID: ITNT BannerI have a problem where I am getting mail delivered to our servers (problem is on all 4) and showing up in the log but not being handled by Mailscanner. I only see one line in the log confirming that the mail was accepted by sendmail, but then nothing after that; Anyone have any ideas? Example; sendmail[8388]: m5K9VKpL008388: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114] and sendmail[7246]: m5K9S7tF007246: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114] I should see this; sentinal sendmail[21377]: m5KDF2r7021377: from=, size=2534, class=0, nrcpts=1, msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA, relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged) sendmail[21377]: m5KDF2r7021377: to=, delay=00:00:01, mailer=esmtp, pri=32534, stat=queued MailScanner[13169]: Logging message m5KDF2r7021377 to SQL MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL I have this issue on a number of emails from different senders, this is just 2 of many examples. I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd 0.93 Regards Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn Confidentiality: This e-mail including any attachments is intended for the above named addressee(s) only and contains confidential information. If you have received this email in error you must take no action based on its contents, nor must you reproduce or show the e-mail or any attachments or any part thereof or communicate the contents to anyone; please reply to the sender of this e-mail informing them of the error. Viruses: We recommend that in keeping with good computing practice the recipient should ensure that e-mails received are virus free before opening. From butler at globeserver.com Fri Jun 20 15:47:33 2008 From: butler at globeserver.com (Philip Butler) Date: Fri Jun 20 15:49:42 2008 Subject: Spam attack.... In-Reply-To: References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: Thanks for all of the input so far - I'll try to digest it over the weekend. I would have gotten to it before now, but my 7 year old son broke his leg a few days ago. Life happens...... Phil On Jun 19, 2008, at 2:12 AM, Scott Silva wrote: > on 6-18-2008 6:27 PM Philip Butler spake the following: >> Hi all, >> This may have been discussed here before, but I am going to throw >> it out again... >> I have set up a few "mailbag" machines for some of my customers to >> grab their incoming email and process it for spam. This then goes >> into POP mailboxes and their mail servers then grab the mail. The >> intent is that it be a black-hole for spam and takes some of the >> load off of their systems. A while back, I determined that most >> spam (for these customers anyway) was being marked with a spamscore >> of about 20, so I set the spam threshold on these mailbag machines >> to be 15. >> These machines run MailScanner (of course), SpamAssassin, and Razor. >> Everything works fine and transparently most of the time, but >> occasionally (i.e. the last few days), email is coming in and >> clogging the MailScanner incoming queue. I havent' measured, but >> at times it's around 1 new message per second. At times there may >> be 10-15 thousand messages waiting to be processed. If left alone, >> it doesn't seem to correct itself. What I have done is transferred >> 10k messages or so from the machine that clogs up to another >> machine and then they get processed quickly. This almost seems to >> be a DNS-type problem with RBL lookups or something. >> I have tried to figure out where the messages are coming from, but >> I don't see a pattern. If most messages were coming from a handful >> of machines, then I would just put an IP-filter on them and drop >> any packets from them. Unfortunately, I have not seen any pattern >> - so I am back to square one. >> Any ideas as to what I should check, etc. to figure out why these >> customers are being excessively spam-bombed. This seems to happen >> maybe once every month or two - then it goes away. >> Phil > Have you tried anything like connection rate throttling? > It is probably a large chain of spambots, and their IP's change > fairly frequently. Limiting how many connections that can come from > one IP should help some. You can try to collect addresses and > blackhole them, but they will probably stop shortly as they go on to > their next target. > > If you are using sendmail this page could help; > http://www.technoids.org/dossed.html > I'm sure there are similar features in Exim or Postfix, but I > haven't come over to the "dark side" yet so I don't know their > secret incantations. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Fri Jun 20 19:03:15 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 20 19:03:37 2008 Subject: Sendmail/mailscanner intermittent problem with sendmail accepting messages but not being handed to mailscanner In-Reply-To: References: Message-ID: on 6-20-2008 6:16 AM Gordon Colyn spake the following: > ITNT BannerI have a problem where I am getting mail delivered to our servers > (problem is on all 4) and showing up in the log but not being handled by > Mailscanner. I only see one line in the log confirming that the mail was > accepted by sendmail, but then nothing after that; > > Anyone have any ideas? > > Example; > sendmail[8388]: m5K9VKpL008388: from=, size=0, class=0, > nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114] > and > sendmail[7246]: m5K9S7tF007246: from=, size=0, class=0, > nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114] > > I should see this; > sentinal sendmail[21377]: m5KDF2r7021377: from=, > size=2534, class=0, nrcpts=1, > msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA, > relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged) > sendmail[21377]: m5KDF2r7021377: to=, delay=00:00:01, > mailer=esmtp, pri=32534, stat=queued > MailScanner[13169]: Logging message m5KDF2r7021377 to SQL > MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL > > I have this issue on a number of emails from different senders, this is just > 2 of many examples. > > I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd > 0.93 > > Looks like the sending server is timing out before the data phase. See the entries with size=0. Maybe your dns is too slow, or you have a rbl like zen that has blocked your connections. The default timeout for sendmail is pretty long. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080620/a99cb5e4/signature.bin From lists at designmedia.com Fri Jun 20 20:22:59 2008 From: lists at designmedia.com (Henry Kwan) Date: Fri Jun 20 20:23:16 2008 Subject: Running sa-learn on MS processed emails. Message-ID: Hi, When running sa-learn on MS processed emails, do I need to worry about MS-specific tags like "{Disarmed}" or "MailScanner has detected a possible fraud attempt from"? Is there a way to tell sa-learn to not worry about them? Thanks. From hvdkooij at vanderkooij.org Fri Jun 20 21:55:19 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 20 21:55:28 2008 Subject: Spam attack.... In-Reply-To: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: <485C1937.7060906@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Philip Butler wrote: | This may have been discussed here before, but I am going to throw it out | again... | | I have set up a few "mailbag" machines for some of my customers to grab | their incoming email and process it for spam. This then goes into POP | mailboxes and their mail servers then grab the mail. The intent is that | it be a black-hole for spam and takes some of the load off of their | systems. Hold on. How do you actually get the messages? Do you fetch them from another POP3 or IMAP server? Or do you receive them with SMTP. Most suggestions so far are focussed on SMTP but I get the impression you fetch them instead of receiving them with SMTP. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIXBk1BvzDRVjxmYERAtFaAKC2sv845UqR8p3EuAFVDmwymDPULACfdEW/ x6q/LcRLStRQDFbfG7W8m/I= =0ogo -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Jun 20 22:03:13 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 20 22:03:22 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <9d0ec84506d6734bb3714ada8eb56e10@solidstatelogic.com> References: <9d0ec84506d6734bb3714ada8eb56e10@solidstatelogic.com> Message-ID: <485C1B11.1080403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: | Charlie | | Reject non-valid email recipients on the incoming MTA. | | If you're growing at that rate I suggest you get a couple of machines to round robin DNS load share the mailscanner job, then if one goes pop the other will be to carry on. Well. If you have that many paying customers and do not have a redundant setup I would advise your customers to walk away right now. I run a SMTP/IMAP/POP server just for a (extended) family and I allready started to think about redundancy. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIXBsPBvzDRVjxmYERAmUfAKCx9w9qDMgZpMLF/gWGgG+BnAtjcgCePb81 kmSfsC8/3gSau6eZLuysxzk= =dXpZ -----END PGP SIGNATURE----- From submit at zuka.net Fri Jun 20 22:41:16 2008 From: submit at zuka.net (Dave Filchak) Date: Fri Jun 20 22:41:36 2008 Subject: sa-learn --force-expire errors In-Reply-To: <485A5015.9060709@USherbrooke.ca> References: <4859F84D.9060002@zuka.net> <485A5015.9060709@USherbrooke.ca> Message-ID: <485C23FC.6090800@zuka.net> Denis Beauchemin wrote: >
Dave > Filchak a ?crit : >> I am trying ti tune up my backup MX and so, have updated MailScanner, >> updated ClamAV as well as SpamAssassin. I have also tweaked the >> expire bayes.toks process by turning this off in both >> MailScanner.conf and spam.assassin.conf and added the following to >> root crontab: >> >> 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn >> --force-expire;/sbin/service MailScanner start) 2>&1 >> >> However, when this runs, I get the following errors, which I am >> guessing is due to my last upgrade. Can someone give me some >> direction here? >> >> Dave >> >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >> requires version 3.002001 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >> requires version 3.002001 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" >> requires version 3.002001 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" >> requires version 3.002001 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> >> >> and many more after this. >> >> My config:: >> >> his is MailScanner version 4.70.6 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.22 bignum >> 1.03 Carp >> 1.41 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.19 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.87 Math::BigInt >> 0.20 Math::BigRat >> 3.05 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.13 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.9707 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.22 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> missing Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> > Dave, > > You seem to have a mismatch in your SA files... What does > "/usr/bin/sa-learn -V" return? How about "/usr/bin/spamassassin --lint"? > > Denis > Hi Denis, Output of sa-learn -V SpamAssassin version 3.2.5 Output of spamassassin --lint gives me basically the same as above: [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. [30434] warn: config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires version 3.002001 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file Hello, i have this error in mailwatch page: *Warning*: require_once(Mail/mimeDecode.php) [function.require-once]: failed to open stream: No such file or directory in * /var/www/mailscanner/functions.php* on line *1072* *Fatal error*: require_once() [function.require]: Failed opening required 'Mail/mimeDecode.php' (include_path='.:/var/www/html/mailscanner/pear:/var/www/html/mailscanner/fpdf:/var/www/html/mailscanner/xmlrpc') in */var/www/mailscanner/functions.php* on line *1072 anyone know how to fix ? Thanks Marco* -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/4ba65969/attachment.html From J.Ede at birchenallhowden.co.uk Sat Jun 21 10:58:17 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Jun 21 10:58:50 2008 Subject: speed of bayes (mysql) In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B045E4@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B045E4@server02.bhl.local> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B04655@server02.bhl.local> I've found a few things eventually that seem to make a huge difference Firstly, after I run sa-learn -force-expire I run mysqlcheck -A -o to optimise and defrag all the tables. Then I found http://rackerhacker.com/mysqltuner/ This made several suggestions and I've tried some of them and it seems to make a big difference to the time taken doing the mysql bayes checks, although I'll need to give it a bit longer to make sure the times are consistently down. I've been wondering if putting the bayes in innodb format will help, although I've seen problems with the innodb data file growing and really need to have innodb_file_per_table option set in my.cnf so that can use mysqlcheck -o to keep the tables optimised and the file size down. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 19 June 2008 09:13 To: MailScanner discussion Subject: speed of bayes (mysql) I've bayes running in mysql and after upgrading I ran it in debug mode to see what the times were like... Generally it was fine apart from the bayes check which took ages! (batch size was 10 messages) 08:52:10 [7768] dbg: bayes: database connection established 08:52:10 [7768] dbg: bayes: found bayes db version 3 08:52:10 [7768] dbg: bayes: Using userid: 5 08:53:56 [7768] dbg: bayes: seen (c21a23d9453de70a43644e737a49e81c47640d54@sa_generated) put 08:53:56 [7768] dbg: bayes: learned 'c21a23d9453de70a43644e737a49e81c47640d54@sa_generated', atime: 1213858923 08:53:56 [7768] dbg: learn: initializing learner 08:53:56 [7768] dbg: check: is spam? score=-3.598 required=5 08:53:56 [7768] dbg: check: tests=BAYES_00,HTML_MESSAGE,RCVD_IN_DNSWL_LOW Any ideas on things I can check/investigate to speed this up? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/ff463539/attachment.html From ja at conviator.com Sat Jun 21 14:06:04 2008 From: ja at conviator.com (Jan Agermose) Date: Sat Jun 21 14:06:22 2008 Subject: smtp map to other port Message-ID: Hi when using Mailscanner (or maybe its actually sendmail) I set up a rule that says where to deliver the mails after beeing scanned. But what if port 25 is blocked on the remote server - can I add a "port" number somehow to have it delivered on port 366 or something like that? Regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/5bcd91c7/attachment.html From peter at farrows.org Sat Jun 21 14:44:37 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jun 21 14:45:00 2008 Subject: smtp map to other port In-Reply-To: References: Message-ID: <485D05C5.2050804@farrows.org> Jan Agermose wrote: > > Hi > > > > when using Mailscanner (or maybe its actually sendmail) I set up a > rule that says where to deliver the mails after beeing scanned. But > what if port 25 is blocked on the remote server - can I add a "port" > number somehow to have it delivered on port 366 or something like that? > > > > Regards > > Jan > > > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. You can modify which port sendmail listens on in /etc/mail/sendmail.mc with the DAEMON_OPTIONS(`Port=smtp,...... line but this is not what you want as this changes the in bound port. You can add further instances of this to add listening on more ports simultaneously If you are using mailertables of the type: farrows.org smtp:mail.farrows.org You can add a custom service name in /etc/services and then add an entry: domainname.com customservicenamehere:server.todeliverto.com I have never tried this but it might work... Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/a793aea5/attachment.html From peter at farrows.org Sat Jun 21 14:46:28 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jun 21 14:46:52 2008 Subject: smtp map to other port In-Reply-To: References: Message-ID: <485D0634.8050202@farrows.org> Jan Agermose wrote: > > Hi > > > > when using Mailscanner (or maybe its actually sendmail) I set up a > rule that says where to deliver the mails after beeing scanned. But > what if port 25 is blocked on the remote server - can I add a "port" > number somehow to have it delivered on port 366 or something like that? > > > > Regards > > Jan > > > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. This is probably more relevant that my last post: http://www.sendmail.org/faq/section3 -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/bb6bbb1f/attachment.html From peter at farrows.org Sat Jun 21 14:49:22 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jun 21 14:49:48 2008 Subject: smtp map to other port In-Reply-To: References: Message-ID: <485D06E2.5000802@farrows.org> Jan Agermose wrote: > > Hi > > > > when using Mailscanner (or maybe its actually sendmail) I set up a > rule that says where to deliver the mails after beeing scanned. But > what if port 25 is blocked on the remote server - can I add a "port" > number somehow to have it delivered on port 366 or something like that? > > > > Regards > > Jan > > > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. Use this, it will make any mailertable entries using the key "esmtp" forward to the remote server on port 2525 in this case: in your sendmail.mc file: FEATURE(`mailertable') define(`confRELAY_MAILER', `esmtp') define(`RELAY_MAILER_ARGS', `TCP $h 2525') then add a line in your mailertable: domaintorelay.com esmtp:servertodeliverto.com (taken from sendmail website) -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/eae8262f/attachment.html From ja at conviator.com Sat Jun 21 15:25:33 2008 From: ja at conviator.com (Jan Agermose) Date: Sat Jun 21 15:25:47 2008 Subject: smtp map to other port In-Reply-To: <485D06E2.5000802@farrows.org> References: <485D06E2.5000802@farrows.org> Message-ID: hi perfect, thanks - just what I was looking for. best regards Jan From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: 21. juni 2008 15:49 To: MailScanner discussion Subject: Re: smtp map to other port Jan Agermose wrote: Hi when using Mailscanner (or maybe its actually sendmail) I set up a rule that says where to deliver the mails after beeing scanned. But what if port 25 is blocked on the remote server - can I add a "port" number somehow to have it delivered on port 366 or something like that? Regards Jan -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [0]. Use this, it will make any mailertable entries using the key "esmtp" forward to the remote server on port 2525 in this case: in your sendmail.mc file: FEATURE(`mailertable') define(`confRELAY_MAILER', `esmtp') define(`RELAY_MAILER_ARGS', `TCP $h 2525') then add a line in your mailertable: domaintorelay.com esmtp:servertodeliverto.com (taken from sendmail website) -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/9a9c1aa3/attachment.html From ssilva at sgvwater.com Sat Jun 21 18:32:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jun 21 18:35:17 2008 Subject: sa-learn --force-expire errors In-Reply-To: <4859F4E2.20903@zuka.net> References: <4859F4E2.20903@zuka.net> Message-ID: on 6-18-2008 10:55 PM Dave Filchak spake the following: > Hello all, > > I am trying to tune my MailScanner install on my backup mail server. I > updates my MailScanner stuff, my clamav and my spamassassin. I then set > my expire settings for bayes to 0 in both my MailScanner.conf file, as > well as my spam.assassin.conf file. I installed a crontab to run the > following: > > 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn > --force-expire;/sbin/service MailScanner start) 2>&1 (Thanks to Denis > Beauchemin) > > I get the following errors when this runs. I assume it might be looking > at the wrong config file. Don't see how though. Any ideas anyone? > > > > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" > requires version 3.002001 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > > > more of the same here. > > > Dave > What did you set up to get those files in /etc/mail/spamassassin/updates_spamassassin_org ? AFAIR as I recall that is not a standard location. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/2269ee30/signature.bin From dnsadmin at 1bigthink.com Sat Jun 21 20:27:49 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Sat Jun 21 20:28:12 2008 Subject: mail watch problem In-Reply-To: References: Message-ID: <200806211928.m5LJS0RZ012856@mxt.1bigthink.com> At 05:21 AM 6/21/2008, you wrote: >Hello, > >i have this error in mailwatch page: > >Warning: require_once(Mail/mimeDecode.php) >[function.require-once]: >failed to open stream: No such file or directory in >/var/www/mailscanner/functions.php on line 1072 > >Fatal error: require_once() >[function.require]: >Failed opening required 'Mail/mimeDecode.php' >(include_path='.:/var/www/html/mailscanner/pear:/var/www/html/mailscanner/fpdf:/var/www/html/mailscanner/xmlrpc') >in /var/www/mailscanner/functions.php on line 1072 > >anyone know how to fix ? Hello Marco, You might get your answer here, but you might get the suggestion to take this to the MailWatch user list group. , Sorry. I don't have an answer for you. Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080621/baaf4728/attachment.html From hvdkooij at vanderkooij.org Sat Jun 21 23:04:38 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 21 23:04:46 2008 Subject: smtp map to other port In-Reply-To: <485D05C5.2050804@farrows.org> References: <485D05C5.2050804@farrows.org> Message-ID: <485D7AF6.50002@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | ..... | You can add a custom service name in /etc/services | | and then add an entry: | | domainname.com customservicenamehere:server.todeliverto.com | | I have never tried this but it might work... I think it is safe to say that this is a totally inaccurate use of the /etc/services file. Please read `man services 5`. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIXXr0BvzDRVjxmYERAnlgAJ9m2FDtS+JdA1+iRoegf/OU1DwG9QCaA0aQ r1Ruo/yREoFqYt0BF6pWARU= =jS6L -----END PGP SIGNATURE----- From peter at farrows.org Sat Jun 21 23:46:29 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jun 21 23:46:54 2008 Subject: smtp map to other port In-Reply-To: <485D7AF6.50002@vanderkooij.org> References: <485D05C5.2050804@farrows.org> <485D7AF6.50002@vanderkooij.org> Message-ID: <485D84C5.9010003@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Farrow wrote: > > | ..... > | You can add a custom service name in /etc/services > | > | and then add an entry: > | > | domainname.com customservicenamehere:server.todeliverto.com > | > | I have never tried this but it might work... > > I think it is safe to say that this is a totally inaccurate use of the > /etc/services file. Please read `man services 5`. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIXXr0BvzDRVjxmYERAnlgAJ9m2FDtS+JdA1+iRoegf/OU1DwG9QCaA0aQ > r1Ruo/yREoFqYt0BF6pWARU= > =jS6L > -----END PGP SIGNATURE----- You missed the point that he top posted when he replied to the actual solution several hours ago, tut tut Hugo you're slacking.... shame on you... -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From peter at farrows.org Sat Jun 21 23:53:00 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jun 21 23:53:24 2008 Subject: smtp map to other port In-Reply-To: <485D7AF6.50002@vanderkooij.org> References: <485D05C5.2050804@farrows.org> <485D7AF6.50002@vanderkooij.org> Message-ID: <485D864C.8050900@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Farrow wrote: > > | ..... > | You can add a custom service name in /etc/services > | > | and then add an entry: > | > | domainname.com customservicenamehere:server.todeliverto.com > | > | I have never tried this but it might work... > > I think it is safe to say that this is a totally inaccurate use of the > /etc/services file. Please read `man services 5`. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIXXr0BvzDRVjxmYERAnlgAJ9m2FDtS+JdA1+iRoegf/OU1DwG9QCaA0aQ > r1Ruo/yREoFqYt0BF6pWARU= > =jS6L > -----END PGP SIGNATURE----- Surely that should be "man 5 services" / ROFL -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From nils.o.bekken at hiof.no Sun Jun 22 13:57:11 2008 From: nils.o.bekken at hiof.no (Nils Olav Brandstorp Bekken) Date: Sun Jun 22 13:57:27 2008 Subject: MailScanner 4.68.8 and F-Secure 5.54 on Debian Etch Message-ID: <485E4C27.8010900@hiof.no> I was given the advice to install the latest MailScanner from tar archive, but still no success. F-secure identify the mail as infected, but its still delivered with attachments intact both eicar and a real virus infected file. I've installed the f-secure with command-line-only option. Nils. From martinh at solidstatelogic.com Sun Jun 22 16:11:49 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Sun Jun 22 16:11:34 2008 Subject: mail watch problem Message-ID: Marco Ask on the mailwatch mail list, or look in mw list archives, its a fairly common question there. -- martin -----Original Message----- From: Marco mangione Sent: Saturday, June 21, 2008 10:28 AM To: mailscanner@lists.mailscanner.info Subject: mail watch problem Hello, i have this error in mailwatch page: *Warning*: require_once(Mail/mimeDecode.php) [function.require-once]: failed to open stream: No such file or directory in * /var/www/mailscanner/functions.php* on line *1072* *Fatal error*: require_once() [function.require]: Failed opening required 'Mail/mimeDecode.php' (include_path='.:/var/www/html/mailscanner/pear:/var/www/html/mailscanner/fpdf:/var/www/html/mailscanner/xmlrpc') in */var/www/mailscanner/functions.php* on line *1072 anyone know how to fix ? Thanks Marco* ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ja at conviator.com Sun Jun 22 17:52:09 2008 From: ja at conviator.com (Jan Agermose) Date: Sun Jun 22 17:52:23 2008 Subject: shared storage for mails Message-ID: hi I want to setup a number of mailscanner serveres that log to a shared mysql server and that store the mails (I quarantine both non spam and spam mails) to some sort of shared storage. NFS or some other solutions. I would like to know how others have done this and what kind of performance issues your solutions have had if any. if its not a secret ;-) best regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080622/83240676/attachment.html From hvdkooij at vanderkooij.org Sun Jun 22 18:22:41 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 22 18:22:49 2008 Subject: shared storage for mails In-Reply-To: References: Message-ID: <485E8A61.90805@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Agermose wrote: | I want to setup a number of mailscanner serveres that log to a shared | mysql server and that store the mails (I quarantine both non spam and | spam mails) to some sort of shared storage. NFS or some other solutions. | | I would like to know how others have done this and what kind of | performance issues your solutions have had if any. Why not start out by telling us what you plan to do and punch in some numbers yourself? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIXopfBvzDRVjxmYERAsxRAJ4yE/70gOU3Ex7uZ/6gTWsnmDn8SwCggmWf zRN+8ngda2Zvd/J4f2OAy24= =Nr4K -----END PGP SIGNATURE----- From alex at rtpty.com Sun Jun 22 19:48:05 2008 From: alex at rtpty.com (Alex Neuman) Date: Sun Jun 22 19:48:34 2008 Subject: smtp map to other port In-Reply-To: <485D06E2.5000802@farrows.org> References: <485D06E2.5000802@farrows.org> Message-ID: This should go on the wiki... On Jun 21, 2008, at 8:49 AM, Peter Farrow wrote: > Use this, it will make any mailertable entries using the key "esmtp" > forward to the remote server on port 2525 in this case: > > in your sendmail.mc file: > > FEATURE(`mailertable') > define(`confRELAY_MAILER', `esmtp') > define(`RELAY_MAILER_ARGS', `TCP $h 2525') > > then add a line in your mailertable: > > domaintorelay.com esmtp:servertodeliverto.com From hvdkooij at vanderkooij.org Sun Jun 22 20:28:14 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jun 22 20:28:23 2008 Subject: smtp map to other port In-Reply-To: References: <485D06E2.5000802@farrows.org> Message-ID: <485EA7CE.5010003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | This should go on the wiki... That is .... the sendmail wiki I presume. As it is is in fact immaterial to MailScanner or how MailScanner interacts with the MTA in question. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIXqfNBvzDRVjxmYERAqxWAJ9RgyL4hltEnyGnJw1CxBaGi8Pa5ACglrup ZWr6fjoF8mCWytvFLf6XYXA= =dxGc -----END PGP SIGNATURE----- From peter at farrows.org Sun Jun 22 21:05:55 2008 From: peter at farrows.org (Peter Farrow) Date: Sun Jun 22 21:06:27 2008 Subject: smtp map to other port In-Reply-To: References: <485D06E2.5000802@farrows.org> Message-ID: <485EB0A3.8040509@farrows.org> Alex Neuman wrote: > This should go on the wiki... > > On Jun 21, 2008, at 8:49 AM, Peter Farrow wrote: > >> Use this, it will make any mailertable entries using the key "esmtp" >> forward to the remote server on port 2525 in this case: >> >> in your sendmail.mc file: >> >> FEATURE(`mailertable') >> define(`confRELAY_MAILER', `esmtp') >> define(`RELAY_MAILER_ARGS', `TCP $h 2525') >> >> then add a line in your mailertable: >> >> domaintorelay.com esmtp:servertodeliverto.com > Yes I would agree as sendmail is the most prolific MTA onthe internet and of course its very relevant in this case... After all, no message agent no MailScanner... Regards Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From peter at farrows.org Sun Jun 22 21:08:58 2008 From: peter at farrows.org (Peter Farrow) Date: Sun Jun 22 21:09:21 2008 Subject: smtp map to other port In-Reply-To: <485EA7CE.5010003@vanderkooij.org> References: <485D06E2.5000802@farrows.org> <485EA7CE.5010003@vanderkooij.org> Message-ID: <485EB15A.7030609@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Neuman wrote: > | This should go on the wiki... > > That is .... the sendmail wiki I presume. As it is is in fact immaterial > to MailScanner or how MailScanner interacts with the MTA in question. > > Hugo. I disagree it is very very relevant indeed, as many implementations may forward to a downstream server on a different port, as a key process in avoiding directly injected spam. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From peter at farrows.org Sun Jun 22 21:20:12 2008 From: peter at farrows.org (Peter Farrow) Date: Sun Jun 22 21:20:37 2008 Subject: shared storage for mails In-Reply-To: References: Message-ID: <485EB3FC.7060604@farrows.org> Jan Agermose wrote: > > hi > > > > I want to setup a number of mailscanner serveres that log to a shared > mysql server and that store the mails (I quarantine both non spam and > spam mails) to some sort of shared storage. NFS or some other solutions. > > > > I would like to know how others have done this and what kind of > performance issues your solutions have had if any. > > > > if its not a secret ;-) > > > > best regards > > Jan > > > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. Hi There, Yes, you start by installing Mailwatch and setup a central Mysql server, you can then enable the RPC process within MailWatch to allow messages to be released from quarantine from the Mailwatch running on the Mysql server. This is how I run it. I don't store the messages that are in quarantine centrally, rather I store them on the server than scanned them. This way you can maintain state with the message when it is released which minimises delays when greylisting is used, rather than tossing them into a central store. Since this is self scaling, i.e. you use the server that decided to quarantine to store the messages, then the system grows by you simpling adding machines to cope with your mailscanning load. So if you have enough machines to handle you scanning, then, unless the numbers are huge, any reasonable database server hardware should cope. I use a set up six Athlon 64 FX based machines to scan and a Pentium D 805 based machine to run the database and it happily copes with millions of emails per month no bother at all. Regards Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080622/0dbfa6b8/attachment.html From lszabo at ntlworld.com Sun Jun 22 23:33:13 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Sun Jun 22 23:33:28 2008 Subject: smtp map to other port In-Reply-To: <485EB15A.7030609@farrows.org> References: <485D06E2.5000802@farrows.org> <485EA7CE.5010003@vanderkooij.org> <485EB15A.7030609@farrows.org> Message-ID: <485ED329.8080902@ntlworld.com> Yes it is important but not mailscanner things anyway it is part of the system. This was my first problem when I tried to figure out my mail gateway spam filter systems. (how can I put mail server before the end mail server) Many docs just covers local spam filtering with out spam gateway system. Sendmail-gateway: /etc/mail/local-host-names goes your local name(s) Just local names it is important this domains served by this server!!! domain1.com domain2.com /etc/mail/mailertable: # (the virgin sendmail install don`t contain this file it needs to be made by you or webmin can do it ) goes your and server(s) address(es) (local server(s) and remote server(s) too) domain3.com smtp:[100.100.100.100] #Remote domain3.com server. The smtp can be used as esmtp like this domain3.com esmtp:[100.100.100.100] domain4.com smtp:[192.168.10.10] # local mail server for domain4.com /etc/mail/access: Connect:domain1.com RELAY Connect:domain2.com RELAY To:domain3.com RELAY To:domain4.com RELAY /etc/hosts: domain4.com 192.168.10.10 # to reach it by name on same LAN not WAN`s address. Laszlo :-) Peter Farrow wrote: > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Alex Neuman wrote: >> | This should go on the wiki... >> >> That is .... the sendmail wiki I presume. As it is is in fact immaterial >> to MailScanner or how MailScanner interacts with the MTA in question. >> >> Hugo. > I disagree it is very very relevant indeed, as many implementations > may forward to a downstream server on a different port, as a key > process in avoiding directly injected spam. > > > > From submit at zuka.net Mon Jun 23 00:02:37 2008 From: submit at zuka.net (Dave Filchak) Date: Mon Jun 23 00:02:56 2008 Subject: batch processing tmes Message-ID: <485EDA0D.6020001@zuka.net> OK .. I think I have my configuration straightened out and am not seeing errors in spamassassin -d --lint or sa-update -D. However, what I am seeing is batch processing times all over the map ... sometimes 1 - 3 seconds and then often times up as high as 25 -30 seconds. Can anyone shed some light as to what might be causing these long processing times. These are happening with batches of only two or three messages. Again, here is my configuration: This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.70.6 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML Dave From paul at blacknight.com Mon Jun 23 00:06:28 2008 From: paul at blacknight.com (Paul Kelly :: Blacknight) Date: Mon Jun 23 00:06:40 2008 Subject: shared storage for mails In-Reply-To: <485EB3FC.7060604@farrows.org> References: <485EB3FC.7060604@farrows.org> Message-ID: Sounds like a good option. that said the same can be achieved by saving your quarantine from each scanner on central file servers using NFS mounts onto each scanner from the shared storage. We do this with centralised web and db servers and we process 9m mails a month on one cluster with 1 x db and 1 x web servers, we did write a centralised app for customers to allow them view their quarantine and release, whitelist email messages etc. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: Sunday, June 22, 2008 9:20 PM To: MailScanner discussion Subject: Re: shared storage for mails Jan Agermose wrote: hi I want to setup a number of mailscanner serveres that log to a shared mysql server and that store the mails (I quarantine both non spam and spam mails) to some sort of shared storage. NFS or some other solutions. I would like to know how others have done this and what kind of performance issues your solutions have had if any. if its not a secret ;-) best regards Jan -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. Hi There, Yes, you start by installing Mailwatch and setup a central Mysql server, you can then enable the RPC process within MailWatch to allow messages to be released from quarantine from the Mailwatch running on the Mysql server. This is how I run it. I don't store the messages that are in quarantine centrally, rather I store them on the server than scanned them. This way you can maintain state with the message when it is released which minimises delays when greylisting is used, rather than tossing them into a central store. Since this is self scaling, i.e. you use the server that decided to quarantine to store the messages, then the system grows by you simpling adding machines to cope with your mailscanning load. So if you have enough machines to handle you scanning, then, unless the numbers are huge, any reasonable database server hardware should cope. I use a set up six Athlon 64 FX based machines to scan and a Pentium D 805 based machine to run the database and it happily copes with millions of emails per month no bother at all. Regards Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080623/5a4269ff/attachment.html From edward at tdcs.com.au Mon Jun 23 01:55:21 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Mon Jun 23 02:00:15 2008 Subject: batch processing times In-Reply-To: <485EDA0D.6020001@zuka.net> References: <485EDA0D.6020001@zuka.net> Message-ID: > errors in spamassassin -d --lint or sa-update -D. However, what I am > seeing is batch processing times all over the map ... sometimes 1 - 3 > seconds and then often times up as high as 25 -30 seconds. Can anyone > shed some light as to what might be causing these long processing > times. > These are happening with batches of only two or three messages. To me that seems pretty reasonable. Over my last 10 batches which contain 1 or 2 messages, I'm getting processing times of 16-52 seconds. Intel Pentium 4 2.8GHz 512Mb RAM 1.5Mbps/256Kbps ADSL Connection Ubuntu Server 8.04 LTS I've read all the way through all your e-mails back to the 13th, which I believe to be your first e-mail, and I cannot find you mention at any stage what kind of hardware you're running. So, I have no idea whether your numbers compare well or not. BUT seriously. Even if it takes 30 seconds at its longest, aren't you being a bit anal about speed? What's 30 seconds in the e-mail world? This isn't IM right? Is there a reason it has to be instantaneous? Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From james at gray.net.au Mon Jun 23 03:47:17 2008 From: james at gray.net.au (James Gray) Date: Mon Jun 23 03:47:40 2008 Subject: Spamassassin is slow - any tips or good commercial alternative? In-Reply-To: <19924992.181214188827291.JavaMail.root@node> Message-ID: <10920474.201214189237633.JavaMail.root@node> From: "Charlie" >>I manage a mail cluster for an ISP that has about 100,000 subscribers >>online at any given time. I'd hazard a guess that close to all of >>those subscribers have a mail client running the whole time. We have >>implemented an exim set up that allows 3 concurrent connections from >>the subscriber IP pools, 5 from from other IP's and a maximum number >>of simultaneous SMTP sessions of 1000 per server. This is on each >>server in the cluster (4 servers in total) and we only ever see the >>maximum concurrent per IP rules being hit, never the maximum total. > >Thank you James - this will be very helpful I suspect. >We also are using Exim as the MTA, so any specific config advice for Exim >would also be greatly appreciated :) >BTW we are using one server (Pentium 4, 2.4GHz, 1GB RAM), currently have >1500 active paid users, >and am expecting up to 10,000-15,000 active paid users in the future (say, >1 or 2 years from now). Hi Charlie, Here's the relevant bits from one of our clustered mail servers. This was pulled from a CentOS 4.6 system running a custom-compiled Exim 4.43 (added MySQL support), but is otherwise standard. /etc/exim/exim.conf ... hostlist relay_from_hosts = localhost : /etc/exim/relay_ip_address acl_smtp_rcpt = acl_check_rcpt exim_user = exim exim_group = exim never_users = root host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 0s ignore_bounce_errors_after = 12h timeout_frozen_after = 1d smtp_accept_max = 1000 smtp_accept_queue = 500 # Only queue messages when we have 500+ SMTP sessions # The format of "/etc/exim/smtp_limits" should have the IP of the # sender in the first column, terminated with a colon, then white space # followed by the maximum connections for hosts in that range, eg: # 1.2.3.4: 3 # 1.2.4.0/24: 3 # *: 5 # See http://wiki.exim.org/FAQ/Configuration_cookbook/Q9812 smtp_accept_max_per_host = \ ${lookup{$sender_host_address}lsearch{/etc/exim/smtp_limits}\ {$value}\ {\ ${lookup{${mask:$sender_host_address/24}}lsearch*{/etc/exim/smtp_limits}}\ }} begin acl acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains dnslists = list.dnswl.org logwrite = $sender_host_address is whitelisted at dnswl.org deny message = $sender_host_address is listed at $dnslist_domain local_parts = !postmaster hosts = !+relay_from_hosts dnslists = cbl.abuseat.org : \ zen.spamhaus.org : \ list.dsbl.org : \ bl.spamcop.net require verify = sender accept domains = +local_domains endpass verify = recipient accept domains = +relay_to_domains endpass verify = recipient accept hosts = +relay_from_hosts accept authenticated = * deny message = relay not permitted begin routers ... your routers go here ... begin retry # Domain Error Retries # ------ ----- ------- # Adjust over-quota retries - retry every 3 mins, after 30 mins, fail the message. * quota F,30m,3m; * * F,2h,15m; G,16h,1h,1.5; F,4d,6h And that's about it :) The rate limiting for our LDAP/POP servers is handled by the load balancers. Keep in mind the limits on a clustered host are multiplied by the number of hosts in the cluster (assuming linear round-robin of connection pooling), so these limits are actually quite high ;) HTH, James From marc at marcsnet.com Mon Jun 23 04:42:47 2008 From: marc at marcsnet.com (Marc Lucke) Date: Mon Jun 23 04:43:23 2008 Subject: use_bayes not working Message-ID: <004301c8d4e3$39d71200$ad853600$@com> (see below for version info) ---------------------------- X-MSP-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.001, required 5, URIBL_BLACK 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50) X-MSP-MailScanner-SpamScore: 6 ---------------------------- In the above, I used to get a "BAYES_ " score adding to the total. E.g. BAYES_99 5.00 No matter what I do, I can't get it anymore. It is driving me around the bend! What do I need to do to re-enable this?! Everywhere I can find a use_bayes setting, I've set it to 1 Any help appreciated. This is for an old employer that I'm helping out, so it is doubly annoying. Marc spamassassin -D --lint ============================ [10721] dbg: logger: adding facilities: all [10721] dbg: logger: logging level is DBG [10721] dbg: generic: SpamAssassin version 3.2.4 [10721] dbg: config: score set 0 chosen. [10721] dbg: util: running in taint mode? yes [10721] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [10721] dbg: util: PATH included '/usr/kerberos/sbin', keeping [10721] dbg: util: PATH included '/usr/kerberos/bin', keeping [10721] dbg: util: PATH included '/usr/local/sbin', keeping [10721] dbg: util: PATH included '/usr/local/bin', keeping [10721] dbg: util: PATH included '/sbin', keeping [10721] dbg: util: PATH included '/bin', keeping [10721] dbg: util: PATH included '/usr/sbin', keeping [10721] dbg: util: PATH included '/usr/bin', keeping [10721] dbg: util: PATH included '/usr/X11R6/bin', keeping [10721] dbg: util: PATH included '/root/bin', keeping [10721] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/b in:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin [10721] dbg: dns: is Net::DNS::Resolver available? yes [10721] dbg: dns: Net::DNS version: 0.48 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Scalar/Util.pm line 30. [10721] dbg: diag: perl platform: 5.008005 linux [10721] dbg: diag: module installed: Digest::SHA1, version 2.11 [10721] dbg: diag: module installed: HTML::Parser, version 3.56 [10721] dbg: diag: module installed: Net::DNS, version 0.48 [10721] dbg: diag: module installed: MIME::Base64, version 3.07 [10721] dbg: diag: module installed: DB_File, version 1.817 [10721] dbg: diag: module installed: Net::SMTP, version 2.31 [10721] dbg: diag: module installed: Mail::SPF, version v2.005 [10721] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [10721] dbg: diag: module installed: IP::Country::Fast, version 604.001 [10721] dbg: diag: module installed: Razor2::Client::Agent, version 2.40 [10721] dbg: diag: module installed: Net::Ident, version 1.20 [10721] dbg: diag: module installed: IO::Socket::INET6, version 2.54 [10721] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [10721] dbg: diag: module installed: Compress::Zlib, version 1.42 [10721] dbg: diag: module installed: Time::HiRes, version 1.9715 [10721] dbg: diag: module installed: Mail::DomainKeys, version 1.0 [10721] dbg: diag: module installed: Mail::DKIM, version 0.32 [10721] dbg: diag: module installed: DBI, version 1.605 [10721] dbg: diag: module installed: Getopt::Long, version 2.37 [10721] dbg: diag: module installed: LWP::UserAgent, version 2.031 [10721] dbg: diag: module installed: HTTP::Date, version 1.46 [10721] dbg: diag: module installed: Archive::Tar, version 1.30 [10721] dbg: diag: module installed: IO::Zlib, version 1.04 [10721] dbg: diag: module installed: Encode::Detect, version 1.01 [10721] dbg: ignore: using a test message to lint rules [10721] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [10721] dbg: config: read file /etc/mail/spamassassin/init.pre [10721] dbg: config: read file /etc/mail/spamassassin/v310.pre [10721] dbg: config: read file /etc/mail/spamassassin/v312.pre [10721] dbg: config: read file /etc/mail/spamassassin/v320.pre [10721] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [10721] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf [10721] dbg: config: using "/etc/mail/spamassassin" for site rules dir [10721] dbg: config: read file /etc/mail/spamassassin/local.cf [10721] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [10721] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [10721] dbg: config: read file /root/.spamassassin/user_prefs [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [10721] dbg: pyzor: local tests only, disabling Pyzor [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [10721] dbg: razor2: local tests only, skipping Razor [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [10721] dbg: reporter: local tests only, disabling SpamCop [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf " for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.c f [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests. cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.c f [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.c f" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf " for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject .cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subjec t.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject .cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [10721] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [10721] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [10721] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [10721] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE [10721] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [10721] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [10721] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [10721] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [10721] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [10721] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [10721] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [10721] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [10721] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [10721] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [10721] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [10721] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [10721] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [10721] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [10721] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [10721] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [10721] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [10721] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [10721] dbg: conf: finish parsing [10721] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8b1e8d8) implements 'finish_parsing_end', priority 0 [10721] dbg: replacetags: replacing tags [10721] dbg: replacetags: done replacing tags [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [10721] dbg: bayes: found bayes db version 3 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: config: score set 2 chosen. [10721] dbg: message: main message type: text/plain [10721] dbg: message: ---- MIME PARSER START ---- [10721] dbg: message: parsing normal part [10721] dbg: message: ---- MIME PARSER END ---- [10721] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x97d4908) implements 'check_start', priority 0 [10721] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x978705c) implements 'check_main', priority 0 [10721] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [10721] dbg: metadata: X-Spam-Relays-Trusted: [10721] dbg: metadata: X-Spam-Relays-Untrusted: [10721] dbg: metadata: X-Spam-Relays-Internal: [10721] dbg: metadata: X-Spam-Relays-External: [10721] dbg: message: no encoding detected [10721] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95f8b0c) implements 'parsed_metadata', priority 0 [10721] dbg: dns: is DNS available? 0 [10721] dbg: rules: local tests only, ignoring RBL eval [10721] dbg: check: running tests for priority: -1000 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [10721] dbg: eval: all '*To' addrs: [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -950 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -900 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -400 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x98c13b4) implements 'check_wb_list', priority 0 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: corpus size: nspam = 63340, nham = 154630 [10721] dbg: bayes: score = 0.215791458401563 [10721] dbg: bayes: DB expiry: tokens in DB: 120875, Expiry max size: 150000, Oldest atime: 1212853477, Newest atime: 1214166417, Last expire: 1213193735, Current time: 1214192307 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: untie-ing [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 0 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [10721] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [10721] dbg: rules: Message-Id: " [10721] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [10721] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [10721] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1214192304" [10721] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [10721] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1214192304@lint_rules> [10721] dbg: rules: " [10721] dbg: spf: checking to see if the message has a Received-SPF header that we can use [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: cannot get Envelope-From, cannot use SPF [10721] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [10721] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [10721] dbg: spf: spf_whitelist_from: could not find useable envelope sender [10721] dbg: rules: running body tests; score so far=1.5 [10721] dbg: rules: compiled body tests [10721] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [10721] dbg: rules: running uri tests; score so far=1.5 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: ran eval rule BAYES_40 ======> got hit (1) [10721] dbg: eval: stock info total: 0 [10721] dbg: rules: running rawbody tests; score so far=1.315 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [10721] dbg: rules: running full tests; score so far=1.315 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=1.315 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 500 [10721] dbg: dns: harvest_dnsbl_queries [10721] dbg: rules: running head tests; score so far=1.315 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=1.315 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=1.315 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=1.315 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=1.315 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=1.315 [10721] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 1000 [10721] dbg: rules: running head tests; score so far=3.79 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=3.79 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=3.79 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=3.79 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=3.79 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=3.79 [10721] dbg: rules: compiled meta tests [10721] dbg: check: is spam? score=3.79 required=5 [10721] dbg: check: tests=BAYES_40,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_R ELAYS [10721] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_ MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID VERSIONS ============================ Redhat EL4 - 2.6.9-67.0.7.EL This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.70.6 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 0.23 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 2.04 File::Path 0.20 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.03 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.426 MIME::Decoder 5.426 MIME::Decoder::UU 5.426 MIME::Head 5.426 MIME::Parser 3.03 MIME::QuotedPrint 5.426 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.07 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.26 Sys::Syslog 1.26 Test::Pod 0.8 Test::Simple 1.9715 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.817 DB_File 1.14 DBD::SQLite 1.605 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.01 Encode::Detect 0.17014 Error 0.23 ExtUtils::CBuilder missing ExtUtils::ParseXS 2.37 Getopt::Long missing Inline missing IO::String 1.04 IO::Zlib 2.24 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.36 Net::LDAP 4.007 NetAddr::IP missing Parse::RecDescent missing SAVI 3.11 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.37 URI 0.7501 version 0.66 YAML From marc at marcsnet.com Mon Jun 23 05:11:27 2008 From: marc at marcsnet.com (Marc Lucke) Date: Mon Jun 23 05:12:01 2008 Subject: use_bayes not working Message-ID: <00dd01c8d4e7$37c09140$a741b3c0$@com> (see below for version info) ---------------------------- X-MSP-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.001, required 5, URIBL_BLACK 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50) X-MSP-MailScanner-SpamScore: 6 ---------------------------- In the above, I used to get a "BAYES_ " score adding to the total. E.g. BAYES_99 5.00 No matter what I do, I can't get it anymore. It is driving me around the bend! What do I need to do to re-enable this?! Everywhere I can find a use_bayes setting, I've set it to 1 Any help appreciated. This is for an old employer that I'm helping out, so it is doubly annoying. Marc spamassassin -D --lint ============================ [10721] dbg: logger: adding facilities: all [10721] dbg: logger: logging level is DBG [10721] dbg: generic: SpamAssassin version 3.2.4 [10721] dbg: config: score set 0 chosen. [10721] dbg: util: running in taint mode? yes [10721] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [10721] dbg: util: PATH included '/usr/kerberos/sbin', keeping [10721] dbg: util: PATH included '/usr/kerberos/bin', keeping [10721] dbg: util: PATH included '/usr/local/sbin', keeping [10721] dbg: util: PATH included '/usr/local/bin', keeping [10721] dbg: util: PATH included '/sbin', keeping [10721] dbg: util: PATH included '/bin', keeping [10721] dbg: util: PATH included '/usr/sbin', keeping [10721] dbg: util: PATH included '/usr/bin', keeping [10721] dbg: util: PATH included '/usr/X11R6/bin', keeping [10721] dbg: util: PATH included '/root/bin', keeping [10721] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/b in:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin [10721] dbg: dns: is Net::DNS::Resolver available? yes [10721] dbg: dns: Net::DNS version: 0.48 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Scalar/Util.pm line 30. [10721] dbg: diag: perl platform: 5.008005 linux [10721] dbg: diag: module installed: Digest::SHA1, version 2.11 [10721] dbg: diag: module installed: HTML::Parser, version 3.56 [10721] dbg: diag: module installed: Net::DNS, version 0.48 [10721] dbg: diag: module installed: MIME::Base64, version 3.07 [10721] dbg: diag: module installed: DB_File, version 1.817 [10721] dbg: diag: module installed: Net::SMTP, version 2.31 [10721] dbg: diag: module installed: Mail::SPF, version v2.005 [10721] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [10721] dbg: diag: module installed: IP::Country::Fast, version 604.001 [10721] dbg: diag: module installed: Razor2::Client::Agent, version 2.40 [10721] dbg: diag: module installed: Net::Ident, version 1.20 [10721] dbg: diag: module installed: IO::Socket::INET6, version 2.54 [10721] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [10721] dbg: diag: module installed: Compress::Zlib, version 1.42 [10721] dbg: diag: module installed: Time::HiRes, version 1.9715 [10721] dbg: diag: module installed: Mail::DomainKeys, version 1.0 [10721] dbg: diag: module installed: Mail::DKIM, version 0.32 [10721] dbg: diag: module installed: DBI, version 1.605 [10721] dbg: diag: module installed: Getopt::Long, version 2.37 [10721] dbg: diag: module installed: LWP::UserAgent, version 2.031 [10721] dbg: diag: module installed: HTTP::Date, version 1.46 [10721] dbg: diag: module installed: Archive::Tar, version 1.30 [10721] dbg: diag: module installed: IO::Zlib, version 1.04 [10721] dbg: diag: module installed: Encode::Detect, version 1.01 [10721] dbg: ignore: using a test message to lint rules [10721] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [10721] dbg: config: read file /etc/mail/spamassassin/init.pre [10721] dbg: config: read file /etc/mail/spamassassin/v310.pre [10721] dbg: config: read file /etc/mail/spamassassin/v312.pre [10721] dbg: config: read file /etc/mail/spamassassin/v320.pre [10721] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [10721] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf [10721] dbg: config: using "/etc/mail/spamassassin" for site rules dir [10721] dbg: config: read file /etc/mail/spamassassin/local.cf [10721] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [10721] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [10721] dbg: config: read file /root/.spamassassin/user_prefs [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [10721] dbg: pyzor: local tests only, disabling Pyzor [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [10721] dbg: razor2: local tests only, skipping Razor [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [10721] dbg: reporter: local tests only, disabling SpamCop [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [10721] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf " for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.c f [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests. cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.c f [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.c f" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf " for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject .cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subjec t.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject .cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [10721] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [10721] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf" for included file [10721] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [10721] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [10721] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [10721] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [10721] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE [10721] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [10721] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [10721] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [10721] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [10721] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [10721] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [10721] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [10721] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [10721] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [10721] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [10721] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [10721] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [10721] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [10721] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [10721] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [10721] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [10721] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [10721] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [10721] dbg: conf: finish parsing [10721] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8b1e8d8) implements 'finish_parsing_end', priority 0 [10721] dbg: replacetags: replacing tags [10721] dbg: replacetags: done replacing tags [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [10721] dbg: bayes: found bayes db version 3 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: config: score set 2 chosen. [10721] dbg: message: main message type: text/plain [10721] dbg: message: ---- MIME PARSER START ---- [10721] dbg: message: parsing normal part [10721] dbg: message: ---- MIME PARSER END ---- [10721] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x97d4908) implements 'check_start', priority 0 [10721] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x978705c) implements 'check_main', priority 0 [10721] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [10721] dbg: metadata: X-Spam-Relays-Trusted: [10721] dbg: metadata: X-Spam-Relays-Untrusted: [10721] dbg: metadata: X-Spam-Relays-Internal: [10721] dbg: metadata: X-Spam-Relays-External: [10721] dbg: message: no encoding detected [10721] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95f8b0c) implements 'parsed_metadata', priority 0 [10721] dbg: dns: is DNS available? 0 [10721] dbg: rules: local tests only, ignoring RBL eval [10721] dbg: check: running tests for priority: -1000 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [10721] dbg: eval: all '*To' addrs: [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -950 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -900 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: -400 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=0 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=0 [10721] dbg: rules: compiled uri tests [10721] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x98c13b4) implements 'check_wb_list', priority 0 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: corpus size: nspam = 63340, nham = 154630 [10721] dbg: bayes: score = 0.215791458401563 [10721] dbg: bayes: DB expiry: tokens in DB: 120875, Expiry max size: 150000, Oldest atime: 1212853477, Newest atime: 1214166417, Last expire: 1213193735, Current time: 1214192307 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: untie-ing [10721] dbg: rules: running rawbody tests; score so far=0 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=0 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=0 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 0 [10721] dbg: rules: running head tests; score so far=0 [10721] dbg: rules: compiled head tests [10721] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [10721] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [10721] dbg: rules: Message-Id: " [10721] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [10721] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [10721] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1214192304" [10721] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [10721] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1214192304@lint_rules> [10721] dbg: rules: " [10721] dbg: spf: checking to see if the message has a Received-SPF header that we can use [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: cannot get Envelope-From, cannot use SPF [10721] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10721] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [10721] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [10721] dbg: spf: spf_whitelist_from: could not find useable envelope sender [10721] dbg: rules: running body tests; score so far=1.5 [10721] dbg: rules: compiled body tests [10721] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [10721] dbg: rules: running uri tests; score so far=1.5 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: ran eval rule BAYES_40 ======> got hit (1) [10721] dbg: eval: stock info total: 0 [10721] dbg: rules: running rawbody tests; score so far=1.315 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [10721] dbg: rules: running full tests; score so far=1.315 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=1.315 [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 500 [10721] dbg: dns: harvest_dnsbl_queries [10721] dbg: rules: running head tests; score so far=1.315 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=1.315 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=1.315 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=1.315 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=1.315 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=1.315 [10721] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [10721] dbg: rules: compiled meta tests [10721] dbg: check: running tests for priority: 1000 [10721] dbg: rules: running head tests; score so far=3.79 [10721] dbg: rules: compiled head tests [10721] dbg: rules: running body tests; score so far=3.79 [10721] dbg: rules: compiled body tests [10721] dbg: rules: running uri tests; score so far=3.79 [10721] dbg: rules: compiled uri tests [10721] dbg: rules: running rawbody tests; score so far=3.79 [10721] dbg: rules: compiled rawbody tests [10721] dbg: rules: running full tests; score so far=3.79 [10721] dbg: rules: compiled full tests [10721] dbg: rules: running meta tests; score so far=3.79 [10721] dbg: rules: compiled meta tests [10721] dbg: check: is spam? score=3.79 required=5 [10721] dbg: check: tests=BAYES_40,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_R ELAYS [10721] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_ MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID VERSIONS ============================ Redhat EL4 - 2.6.9-67.0.7.EL This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.70.6 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 0.23 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 2.04 File::Path 0.20 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.03 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.426 MIME::Decoder 5.426 MIME::Decoder::UU 5.426 MIME::Head 5.426 MIME::Parser 3.03 MIME::QuotedPrint 5.426 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.07 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.26 Sys::Syslog 1.26 Test::Pod 0.8 Test::Simple 1.9715 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.817 DB_File 1.14 DBD::SQLite 1.605 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.01 Encode::Detect 0.17014 Error 0.23 ExtUtils::CBuilder missing ExtUtils::ParseXS 2.37 Getopt::Long missing Inline missing IO::String 1.04 IO::Zlib 2.24 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.36 Net::LDAP 4.007 NetAddr::IP missing Parse::RecDescent missing SAVI 3.11 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.37 URI 0.7501 version 0.66 YAML From martinh at solidstatelogic.com Mon Jun 23 08:56:47 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 23 08:56:59 2008 Subject: batch processing tmes In-Reply-To: <485EDA0D.6020001@zuka.net> Message-ID: Dave Look at what scores you are getting for the 1-3 seconds runs. I suggesrt you'll find they are using MailScanner's spamassassin cache. For the longer messages I suggest they are doing a lot of RBL lookups. You have turned off all the RBL'S you don't want in Spamassassin haven't you? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dave Filchak > Sent: 23 June 2008 00:03 > To: mailscanner@lists.mailscanner.info > Subject: batch processing tmes > > OK .. I think I have my configuration straightened out and am > not seeing errors in spamassassin -d --lint or sa-update -D. > However, what I am seeing is batch processing times all over > the map ... sometimes 1 - 3 seconds and then often times up > as high as 25 -30 seconds. Can anyone shed some light as to > what might be causing these long processing times. > These are happening with batches of only two or three messages. > > Again, here is my configuration: > > This is CentOS release 4.1 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.70.6 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > Dave > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From telecaadmin at gmail.com Mon Jun 23 10:08:37 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jun 23 10:11:27 2008 Subject: Spam attack.... In-Reply-To: References: <4F87F584-52B3-427D-8D14-B8BE2DB879B9@globeserver.com> Message-ID: <485F6815.60509@gmail.com> Hi, >>> then they get processed quickly. This almost seems to be a DNS-type >>> problem with RBL lookups or something. you should investigate this more closely; a *lot* of problems I currently see stem from DNS problems: slow, unreliable forwarders, or even downright wrong DNS servers, too small caches etc. You might want to draw a DNS architecture diagram and check each hop for bottlenecks and/or wrong configuration. If you're on win DNS-wise I can point you to the corresponding debugging tools from the resource kit. nscd also somehow seems to break down sometimes, so I also do a restart every 7200 secs: (/etc/nscd.conf) paranoia yes restart-interval 7200 Cheers, Ronny From nils.o.bekken at hiof.no Mon Jun 23 12:20:39 2008 From: nils.o.bekken at hiof.no (Nils Olav Brandstorp Bekken) Date: Mon Jun 23 12:20:50 2008 Subject: F-Secure 5.54 (identified 1.12 by MailScanner) and MailScanner Message-ID: <485F8707.3040004@hiof.no> Does anyone on this list use F-Secure linux server security 5.54 7115 with MailScanner ?(MailScanner identifies it as "F-Secure version 1.12=1.12") Thanks Nils O. Bekken From richard.frovarp at sendit.nodak.edu Mon Jun 23 14:45:50 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 23 14:46:01 2008 Subject: HTML images are being removed Message-ID: <485FA90E.1080806@sendit.nodak.edu> I'm having a problem where the img tag in HTML messages is being removed. I'm using clamd 0.92.1, SA 3.2.5, and MS 4.70-6.1. What is interesting is they aren't being replaced with anything, they're just being completely removed. I do have this set in MS, plus I would expect it to replace, not remove: Allow WebBugs = yes Anyone have any ideas? I did switch to clamd from clamavmodule, so that may have something to do with it. Thanks, Richard From richard.frovarp at sendit.nodak.edu Mon Jun 23 15:02:37 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 23 15:02:48 2008 Subject: HTML images are being removed In-Reply-To: <485FA90E.1080806@sendit.nodak.edu> References: <485FA90E.1080806@sendit.nodak.edu> Message-ID: <485FACFD.50607@sendit.nodak.edu> Richard Frovarp wrote: > I'm having a problem where the img tag in HTML messages is being > removed. I'm using clamd 0.92.1, SA 3.2.5, and MS 4.70-6.1. What is > interesting is they aren't being replaced with anything, they're just > being completely removed. > > I do have this set in MS, plus I would expect it to replace, not remove: > Allow WebBugs = yes > > Anyone have any ideas? I did switch to clamd from clamavmodule, so > that may have something to do with it. > > Thanks, > Richard Okay, it's not clamd. I turned it off and I have the same problem. SA shouldn't mess with, well anything. So it would appear that something changed in MS between 4.61.7 and 4.70.6. I've got a diff between what the MailScanner.conf file looked like before and after the upgrade. I don't see anything in there that would explain this behavior. From richard.frovarp at sendit.nodak.edu Mon Jun 23 15:42:20 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 23 15:42:31 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <485FACFD.50607@sendit.nodak.edu> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> Message-ID: <485FB64C.3050502@sendit.nodak.edu> Richard Frovarp wrote: > Richard Frovarp wrote: >> I'm having a problem where the img tag in HTML messages is being >> removed. I'm using clamd 0.92.1, SA 3.2.5, and MS 4.70-6.1. What is >> interesting is they aren't being replaced with anything, they're just >> being completely removed. >> >> I do have this set in MS, plus I would expect it to replace, not remove: >> Allow WebBugs = yes >> >> Anyone have any ideas? I did switch to clamd from clamavmodule, so >> that may have something to do with it. >> >> Thanks, >> Richard > Okay, it's not clamd. I turned it off and I have the same problem. SA > shouldn't mess with, well anything. So it would appear that something > changed in MS between 4.61.7 and 4.70.6. I've got a diff between what > the MailScanner.conf file looked like before and after the upgrade. I > don't see anything in there that would explain this behavior. I found the problem. If DisarmWebBug is false, it skips over adding $text to $output, making it completely skip the tag. Since I think the goal of the change is to track if the signature image is found, I stuck an else after the DisarmWebBug test to just dump the text. --- Message.pm.bak 2008-06-23 09:30:21.000000000 -0500 +++ Message.pm 2008-06-23 09:36:56.000000000 -0500 @@ -6612,6 +6612,8 @@ } else { $output .= $text; } + } else { + $output .= $text; } } elsif ($tagname eq 'base') { #print STDERR "It's a Base URL\n"; From lists at designmedia.com Mon Jun 23 20:11:42 2008 From: lists at designmedia.com (Henry Kwan) Date: Mon Jun 23 20:12:02 2008 Subject: use_bayes not working References: <00dd01c8d4e7$37c09140$a741b3c0$@com> Message-ID: Marc Lucke marcsnet.com> writes: > In the above, I used to get a "BAYES_ " score adding > to the total. E.g. BAYES_99 5.00 > > No matter what I do, I can't get it anymore. It is driving me around the > bend! > > What do I need to do to re-enable this?! > [...] > tests=BAYES_40,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_R > ELAYS Hi, >From that output, it seems like bayes is working since BAYES_40 was triggered. Try feeding SA a more spammy message to see if BAYES_99 gets triggered. From submit at zuka.net Mon Jun 23 21:34:07 2008 From: submit at zuka.net (Dave Filchak) Date: Mon Jun 23 21:34:35 2008 Subject: batch processing tmes In-Reply-To: References: Message-ID: <486008BF.2040400@zuka.net> Martin, We are only using zen.spamhaus.org. Should I be using something else? Dave Martin.Hepworth wrote: > Dave > > Look at what scores you are getting for the 1-3 seconds runs. I suggesrt you'll find they are using MailScanner's spamassassin cache. > > For the longer messages I suggest they are doing a lot of RBL lookups. You have turned off all the RBL'S you don't want in Spamassassin haven't you? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Dave Filchak >> Sent: 23 June 2008 00:03 >> To: mailscanner@lists.mailscanner.info >> Subject: batch processing tmes >> >> OK .. I think I have my configuration straightened out and am >> not seeing errors in spamassassin -d --lint or sa-update -D. >> However, what I am seeing is batch processing times all over >> the map ... sometimes 1 - 3 seconds and then often times up >> as high as 25 -30 seconds. Can anyone shed some light as to >> what might be causing these long processing times. >> These are happening with batches of only two or three messages. >> >> Again, here is my configuration: >> >> This is CentOS release 4.1 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.70.6 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.22 bignum >> 1.03 Carp >> 1.41 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.19 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.87 Math::BigInt >> 0.20 Math::BigRat >> 3.05 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.13 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.9707 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.22 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> missing Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> >> Dave >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > > From james at gray.net.au Tue Jun 24 00:29:58 2008 From: james at gray.net.au (James Gray) Date: Tue Jun 24 00:30:14 2008 Subject: batch processing tmes In-Reply-To: <486008BF.2040400@zuka.net> References: <486008BF.2040400@zuka.net> Message-ID: <316B8F64-C6C6-47B8-B736-B5979A6F72D9@gray.net.au> On 24/06/2008, at 6:34 AM, Dave Filchak wrote: > We are only using zen.spamhaus.org. Should I be using something else? > > Dave Hi Dave, I've seen times when the MailScanner child is old and hasn't been killed off and restarted. Then a new batch arrives, and the MailScanner parent kills the child, starts a new one, then commences processing the batch. However the child rebirth is included in the processing time. Julian might be able to shed more light on the automagic MS child restart logic, but this seems to explain the fluctuating times. Additionally, any time a message by-passes spamassassin (or hits the SA cache in MailScanner), my batch processing times are very short. I've tweaked the heck out of SpamAssassin, but at the end of the day, there's only so much you can expect from a 3GHz P4 :P HTH, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080624/aef268e8/smime.bin From cbarber at techquility.net Tue Jun 24 01:24:11 2008 From: cbarber at techquility.net (Chris Barber) Date: Tue Jun 24 01:24:34 2008 Subject: batch processing tmes References: <486008BF.2040400@zuka.net> Message-ID: <43F62CA225017044BC84CFAF92B4333B01DFA1@sbsserver.Techquility.net> I think he was referring to having your MTA handle the RBL lookups and turn RBL Lookups off in both Spamassassin and MailScanner. This reduces system load in a few different ways. Also, here are some tips on getting better performance: http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Chris -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Filchak Sent: Monday, June 23, 2008 4:34 PM To: MailScanner discussion Subject: Re: RE: batch processing tmes Martin, We are only using zen.spamhaus.org. Should I be using something else? Dave Martin.Hepworth wrote: > Dave > > Look at what scores you are getting for the 1-3 seconds runs. I suggesrt you'll find they are using MailScanner's spamassassin cache. > > For the longer messages I suggest they are doing a lot of RBL lookups. You have turned off all the RBL'S you don't want in Spamassassin haven't you? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Dave Filchak >> Sent: 23 June 2008 00:03 >> To: mailscanner@lists.mailscanner.info >> Subject: batch processing tmes >> >> OK .. I think I have my configuration straightened out and am >> not seeing errors in spamassassin -d --lint or sa-update -D. >> However, what I am seeing is batch processing times all over >> the map ... sometimes 1 - 3 seconds and then often times up >> as high as 25 -30 seconds. Can anyone shed some light as to >> what might be causing these long processing times. >> These are happening with batches of only two or three messages. >> >> Again, here is my configuration: >> >> This is CentOS release 4.1 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.70.6 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.22 bignum >> 1.03 Carp >> 1.41 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.19 File::Temp >> 0.90 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.87 Math::BigInt >> 0.20 Math::BigRat >> 3.05 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.13 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.9707 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.22 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> missing Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> >> Dave >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From drew.marshall at technologytiger.net Tue Jun 24 07:31:20 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Tue Jun 24 07:31:34 2008 Subject: batch processing tmes In-Reply-To: <486008BF.2040400@zuka.net> References: <486008BF.2040400@zuka.net> Message-ID: <1BB9E71C-72C1-4682-A4F7-6D9B0318BD4D@technologytiger.net> On 23 Jun 2008, at 21:34, Dave Filchak wrote: > Martin, > > We are only using zen.spamhaus.org. Should I be using something else? But where are you using just the zen list? If it's at your MTA, well that's fine and will have taken some load off MS but SA does many, many (I haven't been excited enough to count them all!) RBL, SURBL etc look ups by default along with razor & pyzor tests. Any one of these could be slow or just you have a slow DNS server. As was once said, any caching DNS server running on a SpamAssassin box is a busy caching server. Check the wiki (As mentioned already) for other ideas and run a few batches in debug to see where the delay is but to be honest 30 seconds really is not too bad, I can not believe any one notices anything other than a reduced level of spam? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From martinh at solidstatelogic.com Tue Jun 24 09:44:44 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 24 09:44:57 2008 Subject: batch processing tmes In-Reply-To: <486008BF.2040400@zuka.net> Message-ID: Dave Depends on how many queries you are pushing to zen and whether or not you are paying for this service. http://www.spamhaus.org/organization/dnsblusage.html If you go above their limit they serve your queries slowly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dave Filchak > Sent: 23 June 2008 21:34 > To: MailScanner discussion > Subject: Re: RE: batch processing tmes > > Martin, > > We are only using zen.spamhaus.org. Should I be using something else? > > Dave > > Martin.Hepworth wrote: > > Dave > > > > Look at what scores you are getting for the 1-3 seconds > runs. I suggesrt you'll find they are using MailScanner's > spamassassin cache. > > > > For the longer messages I suggest they are doing a lot of > RBL lookups. You have turned off all the RBL'S you don't want > in Spamassassin haven't you? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Dave > >> Filchak > >> Sent: 23 June 2008 00:03 > >> To: mailscanner@lists.mailscanner.info > >> Subject: batch processing tmes > >> > >> OK .. I think I have my configuration straightened out and am not > >> seeing errors in spamassassin -d --lint or sa-update -D. > >> However, what I am seeing is batch processing times all > over the map > >> ... sometimes 1 - 3 seconds and then often times up as > high as 25 -30 > >> seconds. Can anyone shed some light as to what might be > causing these > >> long processing times. > >> These are happening with batches of only two or three messages. > >> > >> Again, here is my configuration: > >> > >> This is CentOS release 4.1 (Final) > >> This is Perl version 5.008005 (5.8.5) > >> > >> This is MailScanner version 4.70.6 > >> Module versions are: > >> 1.00 AnyDBM_File > >> 1.20 Archive::Zip > >> 0.22 bignum > >> 1.03 Carp > >> 1.41 Compress::Zlib > >> 1.119 Convert::BinHex > >> 0.17 Convert::TNEF > >> 2.121 Data::Dumper > >> 2.27 Date::Parse > >> 1.00 DirHandle > >> 1.05 Fcntl > >> 2.73 File::Basename > >> 2.08 File::Copy > >> 2.01 FileHandle > >> 1.06 File::Path > >> 0.19 File::Temp > >> 0.90 Filesys::Df > >> 1.35 HTML::Entities > >> 3.56 HTML::Parser > >> 2.37 HTML::TokeParser > >> 1.23 IO > >> 1.14 IO::File > >> 1.13 IO::Pipe > >> 2.02 Mail::Header > >> 1.87 Math::BigInt > >> 0.20 Math::BigRat > >> 3.05 MIME::Base64 > >> 5.425 MIME::Decoder > >> 5.425 MIME::Decoder::UU > >> 5.425 MIME::Head > >> 5.425 MIME::Parser > >> 3.03 MIME::QuotedPrint > >> 5.425 MIME::Tools > >> 0.11 Net::CIDR > >> 1.25 Net::IP > >> 0.16 OLE::Storage_Lite > >> 1.04 Pod::Escapes > >> 3.05 Pod::Simple > >> 1.08 POSIX > >> 1.19 Scalar::Util > >> 1.77 Socket > >> 2.13 Storable > >> 1.4 Sys::Hostname::Long > >> 0.18 Sys::Syslog > >> 1.26 Test::Pod > >> 0.7 Test::Simple > >> 1.9707 Time::HiRes > >> 1.02 Time::localtime > >> > >> Optional module versions are: > >> 1.32 Archive::Tar > >> 0.22 bignum > >> 1.82 Business::ISBN > >> 1.10 Business::ISBN::Data > >> 1.08 Data::Dump > >> 1.814 DB_File > >> 1.13 DBD::SQLite > >> 1.58 DBI > >> 1.15 Digest > >> 1.01 Digest::HMAC > >> 2.36 Digest::MD5 > >> 2.11 Digest::SHA1 > >> 1.00 Encode::Detect > >> 0.17008 Error > >> 0.19 ExtUtils::CBuilder > >> 2.18 ExtUtils::ParseXS > >> 2.36 Getopt::Long > >> 0.44 Inline > >> 1.08 IO::String > >> 1.04 IO::Zlib > >> 2.21 IP::Country > >> 0.22 Mail::ClamAV > >> 3.002005 Mail::SpamAssassin > >> v2.004 Mail::SPF > >> 1.999001 Mail::SPF::Query > >> 0.2808 Module::Build > >> 0.20 Net::CIDR::Lite > >> 0.63 Net::DNS > >> 0.002.2 Net::DNS::Resolver::Programmable > >> missing Net::LDAP > >> 4.004 NetAddr::IP > >> 1.94 Parse::RecDescent > >> missing SAVI > >> 2.64 Test::Harness > >> 0.95 Test::Manifest > >> 1.95 Text::Balanced > >> 1.35 URI > >> 0.7203 version > >> 0.65 YAML > >> > >> Dave > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 1RU, United Kingdom > > > ********************************************************************** > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From marc at marcsnet.com Tue Jun 24 12:51:59 2008 From: marc at marcsnet.com (Marc Lucke) Date: Tue Jun 24 12:52:37 2008 Subject: use_bayes not working In-Reply-To: References: <00dd01c8d4e7$37c09140$a741b3c0$@com> Message-ID: <4860DFDF.8070701@marcsnet.com> Thanks Henry, The problem is that I don't get BAYES_ anything in the header of email that MailScanner processes, not that spamassassin is not using bayes. Marc Henry Kwan wrote: > Marc Lucke marcsnet.com> writes: > > >> In the above, I used to get a "BAYES_ " score adding >> to the total. E.g. BAYES_99 5.00 >> >> No matter what I do, I can't get it anymore. It is driving me around the >> bend! >> >> What do I need to do to re-enable this?! >> [...] >> tests=BAYES_40,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_R >> ELAYS >> > > Hi, > > >From that output, it seems like bayes is working since BAYES_40 was triggered. > Try feeding SA a more spammy message to see if BAYES_99 gets triggered. > > > > From MailScanner at ecs.soton.ac.uk Tue Jun 24 13:45:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 24 13:45:34 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> Message-ID: <4860EC53.4090503@ecs.soton.ac.uk> I have already produced a fix for this problem, and am waiting for anyone on the mailscanner-beta list to try it out. If you mangle the URLs on the website to download 4.70.7-1 you will find the fix is there. I just didn't want to publish it until someone had agreed it fixed it. But my testers all seem to be on holiday :( Cheers, Jules. Richard Frovarp wrote: > Richard Frovarp wrote: >> Richard Frovarp wrote: >>> I'm having a problem where the img tag in HTML messages is being >>> removed. I'm using clamd 0.92.1, SA 3.2.5, and MS 4.70-6.1. What is >>> interesting is they aren't being replaced with anything, they're >>> just being completely removed. >>> >>> I do have this set in MS, plus I would expect it to replace, not >>> remove: >>> Allow WebBugs = yes >>> >>> Anyone have any ideas? I did switch to clamd from clamavmodule, so >>> that may have something to do with it. >>> >>> Thanks, >>> Richard >> Okay, it's not clamd. I turned it off and I have the same problem. SA >> shouldn't mess with, well anything. So it would appear that something >> changed in MS between 4.61.7 and 4.70.6. I've got a diff between what >> the MailScanner.conf file looked like before and after the upgrade. I >> don't see anything in there that would explain this behavior. > > I found the problem. If DisarmWebBug is false, it skips over adding > $text to $output, making it completely skip the tag. Since I think the > goal of the change is to track if the signature image is found, I > stuck an else after the DisarmWebBug test to just dump the text. > > --- Message.pm.bak 2008-06-23 09:30:21.000000000 -0500 > +++ Message.pm 2008-06-23 09:36:56.000000000 -0500 > @@ -6612,6 +6612,8 @@ > } else { > $output .= $text; > } > + } else { > + $output .= $text; > } > } elsif ($tagname eq 'base') { > #print STDERR "It's a Base URL\n"; > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From submit at zuka.net Tue Jun 24 14:25:22 2008 From: submit at zuka.net (Dave Filchak) Date: Tue Jun 24 14:25:54 2008 Subject: batch processing tmes In-Reply-To: <485EDA0D.6020001@zuka.net> References: <485EDA0D.6020001@zuka.net> Message-ID: <4860F5C2.1070807@zuka.net> Thanks all for your responses. I will look into this further. I used to manage my email servers a couple of years ago and then had someone else doing it. So, I am just trying to get up to speed again. Cheers all. Dave Dave Filchak wrote: >
OK .. I > think I have my configuration straightened out and am not seeing > errors in spamassassin -d --lint or sa-update -D. However, what I am > seeing is batch processing times all over the map ... sometimes 1 - 3 > seconds and then often times up as high as 25 -30 seconds. Can anyone > shed some light as to what might be causing these long processing > times. These are happening with batches of only two or three messages. > > Again, here is my configuration: > > This is CentOS release 4.1 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.70.6 From hvdkooij at vanderkooij.org Tue Jun 24 14:32:44 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 24 14:32:53 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <4860EC53.4090503@ecs.soton.ac.uk> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> Message-ID: <4860F77C.2090304@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | I have already produced a fix for this problem, and am waiting for | anyone on the mailscanner-beta list to try it out. | If you mangle the URLs on the website to download 4.70.7-1 you will find | the fix is there. I just didn't want to publish it until someone had | agreed it fixed it. | But my testers all seem to be on holiday :( Everyone has a hard time keeping up with you when you are working below your average capacity allready. So if you feel better we simply lag behind. If this gets any worse after succesful surgery you might be so ahaead of the game the rest of us do not even know where the match is anyway. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIYPd6BvzDRVjxmYERAvLtAJ4t343ZS82Kb195bCOeYnCMIvOL3wCdG9pv s0tna09trqcBNfaWnz1+AaM= =gUxr -----END PGP SIGNATURE----- From cobalt-users1 at fishnet.co.uk Tue Jun 24 14:39:03 2008 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Jun 24 14:39:24 2008 Subject: use_bayes not working In-Reply-To: <4860DFDF.8070701@marcsnet.com> References: <00dd01c8d4e7$37c09140$a741b3c0$@com>, , <4860DFDF.8070701@marcsnet.com> Message-ID: <48610707.17647.158E5A6C@cobalt-users1.fishnet.co.uk> On 24 Jun 2008 at 7:51, Marc Lucke wrote: > Thanks Henry, > > The problem is that I don't get BAYES_ anything in the header of email > that MailScanner processes, not that spamassassin is not using bayes. > > > Marc Hi, Try a lint using the spamassassin config file the MailScanner uses. On my system that is /etc/MailScanner/spam.assassin.prefs.conf, ie: spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint I usually pipe the STDERR to a file so I can read it properly: spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2> lint.txt It may be that the standard spamassasin has bayes turned on, but it somehow got turned off in MailScanner. Regards Ian -- From richard.frovarp at sendit.nodak.edu Tue Jun 24 14:54:26 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 24 14:54:37 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <4860EC53.4090503@ecs.soton.ac.uk> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> Message-ID: <4860FC92.1040908@sendit.nodak.edu> Julian Field wrote: > I have already produced a fix for this problem, and am waiting for > anyone on the mailscanner-beta list to try it out. > If you mangle the URLs on the website to download 4.70.7-1 you will > find the fix is there. I just didn't want to publish it until someone > had agreed it fixed it. > But my testers all seem to be on holiday :( > > Cheers, > Jules. Thanks. Got it installed and it did fix the problem. Richard From mpatil at bu.edu Tue Jun 24 16:22:00 2008 From: mpatil at bu.edu (Patil, Manjiri S) Date: Tue Jun 24 16:22:39 2008 Subject: Mailscanner detects but does not deliver Spam message Message-ID: <2DE012B637518B4BB1F1C1F4AA570FB802B0270E@ENG-EXCHANGE1.ad.bu.edu> Hi , I have installed Mailscanner Version 4.70.6-1 for RedHat, Fedora and Mandrake Linux (and other RPM-based Linux distributions) as per following instructions. 1. Download the latest "for Red Hat, Fedora, and Mandrake Linux (and other RPM-based Linux distributions)" release of MailScanner, as well as the latest "ClamAV and SpamAssassin easy installation packages." i.e ClamAV 0.93.1 and SpamAssassin 3.2.5 . 2. I started by installing SpamAssassin/ClamAV package first. I got message saying "If you want to use MailScanners support for Clamd (virus-scanning daemon) then I recommend you cancel this script now (press Ctrl-C) and install the RPMs for clamav, clamav-db and clamd from... Otherwise you probably want me to install ClamAV now." I continued with the installation of ClamAV. 3. Installation of SpamAssassin and clamav went ok without errors. I also installed Razor-agents-sdk and Razor2 and DCC. Added VirusScan = clamav , Spamassassin=yes in mailscanner.conf and started service etc. 4. When I sent a test spam GTube mail E.g mail -s "test spam" root@abc.edu < /abc/sample-spam.txt I do see in maillog that spam is detected. HOWEVER the mail is not delivered in the root mailbox. However If I sent plain email with no spam it does get delivered. Jun 24 11:11:52 smgtest6 sendmail[29920]: m5OFBqrk029920: from=root, size=844, class=0, nrcpts=1, msgid=<200806241511.m5OFBqrk029920@smgtest6.bu.edu>, relay=root@localhost Jun 24 11:11:53 smgtest6 sendmail[29921]: m5OFBrZB029921: from=, size=1126, class=0, nrcpts=1, msgid=<200806241511.m5OFBqrk029920@smgtest6.bu.edu>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Jun 24 11:11:53 smgtest6 sendmail[29920]: m5OFBqrk029920: to=root@smgtest6.bu.edu, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30844, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m5OFBrZB029921 Message accepted for delivery) Jun 24 11:11:53 smgtest6 MailScanner[28651]: New Batch: Scanning 1 messages, 1595 bytes Jun 24 11:11:54 smgtest6 MailScanner[28651]: SpamAssassin cache hit for message m5OFBrZB029921 Jun 24 11:11:54 smgtest6 MailScanner[28651]: Spam Checks: Found 1 spam messages Jun 24 11:11:54 smgtest6 MailScanner[28651]: Virus and Content Scanning: Starting Jun 24 11:12:19 smgtest6 MailScanner[28651]: MailScanner child dying of old age Jun 24 11:12:19 smgtest6 MailScanner[29932]: MailScanner E-Mail Virus Scanner version 4.70.6 starting... Jun 24 11:12:20 smgtest6 MailScanner[29932]: Read 821 hostnames from the phishing whitelist Jun 24 11:12:20 smgtest6 MailScanner[29932]: Read 2936 hostnames from the phishing blacklist Jun 24 11:12:20 smgtest6 MailScanner[29932]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 24 11:12:21 smgtest6 MailScanner[29932]: Using SpamAssassin results cache Jun 24 11:12:21 smgtest6 MailScanner[29932]: Connected to SpamAssassin cache database Jun 24 11:12:21 smgtest6 MailScanner[29932]: Enabling SpamAssassin auto-whitelist functionality... Jun 24 11:12:29 smgtest6 MailScanner[29932]: Using locktype = posix Please Help . Manjiri Patil Information Technology Services BU School Of Management mpatil@bu.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080624/fedf8112/attachment.html From jra at baylink.com Tue Jun 24 18:19:45 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Tue Jun 24 18:19:55 2008 Subject: argv[0] prompt extension patches? Message-ID: <20080624171945.GE7226@cgi.jachomes.com> I note that MailScanner (at least as of the 4.54 I have installed), modifies the argv[0] displayed by 'ps axf' so you can get a bit of an idea what's going on. But only a bit: no msgid, no addressee. Julian, would you entertain for the mainline some patches that expand those messages a bit, within the bounds of good argv[0] hygiene, or did you leave it vague for a reason? Clearly, if I do submit such, I'll do it against at least current stable. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer +-Internetworking------+---------+ RFC 2100 Ashworth & Associates | Best Practices Wiki | | '87 e24 St Petersburg FL USA +-http://bestpractices.wikia.com-+ +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me From dchee at uci.edu Tue Jun 24 18:52:49 2008 From: dchee at uci.edu (Derek Chee) Date: Tue Jun 24 18:53:02 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <4860EC53.4090503@ecs.soton.ac.uk> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> Message-ID: <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> Can you clarify exactly what the problem is and when it's triggered? I'm trying to determine if I need to upgrade ASAP or if this is something that can be deferred. -- Derek On Jun 24, 2008, at 5:45 AM, Julian Field wrote: > I have already produced a fix for this problem, and am waiting for > anyone on the mailscanner-beta list to try it out. > If you mangle the URLs on the website to download 4.70.7-1 you will > find the fix is there. I just didn't want to publish it until > someone had agreed it fixed it. > But my testers all seem to be on holiday :( > > Cheers, > Jules. > > Richard Frovarp wrote: >> Richard Frovarp wrote: >>> Richard Frovarp wrote: >>>> I'm having a problem where the img tag in HTML messages is being >>>> removed. I'm using clamd 0.92.1, SA 3.2.5, and MS 4.70-6.1. What >>>> is interesting is they aren't being replaced with anything, >>>> they're just being completely removed. >>>> >>>> I do have this set in MS, plus I would expect it to replace, not >>>> remove: >>>> Allow WebBugs = yes >>>> >>>> Anyone have any ideas? I did switch to clamd from clamavmodule, >>>> so that may have something to do with it. >>>> >>>> Thanks, >>>> Richard >>> Okay, it's not clamd. I turned it off and I have the same problem. >>> SA shouldn't mess with, well anything. So it would appear that >>> something changed in MS between 4.61.7 and 4.70.6. I've got a diff >>> between what the MailScanner.conf file looked like before and >>> after the upgrade. I don't see anything in there that would >>> explain this behavior. >> >> I found the problem. If DisarmWebBug is false, it skips over adding >> $text to $output, making it completely skip the tag. Since I think >> the goal of the change is to track if the signature image is found, >> I stuck an else after the DisarmWebBug test to just dump the text. >> >> --- Message.pm.bak 2008-06-23 09:30:21.000000000 -0500 >> +++ Message.pm 2008-06-23 09:36:56.000000000 -0500 >> @@ -6612,6 +6612,8 @@ >> } else { >> $output .= $text; >> } >> + } else { >> + $output .= $text; >> } >> } elsif ($tagname eq 'base') { >> #print STDERR "It's a Base URL\n"; >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From richard.frovarp at sendit.nodak.edu Tue Jun 24 19:18:18 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 24 19:18:31 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> Message-ID: <48613A6A.4080903@sendit.nodak.edu> Derek Chee wrote: > Can you clarify exactly what the problem is and when it's triggered? > I'm trying to determine if I need to upgrade ASAP or if this is > something that can be deferred. > > -- Derek img tags in HTML mail are removed if "Allow WebBugs = yes" is set. From dchee at uci.edu Tue Jun 24 19:57:27 2008 From: dchee at uci.edu (Derek Chee) Date: Tue Jun 24 19:57:40 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <48613A6A.4080903@sendit.nodak.edu> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> <48613A6A.4080903@sendit.nodak.edu> Message-ID: <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> On Jun 24, 2008, at 11:18 AM, Richard Frovarp wrote: > Derek Chee wrote: >> Can you clarify exactly what the problem is and when it's >> triggered? I'm trying to determine if I need to upgrade ASAP or if >> this is something that can be deferred. >> >> -- Derek > > img tags in HTML mail are removed if "Allow WebBugs = yes" is set. In all cases? I redirected an HTML message with IMG tags to myself through my v4.70.6 installation and the IMG tags are still there. -- Derek From richard.frovarp at sendit.nodak.edu Tue Jun 24 19:59:51 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 24 20:00:03 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> <48613A6A.4080903@sendit.nodak.edu> <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> Message-ID: <48614427.8020203@sendit.nodak.edu> Derek Chee wrote: > On Jun 24, 2008, at 11:18 AM, Richard Frovarp wrote: >> Derek Chee wrote: >>> Can you clarify exactly what the problem is and when it's >>> triggered? I'm trying to determine if I need to upgrade ASAP or if >>> this is something that can be deferred. >>> >>> -- Derek >> >> img tags in HTML mail are removed if "Allow WebBugs = yes" is set. > > In all cases? I redirected an HTML message with IMG tags to myself > through my v4.70.6 installation and the IMG tags are still there. Yes. What do you have for "Allow WebBugs". From mpatil at bu.edu Tue Jun 24 20:04:50 2008 From: mpatil at bu.edu (Patil, Manjiri S) Date: Tue Jun 24 20:05:19 2008 Subject: Can not find Infected attachments in quarantine directory Message-ID: <2DE012B637518B4BB1F1C1F4AA570FB802B02AB8@ENG-EXCHANGE1.ad.bu.edu> Hi , I have setup Mailscannner 4.70.7.1 with ClamAV and SpamAssassin running on RHEL 5.0 running SENDMAIL. Mailscanner detects the virus and I do get message saying "Warning: This message has had one or more attachments removed" When I look at /var/spool/Mailscanner/quarantine/XXX/ directory . I can see only spam folder listed. The infected message is not there. I have Mailscanner.conf with default settings i.e Virus Scanners = clamav Deliver Disinfected Files = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Still Deliver Silent Viruses = no Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Whole Message = no Keep Spam And MCP Archive Clean = no Please help manz -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080624/4fe2277a/attachment.html From lists at designmedia.com Tue Jun 24 20:06:48 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 24 20:07:04 2008 Subject: use_bayes not working References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> Message-ID: Marc Lucke marcsnet.com> writes: > The problem is that I don't get BAYES_ anything in the header of email > that MailScanner processes, not that spamassassin is not using bayes. Perhaps it's looking at the wrong bayes database? Perhaps you can explicitly call out the bayes path via: use_bayes 1 bayes_path /root/.spamassassin/bayes Does calling MailScanner with --debug and --debug-sa yield anything useful? From lists at designmedia.com Tue Jun 24 20:32:56 2008 From: lists at designmedia.com (Henry Kwan) Date: Tue Jun 24 20:33:19 2008 Subject: Generating simple SA reports? Message-ID: Hi, What do folks use for gathering spam stats? Are most people using MailWatch? I used to use sa-stats.pl when I was running SA as a standalone tool but it doesn't seem to be compatible with the MS logs, even after I turn on extended logging (Log Spam/Non Spam = yes). Thanks. From J.Ede at birchenallhowden.co.uk Tue Jun 24 20:42:02 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 24 20:42:23 2008 Subject: Generating simple SA reports? In-Reply-To: References: Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566B8E57D@server02.bhl.local> I use Vispan that seems to give good results. http://www.while.org.uk/content/view/9/5/ > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Henry Kwan > Sent: 24 June 2008 20:33 > To: mailscanner@lists.mailscanner.info > Subject: Generating simple SA reports? > > > Hi, > > What do folks use for gathering spam stats? Are most people using > MailWatch? > > I used to use sa-stats.pl when I was running SA as a standalone tool > but it > doesn't seem to be compatible with the MS logs, even after I turn on > extended > logging (Log Spam/Non Spam = yes). > > Thanks. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dchee at uci.edu Tue Jun 24 20:53:23 2008 From: dchee at uci.edu (Derek Chee) Date: Tue Jun 24 20:53:38 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <48614427.8020203@sendit.nodak.edu> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> <48613A6A.4080903@sendit.nodak.edu> <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> <48614427.8020203@sendit.nodak.edu> Message-ID: On Jun 24, 2008, at 11:59 AM, Richard Frovarp wrote: > Derek Chee wrote: >> On Jun 24, 2008, at 11:18 AM, Richard Frovarp wrote: >>> Derek Chee wrote: >>>> Can you clarify exactly what the problem is and when it's >>>> triggered? I'm trying to determine if I need to upgrade ASAP or >>>> if this is something that can be deferred. >>>> >>>> -- Derek >>> >>> img tags in HTML mail are removed if "Allow WebBugs = yes" is set. >> >> In all cases? I redirected an HTML message with IMG tags to myself >> through my v4.70.6 installation and the IMG tags are still there. > Yes. What do you have for "Allow WebBugs". I have: Allow WebBugs = yes -- Derek From nerijusb at dtiltas.lt Tue Jun 24 22:01:08 2008 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 24 22:10:16 2008 Subject: perl-Test-Simple needed earlier Message-ID: Hello, I had to install perl-Test-Simple on Fedora 8, otherwise a few packages could not be built - Test-Pod etc. I see Oh good, module Test::Simple version 0.70 is already installed. Attempting to build and install perl-Math-BigInt-1.86-1 So it seems building of perl-Test-Simple should be moved up in a queue. Regards, Nerijus From nerijusb at dtiltas.lt Tue Jun 24 22:00:17 2008 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 24 22:10:19 2008 Subject: please update to File-Temp-0.20 Message-ID: Hello, MailScanner rpm install has perl-File-Temp-0.19-1.src.rpm, which does not build on F8 system (but running on FC6 kernel (not rebooted yet after an OS upgrade), could it be because of this?): + make cp Temp.pm blib/lib/File/Temp.pm Manifying blib/man3/File::Temp.3pm + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/cmp.........ok t/fork........ok t/lock........You tried to run a test without a plan at t/lock.t line 8. BEGIN failed--compilation aborted at t/lock.t line 8. t/lock........dubious Test returned status 2 (wstat 512, 0x200) ... Failed 1/9 test scripts, 88.89% okay. 0/102 subtests failed, 100.00% okay. RPM build errors: Bad exit status from /var/tmp/rpm-tmp.4617 (%build) Because of this perl-MIME-tools does not build: *** The following required modules are missing: File::Temp: At least version 0.17 *** Please install them before attempting to use MIME::Tools. perl-File-Temp-0.20 builds OK: + make cp ._Temp.pm blib/lib/File/._Temp.pm cp Temp.pm blib/lib/File/Temp.pm Manifying blib/man3/File::Temp.3pm + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/cmp.........ok t/fork........ok t/lock........skipped all skipped: Do not seem to have O_EXLOCK t/mktemp......ok t/object......ok t/posix.......ok t/security....ok 3/13 skipped: Test inappropriate for root t/seekable....ok t/tempfile....ok All tests successful, 1 test and 3 subtests skipped. Files=9, Tests=102, 18 wallclock secs ( 3.61 cusr + 0.52 csys = 4.13 CPU) + exit 0 Regards, Nerijus From ajcartmell at fonant.com Tue Jun 24 22:20:11 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Jun 24 22:20:25 2008 Subject: perl-Test-Simple needed earlier In-Reply-To: References: Message-ID: > So it seems building of perl-Test-Simple should be moved up in a queue. +1 Anthony -- www.fonant.com - Quality web sites From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:31:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:31:51 2008 Subject: Mailscanner detects but does not deliver Spam message In-Reply-To: References: Message-ID: <486191E2.1010907@ecs.soton.ac.uk> The GTUBE email scores about 1000 or some very high figure like this. This will be greater than your "High SpamAssassin Score" setting in MailScanner.conf (10 by default) and will therefore cause your "High Scoring Spam Actions" to be used. By default this is set to "store" which will just archive the high-scoring spam, but not deliver it. This is set by default to save your users from receiving all the definite spam altogether, so they suddenly notice a large drop in the amount of junk hitting their inboxes, and it saves your mail delivery system from having to deliver all that definite spam. If you want high-scoring spam to be delivered, you would need to include the word "deliver" in your list of High Scoring Spam Actions in MailScanner.conf, then "service MailScanner reload" to force it to re-read the configuration files immediately. Best regards, Jules Patil, Manjiri S wrote: > > Hi , > > I have installed Mailscanner Version 4.70.6-1 for RedHat, Fedora and > Mandrake Linux (and other RPM-based Linux distributions) > > as per following instructions. > > 1. Download the latest "for Red Hat, Fedora, and Mandrake Linux (and > other RPM-based Linux distributions)" release of MailScanner, as well > as the latest "ClamAV and SpamAssassin easy installation packages." > i.e ClamAV 0.93.1 > > and SpamAssassin 3.2.5 > . > > 2. I started by installing SpamAssassin/ClamAV package first. I got > message saying ?If you want to use MailScanners support for Clamd > (virus-scanning > > daemon) then I recommend you cancel this script now (press Ctrl-C) and > install the RPMs for clamav, clamav-db and clamd from? Otherwise you > probably want me to install ClamAV now.? I > > continued with the installation of ClamAV. > > 3. Installation of SpamAssassin and clamav went ok without errors. I > also installed Razor-agents-sdk and Razor2 and DCC. Added VirusScan = > clamav , Spamassassin=yes in mailscanner.conf and started service etc. > > 4. When I sent a test spam GTube mail > > E.g mail -s "test spam" root@abc.edu < /abc/sample-spam.txt > > I do see in maillog that spam is detected. HOWEVER the mail is not > delivered in the root mailbox. However If I sent plain email with no > spam it does get delivered. > > Jun 24 11:11:52 smgtest6 sendmail[29920]: m5OFBqrk029920: from=root, > size=844, class=0, nrcpts=1, > msgid=<200806241511.m5OFBqrk029920@smgtest6.bu.edu>, relay=root@localhost > > Jun 24 11:11:53 smgtest6 sendmail[29921]: m5OFBrZB029921: > from=, size=1126, class=0, nrcpts=1, > msgid=<200806241511.m5OFBqrk029920@smgtest6.bu.edu>, proto=ESMTP, > daemon=MTA, relay=localhost.localdomain [127.0.0.1] > > Jun 24 11:11:53 smgtest6 sendmail[29920]: m5OFBqrk029920: > to=root@smgtest6.bu.edu, ctladdr=root (0/0), delay=00:00:01, > xdelay=00:00:00, mailer=relay, pri=30844, relay=[127.0.0.1] > [127.0.0.1], dsn=2.0.0, stat=Sent (m5OFBrZB029921 Message accepted for > delivery) > > Jun 24 11:11:53 smgtest6 MailScanner[28651]: New Batch: Scanning 1 > messages, 1595 bytes > > Jun 24 11:11:54 smgtest6 MailScanner[28651]: SpamAssassin cache hit > for message m5OFBrZB029921 > > Jun 24 11:11:54 smgtest6 MailScanner[28651]: Spam Checks: Found 1 spam > messages > > Jun 24 11:11:54 smgtest6 MailScanner[28651]: Virus and Content > Scanning: Starting > > Jun 24 11:12:19 smgtest6 MailScanner[28651]: MailScanner child dying > of old age > > Jun 24 11:12:19 smgtest6 MailScanner[29932]: MailScanner E-Mail Virus > Scanner version 4.70.6 starting... > > Jun 24 11:12:20 smgtest6 MailScanner[29932]: Read 821 hostnames from > the phishing whitelist > > Jun 24 11:12:20 smgtest6 MailScanner[29932]: Read 2936 hostnames from > the phishing blacklist > > Jun 24 11:12:20 smgtest6 MailScanner[29932]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Jun 24 11:12:21 smgtest6 MailScanner[29932]: Using SpamAssassin > results cache > > Jun 24 11:12:21 smgtest6 MailScanner[29932]: Connected to SpamAssassin > cache database > > Jun 24 11:12:21 smgtest6 MailScanner[29932]: Enabling SpamAssassin > auto-whitelist functionality... > > Jun 24 11:12:29 smgtest6 MailScanner[29932]: Using locktype = posix > > Please Help . > > Manjiri Patil > > Information Technology Services > > BU School Of Management > > mpatil@bu.edu > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:35:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:35:40 2008 Subject: argv[0] prompt extension patches? In-Reply-To: References: Message-ID: <486192C7.9060107@ecs.soton.ac.uk> Jay R. Ashworth wrote: > I note that MailScanner (at least as of the 4.54 I have installed), > modifies the argv[0] displayed by 'ps axf' so you can get a bit of an idea > what's going on. > > But only a bit: no msgid, no addressee. > That would only be useful if MailScanner went through each message individually, scanning them one by one. But that's not how MailScanner works. For efficiency, it works on batches of messages. So the virus scanner, for example, is called once for the entire batch of messages, not once for each message. All the messages in a batch are processed together at each stage of the process. It scans them all for RBL hits, then all of them with SpamAssassin, then all of them for viruses, then all of them for HTML nasties, and so on. So it wouldn't actually give you any useful information whatsoever. Which is why I haven't already done it myself. > Julian, would you entertain for the mainline some patches that expand > those messages a bit, within the bounds of good argv[0] hygiene, or did > you leave it vague for a reason? > > Clearly, if I do submit such, I'll do it against at least current stable. > > Cheers, > -- jra > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:38:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:38:23 2008 Subject: Can not find Infected attachments in quarantine directory In-Reply-To: References: Message-ID: <4861936A.5090303@ecs.soton.ac.uk> Note your setting for "Quarantine Silent Viruses". And look up your setting for "Silent Viruses" and "Non-Forging Viruses" (which are the opposite of "Silent Viruses"). You will see that you have it set up so that pretty much all viruses except EICAR are deemed to be "Silent Viruses", and are therefore not quarantined by your settings. Jules. Patil, Manjiri S wrote: > > Hi , > > I have setup Mailscannner 4.70.7.1 with ClamAV and SpamAssassin > running on RHEL 5.0 running SENDMAIL. Mailscanner detects the virus > and I do get message saying ?Warning: This message has had one or more > attachments removed? > > When I look at /var/spool/Mailscanner/quarantine/XXX/ directory . > > I can see only spam folder listed. The infected message is not there. > I have Mailscanner.conf with default settings > > i.e > > Virus Scanners = clamav > > Deliver Disinfected Files = no > > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > > Still Deliver Silent Viruses = no > > Quarantine Infections = yes > > Quarantine Silent Viruses = no > > Quarantine Whole Message = no > > Keep Spam And MCP Archive Clean = no > > Please help > > manz > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:39:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:39:42 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> <48613A6A.4080903@sendit.nodak.edu> <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> <48614427.8020203@sendit.nodak.edu> Message-ID: <486193BB.3090104@ecs.soton.ac.uk> Derek Chee wrote: > On Jun 24, 2008, at 11:59 AM, Richard Frovarp wrote: >> Derek Chee wrote: >>> On Jun 24, 2008, at 11:18 AM, Richard Frovarp wrote: >>>> Derek Chee wrote: >>>>> Can you clarify exactly what the problem is and when it's >>>>> triggered? I'm trying to determine if I need to upgrade ASAP or >>>>> if this is something that can be deferred. >>>>> >>>>> -- Derek >>>> >>>> img tags in HTML mail are removed if "Allow WebBugs = yes" is set. >>> >>> In all cases? I redirected an HTML message with IMG tags to myself >>> through my v4.70.6 installation and the IMG tags are still there. >> Yes. What do you have for "Allow WebBugs". > > I have: > > Allow WebBugs = yes If you think it works in that situation, then you have obviously found something that no-one else, including me, has found, and therefore do not need to upgrade to 4.70.7 :-) If you think it works, then you don't need to fix it. :-) :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:46:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:46:54 2008 Subject: please update to File-Temp-0.20 In-Reply-To: References: Message-ID: <48619568.4040306@ecs.soton.ac.uk> It will be in the next release. Nerijus Baliunas wrote: > Hello, > > MailScanner rpm install has perl-File-Temp-0.19-1.src.rpm, which does > not build on F8 system (but running on FC6 kernel (not rebooted yet after > an OS upgrade), could it be because of this?): > > + make > cp Temp.pm blib/lib/File/Temp.pm > Manifying blib/man3/File::Temp.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/cmp.........ok > t/fork........ok > t/lock........You tried to run a test without a plan at t/lock.t line 8. > BEGIN failed--compilation aborted at t/lock.t line 8. > t/lock........dubious > Test returned status 2 (wstat 512, 0x200) > ... > Failed 1/9 test scripts, 88.89% okay. 0/102 subtests failed, 100.00% okay. > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.4617 (%build) > > Because of this perl-MIME-tools does not build: > *** The following required modules are missing: > File::Temp: At least version 0.17 > *** Please install them before attempting to use MIME::Tools. > > perl-File-Temp-0.20 builds OK: > > + make > cp ._Temp.pm blib/lib/File/._Temp.pm > cp Temp.pm blib/lib/File/Temp.pm > Manifying blib/man3/File::Temp.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/cmp.........ok > t/fork........ok > t/lock........skipped > all skipped: Do not seem to have O_EXLOCK > t/mktemp......ok > t/object......ok > t/posix.......ok > t/security....ok > 3/13 skipped: Test inappropriate for root > t/seekable....ok > t/tempfile....ok > All tests successful, 1 test and 3 subtests skipped. > Files=9, Tests=102, 18 wallclock secs ( 3.61 cusr + 0.52 csys = 4.13 CPU) > + exit 0 > > Regards, > Nerijus > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 25 01:50:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 25 01:50:28 2008 Subject: perl-Test-Simple needed earlier In-Reply-To: References: Message-ID: <4861963F.1070603@ecs.soton.ac.uk> Anthony Cartmell wrote: >> So it seems building of perl-Test-Simple should be moved up in a queue. > > +1 It has dependencies (Test::Harness, which may in turn have other dependencies). How far up the queue does it need to go? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at designmedia.com Wed Jun 25 01:54:46 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 25 01:55:04 2008 Subject: Generating simple SA reports? References: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566B8E57D@server02.bhl.local> Message-ID: Jason Ede birchenallhowden.co.uk> writes: > > I use Vispan that seems to give good results. >http://www.while.org.uk/content/view/9/5/ > Hi, Thanks for the link. I tried to install it on a test box but there was a bunch of missing modules that are needed before it will install so I'm not going to be able to test it until I get a chance to resolve those dependencies issues. From lists at designmedia.com Wed Jun 25 02:01:36 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 25 02:01:54 2008 Subject: Can't install CentOS 5.2 update? Message-ID: Hi, Noticed that CentOS 5.2 got released today. Tried to upgrade one of my test boxes but the perl module is returning a bunch of transaction test errors. I think it's related to the various modules packaged with Mailscanner but perhaps someone can confirm? Thanks. Transaction Check Error: file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 From dchee at uci.edu Wed Jun 25 07:09:57 2008 From: dchee at uci.edu (Derek Chee) Date: Wed Jun 25 07:10:10 2008 Subject: HTML images are being removed FIXED - PATCH In-Reply-To: <486193BB.3090104@ecs.soton.ac.uk> References: <485FA90E.1080806@sendit.nodak.edu> <485FACFD.50607@sendit.nodak.edu> <4860EC53.4090503@ecs.soton.ac.uk> <249653C9-F3CE-4F96-93F8-15A4D10E3C5A@uci.edu> <48613A6A.4080903@sendit.nodak.edu> <8A739B50-D9B7-4225-90FF-1319784FDA40@uci.edu> <48614427.8020203@sendit.nodak.edu> <486193BB.3090104@ecs.soton.ac.uk> Message-ID: <8F83C1DE-2837-43A5-8F92-9250AA0FD5FE@uci.edu> On Jun 24, 2008, at 5:39 PM, Julian Field wrote: > Derek Chee wrote: >> On Jun 24, 2008, at 11:59 AM, Richard Frovarp wrote: >>> Derek Chee wrote: >>>> On Jun 24, 2008, at 11:18 AM, Richard Frovarp wrote: >>>>> Derek Chee wrote: >>>>>> Can you clarify exactly what the problem is and when it's >>>>>> triggered? I'm trying to determine if I need to upgrade ASAP >>>>>> or if this is something that can be deferred. >>>>>> >>>>>> -- Derek >>>>> >>>>> img tags in HTML mail are removed if "Allow WebBugs = yes" is set. >>>> >>>> In all cases? I redirected an HTML message with IMG tags to >>>> myself through my v4.70.6 installation and the IMG tags are still >>>> there. >>> Yes. What do you have for "Allow WebBugs". >> >> I have: >> >> Allow WebBugs = yes > If you think it works in that situation, then you have obviously > found something that no-one else, including me, has found, and > therefore do not need to upgrade to 4.70.7 :-) > If you think it works, then you don't need to fix it. :-) :-) I am not doubting that you fixed a bug. I was just asking for clarification on what the exact trigger is because I have received HTML email with IMG tags intact through a v4.70.6 installation. I double checked it and the IMG tags were there. If you want an example, I'd be happy to send you a sample off list. -- Derek From prandal at herefordshire.gov.uk Wed Jun 25 07:42:07 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 25 07:42:31 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF5E@HC-MBX02.herefordshire.gov.uk> Don't panic: First off, make sure you have the latest MailScanner to hand to reinstall. service MailScanner stop service MailScanner startin rpm -e perl-IO rpm -e perl-Math-BigInt rpm -e perl-Math-BigRat rpm -e perl-bignum (and any other perl modules it complains about) yum update perl ... Reinstall MailScanner service MailScanner restart yum upgrade And reboot when it is all done Worked for me. Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Henry Kwan Sent: 25 June 2008 02:02 To: mailscanner@lists.mailscanner.info Subject: Can't install CentOS 5.2 update? Hi, Noticed that CentOS 5.2 got released today. Tried to upgrade one of my test boxes but the perl module is returning a bunch of transaction test errors. I think it's related to the various modules packaged with Mailscanner but perhaps someone can confirm? Thanks. Transaction Check Error: file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigInt-1.86-1 file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-Math-BigRat-0.19-1 file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-bignum-0.21-1 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From info at ixinu.be Wed Jun 25 07:42:51 2008 From: info at ixinu.be (Tom De Keukelaere) Date: Wed Jun 25 07:43:06 2008 Subject: Mailscanner & Qmail Message-ID: <20080625084251.aykkri8cgww8g4wg@webmail.ixinu.be> Dear all, I have tried to install Mailscanner with Qmail. The installation went fine but now I have those errors when I'am trying to send a mail. Jun 25 08:34:14 stock MailScanner[21713]: MailScanner E-Mail Virus Scanner version 4.70.6 starting... Jun 25 08:34:14 stock imapd: Connection, ip=[127.0.0.1] Jun 25 08:34:15 stock imapd: IMAP connect from @ [127.0.0.1]INFO: LOGIN, user=test, ip=[127.0.0.1], protocol=IMAP Jun 25 08:34:15 stock imapd: 1214375655.416757 LOGOUT, user=test, ip=[127.0.0.1], headers=0, body=0, rcvd=61, sent=506, maildir=/var/qmail/mailname$ Jun 25 08:34:16 stock imapd: Connection, ip=[127.0.0.1] Jun 25 08:34:16 stock imapd: IMAP connect from @ [127.0.0.1]INFO: LOGIN, user=test, ip=[127.0.0.1], protocol=IMAP Jun 25 08:34:16 stock relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:42234 (localhost) Jun 25 08:34:16 stock imapd: 1214375656.737848 LOGOUT, user=test, ip=[127.0.0.1], headers=0, body=0, rcvd=61, sent=506, maildir=/var/qmail/mailname$ Jun 25 08:34:17 stock MailScanner[21713]: Read 821 hostnames from the phishing whitelist Jun 25 08:34:18 stock MailScanner[21713]: Read 2993 hostnames from the phishing blacklist Jun 25 08:34:18 stock MailScanner[21713]: SpamAssassin temporary working directory is /tmp Jun 25 08:34:23 stock MailScanner[21713]: Using SpamAssassin results cache Jun 25 08:34:23 stock MailScanner[21713]: Could not create SpamAssassin cache database /var/spool/MailScanner/incoming/SpamAssassin.cache.db Jun 25 08:34:23 stock MailScanner[21713]: Enabling SpamAssassin auto-whitelist functionality... Jun 25 08:34:26 stock MailScanner[21534]: /var/qmail/queue.in/mess is not owned by user 2520 ! and in the webmail the next error (horde) There was an error sending your message: Failed to send data [SMTP: Invalid response code received from server (code: 451, response: qq internal bug (#4.3.0))] Can someone look at this? I've already tried to chmod the direcotry, but the error stays the same. Anyone managed to install mailscanner on a fedora system, with plesk and qmail? Thanks, Tom Kind Regards, Tom De Keukelaere ixinu - internet services http://www.ixinu.be http://www.digitaalforum.be http://www.fokjoe.be From Robert.Meurlin at se.fujitsu.com Wed Jun 25 08:48:32 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed Jun 25 08:49:53 2008 Subject: SV: Mailscanner & Qmail In-Reply-To: <20080625084251.aykkri8cgww8g4wg@webmail.ixinu.be> References: <20080625084251.aykkri8cgww8g4wg@webmail.ixinu.be> Message-ID: <797363C57EE0884786F428AAABCD469201490E4A@sea0120sex2.nordic.x> Hello Tom, I have managed long time ago to install it on a slackware machine and there were no problem. You can look at this guide: http://www.qmailrocks.org/ They have a section for fedora installation of qmail. //Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Tom De Keukelaere Skickat: den 25 juni 2008 08:43 Till: mailscanner@lists.mailscanner.info ?mne: Mailscanner & Qmail Dear all, I have tried to install Mailscanner with Qmail. The installation went fine but now I have those errors when I'am trying to send a mail. Jun 25 08:34:14 stock MailScanner[21713]: MailScanner E-Mail Virus Scanner version 4.70.6 starting... Jun 25 08:34:14 stock imapd: Connection, ip=[127.0.0.1] Jun 25 08:34:15 stock imapd: IMAP connect from @ [127.0.0.1]INFO: LOGIN, user=test, ip=[127.0.0.1], protocol=IMAP Jun 25 08:34:15 stock imapd: 1214375655.416757 LOGOUT, user=test, ip=[127.0.0.1], headers=0, body=0, rcvd=61, sent=506, maildir=/var/qmail/mailname$ Jun 25 08:34:16 stock imapd: Connection, ip=[127.0.0.1] Jun 25 08:34:16 stock imapd: IMAP connect from @ [127.0.0.1]INFO: LOGIN, user=test, ip=[127.0.0.1], protocol=IMAP Jun 25 08:34:16 stock relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:42234 (localhost) Jun 25 08:34:16 stock imapd: 1214375656.737848 LOGOUT, user=test, ip=[127.0.0.1], headers=0, body=0, rcvd=61, sent=506, maildir=/var/qmail/mailname$ Jun 25 08:34:17 stock MailScanner[21713]: Read 821 hostnames from the phishing whitelist Jun 25 08:34:18 stock MailScanner[21713]: Read 2993 hostnames from the phishing blacklist Jun 25 08:34:18 stock MailScanner[21713]: SpamAssassin temporary working directory is /tmp Jun 25 08:34:23 stock MailScanner[21713]: Using SpamAssassin results cache Jun 25 08:34:23 stock MailScanner[21713]: Could not create SpamAssassin cache database /var/spool/MailScanner/incoming/SpamAssassin.cache.db Jun 25 08:34:23 stock MailScanner[21713]: Enabling SpamAssassin auto-whitelist functionality... Jun 25 08:34:26 stock MailScanner[21534]: /var/qmail/queue.in/mess is not owned by user 2520 ! and in the webmail the next error (horde) There was an error sending your message: Failed to send data [SMTP: Invalid response code received from server (code: 451, response: qq internal bug (#4.3.0))] Can someone look at this? I've already tried to chmod the direcotry, but the error stays the same. Anyone managed to install mailscanner on a fedora system, with plesk and qmail? Thanks, Tom Kind Regards, Tom De Keukelaere ixinu - internet services http://www.ixinu.be http://www.digitaalforum.be http://www.fokjoe.be -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Robert.Meurlin at se.fujitsu.com Wed Jun 25 08:51:30 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed Jun 25 08:52:34 2008 Subject: SV: SV: SV: mailscanner dont process email at all In-Reply-To: <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490DD4@sea0120sex2.nordic.x><48536FD4.4090300@vanderkooij.org><797363C57EE0884786F428AAABCD469201490DD8@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DDC@sea0120sex2.nordic.x><485660C0.1080803@USherbrooke.ca><797363C57EE0884786F428AAABCD469201490DF0@sea0120sex2.nordic.x><797363C57EE0884786F428AAABCD469201490DF4@sea0120sex2.nordic.x><223f97700806170238h21a6cc6ao7a20770b745add43@mail.gmail.com> <797363C57EE0884786F428AAABCD469201490E10@sea0120sex2.nordic.x> Message-ID: <797363C57EE0884786F428AAABCD469201490E4B@sea0120sex2.nordic.x> Problem solved, there was a problem with the folder /root/.spamassassin So I just renamed that folder and restarted MailScanner and everything went working (it created the folder again). I Guess there were some corrupt file in that folder!? //Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Meurlin Robert Skickat: den 18 juni 2008 15:26 Till: MailScanner discussion ?mne: SV: SV: SV: mailscanner dont process email at all root 3432 0.0 0.8 66852 35056 ? Ss 15:09 0:00 MailScanner: master waiting for children, sleeping root 3433 100 1.4 94092 57864 ? R 15:09 2:36 MailScanner: starting children If I start MailScanner with sendmail , it will just hang as seen. Can it be something with clam? MailScanner --lint configtest doesn't give anything. Iam running this on Suse Enterprise 64 bit and it was installed trough rpm packages. Is there any command to start mailscanner med n?got trace option? Robert -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 17 juni 2008 11:39 Till: MailScanner discussion ?mne: Re: SV: SV: mailscanner dont process email at all 2008/6/17 Meurlin Robert : > Yes I manually flushed almost every email in the queue (had 6000 before now there is about 140) so that worked. > > Is the last option to reinstall mailscanner? All points to that is the problem. > Hej Robert, You mention configtest ... Is this a command? What is it supposed to do for you? Is this running on cPanel or similar? How did you do the install? What version of OS/distro are you using? The more details the better answers:-). Tjena -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rob at kettle.org.uk Wed Jun 25 08:58:21 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Jun 25 08:58:41 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF5E@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03CF5E@HC-MBX02.herefordshire.gov.uk> Message-ID: <4861FA9D.9050105@kettle.org.uk> Hi, seems to have worked for me as well. thanks Rob Randal, Phil wrote: > Don't panic: > > First off, make sure you have the latest MailScanner to hand to > reinstall. > > service MailScanner stop > service MailScanner startin > > rpm -e perl-IO > rpm -e perl-Math-BigInt > rpm -e perl-Math-BigRat > rpm -e perl-bignum > > (and any other perl modules it complains about) > > yum update perl > > ... Reinstall MailScanner > > service MailScanner restart > > yum upgrade > > And reboot when it is all done > > Worked for me. > > Phil > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Henry > Kwan > Sent: 25 June 2008 02:02 > To: mailscanner@lists.mailscanner.info > Subject: Can't install CentOS 5.2 update? > > Hi, > > Noticed that CentOS 5.2 got released today. Tried to upgrade one of my > test boxes but the perl module is returning a bunch of transaction test > errors. I think it's related to the various modules packaged with > Mailscanner but perhaps someone can confirm? Thanks. > > Transaction Check Error: > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO.pm from install > of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Dir.pm from > install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm from > install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Handle.pm from > install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm from > install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so from > install of perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-IO-1.2301-1 > file /usr/share/man/man3/IO.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Dir.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::File.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Handle.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Pipe.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Poll.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Seekable.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Select.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1 > file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigInt-1.86-1 > file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/share/man/man3/Math::BigRat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-Math-BigRat-0.19-1 > file /usr/lib/perl5/5.8.8/bigint.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bignum.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > file /usr/lib/perl5/5.8.8/bigrat.pm from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > file /usr/share/man/man3/bigint.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > file /usr/share/man/man3/bignum.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > file /usr/share/man/man3/bigrat.3pm.gz from install of > perl-5.8.8-10.el5_2.3 conflicts with file from package > perl-bignum-0.21-1 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marc at marcsnet.com Wed Jun 25 10:01:49 2008 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jun 25 10:02:32 2008 Subject: use_bayes not working In-Reply-To: References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> Message-ID: <4862097D.1000605@marcsnet.com> Yes, that's checked. This was a working system. Anywhere I can get it to give me debugging info? Henry Kwan wrote: > Marc Lucke marcsnet.com> writes: > > >> The problem is that I don't get BAYES_ anything in the header of email >> that MailScanner processes, not that spamassassin is not using bayes. >> > > Perhaps it's looking at the wrong bayes database? Perhaps you can explicitly > call out the bayes path via: > > use_bayes 1 > bayes_path /root/.spamassassin/bayes > > Does calling MailScanner with --debug and --debug-sa yield anything useful? > > > From ajcartmell at fonant.com Wed Jun 25 10:27:31 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Jun 25 10:27:43 2008 Subject: perl-Test-Simple needed earlier In-Reply-To: <4861963F.1070603@ecs.soton.ac.uk> References: <4861963F.1070603@ecs.soton.ac.uk> Message-ID: > Anthony Cartmell wrote: >>> So it seems building of perl-Test-Simple should be moved up in a queue. >> >> +1 > It has dependencies (Test::Harness, which may in turn have other > dependencies). How far up the queue does it need to go? Well, the MailScanner install fails due to lack of perl-Test-Simple when it tries to run the tests on the first thing it has to build. So one installs perl-Test-Simple to get MailScanner's install to work, and then notice that MailScanner later also looks to see if it's needed. So how high it needs to be will depend on what else is already installed. But it should probably (with Test::Harness above it, if that's a dependency) be nearer the top, perhaps even at the top? If not, you could just issue instructions to install Test::Simple before running the MailScanner install (which is what I did) and all would be well. FWIW I also had to install rpm-build and perl-devel, as well as perl-Test-Simple, on a very minimal FC8 installation before MailScanner would install. The former two probably don't belong in MailScanner's install package, and perhaps perl-Test-Simple doesn't either? Can't remember whether "yum install perl-Test-Simple" also installed perl-Test-Harness, but it may well have done. Next time I'm working with a clean, minimal, FC8 box I'll have a play. HTH, Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Wed Jun 25 10:31:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 25 10:31:56 2008 Subject: use_bayes not working In-Reply-To: <4862097D.1000605@marcsnet.com> References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> Message-ID: <48621083.2090705@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Lucke wrote: | Yes, that's checked. This was a working system. Anywhere I can get it | to give me debugging info? You allready gave it: [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [10721] dbg: bayes: found bayes db version 3 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 [10721] dbg: bayes: corpus size: nspam = 63340, nham = 154630 [10721] dbg: bayes: score = 0.215791458401563 [10721] dbg: bayes: DB expiry: tokens in DB: 120875, Expiry max size: 150000, Oldest atime: 1212853477, Newest atime: 1214166417, Last expire: 1213193735, Current time: 1214192307 [10721] dbg: bayes: DB journal sync: last sync: 1213214587 This seems to indicate your bayesian database is there and contains both HAM and SPAM entries. (Check the atime info on: http://esqsoft.com/javascript_examples/date-to-epoch.htm) But what did you change to make it a non-working system? That is where you should be looking for trouble. For now I would backup the bayesian database and start a fresh set just to see if that resolves the issue. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIYhCBBvzDRVjxmYERAjpUAJ9xpFgkxtcSLYIsl9Uj0vdcgkwJJwCgqr/m 3zlXqLFQQ2pJ2440w7QYB74= =PT/R -----END PGP SIGNATURE----- From Kit at simplysites.co.uk Wed Jun 25 11:07:55 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Wed Jun 25 11:08:12 2008 Subject: Help with installing and configuring greylisting with ms Message-ID: Hi Experts I have been happily using MS and spamassassin on my server. I would like to pay for someone's services here to install greylisting on the server also. The current set up is. Bluequartz from NUonce, Sendmail, MailScanner and spamassassin. I use 3 popular rbls within Sendmail, then the usual within MailScanner (I have disabled virus scanning) after. I am not sure if its possible (I have read somewhere it might be) but would like to trigger greylisting on emails that are found to be clean and are low scoring spam by MailScanner (I also don't want whitelisted ips to be greylisted if it makes sense). The criteria for greylisting is 10 minutes and 7 day whitelist. Any interested please email me direct. Kind Regards Kit Wong From marc at marcsnet.com Wed Jun 25 11:47:13 2008 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jun 25 11:47:54 2008 Subject: use_bayes not working In-Reply-To: <48621083.2090705@vanderkooij.org> References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org> Message-ID: <48622231.70704@marcsnet.com> spamassassin broke completely. sa-learn didn't work. Perhaps there's a Perl version / rpm version conflict? Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Marc Lucke wrote: > | Yes, that's checked. This was a working system. Anywhere I can get it > | to give me debugging info? > > You allready gave it: > > [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks > [10721] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen > [10721] dbg: bayes: found bayes db version 3 > [10721] dbg: bayes: DB journal sync: last sync: 1213214587 > > [10721] dbg: bayes: DB journal sync: last sync: 1213214587 > [10721] dbg: bayes: corpus size: nspam = 63340, nham = 154630 > [10721] dbg: bayes: score = 0.215791458401563 > [10721] dbg: bayes: DB expiry: tokens in DB: 120875, Expiry max size: > 150000, Oldest atime: 1212853477, Newest atime: 1214166417, Last expire: > 1213193735, Current time: 1214192307 > [10721] dbg: bayes: DB journal sync: last sync: 1213214587 > > This seems to indicate your bayesian database is there and contains both > HAM and SPAM entries. (Check the atime info on: > http://esqsoft.com/javascript_examples/date-to-epoch.htm) > > But what did you change to make it a non-working system? That is where > you should be looking for trouble. > > For now I would backup the bayesian database and start a fresh set just > to see if that resolves the issue. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIYhCBBvzDRVjxmYERAjpUAJ9xpFgkxtcSLYIsl9Uj0vdcgkwJJwCgqr/m > 3zlXqLFQQ2pJ2440w7QYB74= > =PT/R > -----END PGP SIGNATURE----- From shuttlebox at gmail.com Wed Jun 25 12:28:18 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 25 12:28:27 2008 Subject: Help with installing and configuring greylisting with ms In-Reply-To: References: Message-ID: <625385e30806250428l53508868h407835eccf3e4d81@mail.gmail.com> On Wed, Jun 25, 2008 at 12:07 PM, Kit Wong wrote: > The current set up is. Bluequartz from NUonce, Sendmail, MailScanner and > spamassassin. I use 3 popular rbls within Sendmail, then the usual > within MailScanner (I have disabled virus scanning) after. > > I am not sure if its possible (I have read somewhere it might be) but > would like to trigger greylisting on emails that are found to be clean > and are low scoring spam by MailScanner (I also don't want whitelisted > ips to be greylisted if it makes sense). > > The criteria for greylisting is 10 minutes and 7 day whitelist. > > Any interested please email me direct. Greylisting is done before MailScanner so it's not possible to do that, at least not in any natural way. Read more on http://milter-greylist.wikidot.com/ about a popular greylisting software for Sendmail. -- Woody Allen - "I am not afraid of death, I just don't want to be there when it happens." From ecasarero at gmail.com Wed Jun 25 14:52:44 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Jun 25 14:52:53 2008 Subject: Generating simple SA reports? In-Reply-To: References: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566B8E57D@server02.bhl.local> Message-ID: <7d9b3cf20806250652q2f844bf2pbde492c0bfc7646f@mail.gmail.com> 2008/6/24 Henry Kwan : > Jason Ede birchenallhowden.co.uk> writes: > >> >> I use Vispan that seems to give good results. >>http://www.while.org.uk/content/view/9/5/ >> > > Hi, > > Thanks for the link. I tried to install it on a test box but there was a bunch > of missing modules that are needed before it will install so I'm not going to be > able to test it until I get a chance to resolve those dependencies issues. > > Here, on slackware (after installing MS) this is what you have to download to get Vispan Online. LibGD: gd-2.0.35.tar.gz Perl Modules: GD-2.35.tar.gz GDTextUtil-0.86.tar.gz GDGraph-1.44.tar.gz Mail-Sendmail-0.79.tar.gz Number-Format-1.52.tar.gz Regards! PD: maybe i miss some prerequisites, just search at cpan. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From davejones70 at gmail.com Wed Jun 25 15:38:29 2008 From: davejones70 at gmail.com (Dave Jones) Date: Wed Jun 25 15:38:39 2008 Subject: Can't install CentOS 5.2 update? Message-ID: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> A more simple method that I use is: # yum -y update (this will fail with the conflicts but download the packages into the yum cache for the rpm --force command below) # yum -y update --exclude=perl* # cd /var/cache/yum/rpmforge/packages # rpm -Uhv --force perl* # reboot (if needed to get on a new kernel -- or just restart MailScanner) You don't have to reinstall MailScanner everytime you get an updated perl module conflict. >Hi, >seems to have worked for me as well. >thanks >Rob >Randal, Phil wrote: >> Don't panic: >> >> First off, make sure you have the latest MailScanner to hand to >> reinstall. >> >> service MailScanner stop >> service MailScanner startin >> >> rpm -e perl-IO >> rpm -e perl-Math-BigInt >> rpm -e perl-Math-BigRat >> rpm -e perl-bignum >> >> (and any other perl modules it complains about) >> >> yum update perl >> >> ... Reinstall MailScanner >> >> service MailScanner restart >> >> yum upgrade >> >> And reboot when it is all done >> >> Worked for me. >> -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/58438eac/attachment.html From P.G.M.Peters at utwente.nl Wed Jun 25 15:39:16 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Jun 25 15:39:29 2008 Subject: Health update In-Reply-To: <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> Message-ID: <48625894.9020703@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote on 13-6-2008 23:20: > Same here... Well. Haven't donated any organs (yet), and some of them > are really shoddy... But I do carry my donor card with me at all > times... Who knows when time is up?! My girlfriend does not feel to good about the idea of them cutting into me after I am dead. I am still trying to convince her. At the meantime I donate blood every 3 to 4 months and will start donating blood plasm in a short while. And Julian, I wish you the best of luck. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIYliTelLo80lrIdIRAgSFAJ4yJZEo6sOIz/XjGR1VEmer+q1VYgCeKkWR ZCMd2F4IFIUzMug/5v5tstg= =tces -----END PGP SIGNATURE----- From alex at rtpty.com Wed Jun 25 16:35:00 2008 From: alex at rtpty.com (Alex Neuman) Date: Wed Jun 25 16:35:23 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> References: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> Message-ID: <24EE6C3E-FBA4-4C84-A357-D2AFC4B96D98@rtpty.com> Another one for the wiki, perhaps? On Jun 25, 2008, at 9:38 AM, Dave Jones wrote: > > # yum -y update (this will fail with the conflicts but download the > packages into the yum cache for the rpm --force command below) > # yum -y update --exclude=perl* > # cd /var/cache/yum/rpmforge/packages > # rpm -Uhv --force perl* > # reboot (if needed to get on a new kernel -- or just restart > MailScanner) > > You don't have to reinstall MailScanner everytime you get an updated > perl module conflict. From jra at baylink.com Wed Jun 25 18:16:42 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Wed Jun 25 18:16:52 2008 Subject: argv[0] prompt extension patches? In-Reply-To: <486192C7.9060107@ecs.soton.ac.uk> References: <486192C7.9060107@ecs.soton.ac.uk> Message-ID: <20080625171642.GD12255@cgi.jachomes.com> On Wed, Jun 25, 2008 at 01:35:19AM +0100, Julian Field wrote: > That would only be useful if MailScanner went through each message > individually, scanning them one by one. But that's not how MailScanner > works. For efficiency, it works on batches of messages. So the virus > scanner, for example, is called once for the entire batch of messages, > not once for each message. All the messages in a batch are processed > together at each stage of the process. It scans them all for RBL hits, > then all of them with SpamAssassin, then all of them for viruses, then > all of them for HTML nasties, and so on. So it wouldn't actually give > you any useful information whatsoever. > > Which is why I haven't already done it myself. Aha! :-) Thanks for the clarification. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From peter at farrows.org Wed Jun 25 18:25:37 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 25 18:25:58 2008 Subject: Help with installing and configuring greylisting with ms In-Reply-To: References: Message-ID: <48627F91.6080501@farrows.org> Kit Wong wrote: > Hi Experts > > I have been happily using MS and spamassassin on my server. I would like > to pay for someone's services here to install greylisting on the server > also. > > The current set up is. Bluequartz from NUonce, Sendmail, MailScanner and > spamassassin. I use 3 popular rbls within Sendmail, then the usual > within MailScanner (I have disabled virus scanning) after. > > I am not sure if its possible (I have read somewhere it might be) but > would like to trigger greylisting on emails that are found to be clean > and are low scoring spam by MailScanner (I also don't want whitelisted > ips to be greylisted if it makes sense). > > The criteria for greylisting is 10 minutes and 7 day whitelist. > > Any interested please email me direct. > > Kind Regards > > Kit Wong > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Hi There, You normally greylist prior to mailscanning, that way it greatly reduces the load on the scanner and genuine email will come through anyway! Regards Pete -- horizontal ruler Peter Farrow Inexcom Logo Inexcom Ltd Office: 08450 949 747 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.inexcom.co.uk Registered in England and Wales, number:05598456 -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From rpoe at plattesheriff.org Wed Jun 25 18:36:42 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Jun 25 18:37:03 2008 Subject: HELP!?!?! Message-ID: <48623BD4.65ED.00A2.0@plattesheriff.org> I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. Ohboy! Qmail. Sigh. How do I integrate MailScanner (or can I) into a Plesk / QMail environment. (or better yet, how do I integrate Sendmail into Plesk). hehe From ecasarero at gmail.com Wed Jun 25 18:41:26 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Jun 25 18:41:36 2008 Subject: HELP!?!?! In-Reply-To: <48623BD4.65ED.00A2.0@plattesheriff.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> Message-ID: <7d9b3cf20806251041v2e7cc058hb9f012bdace79b62@mail.gmail.com> mmmm, i would recomend you to build a dedicated server for sendmail,MS, etc. as frontend. Regards, 2008/6/25 Rob Poe : > I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. > > Ohboy! Qmail. Sigh. > > How do I integrate MailScanner (or can I) into a Plesk / QMail environment. > > (or better yet, how do I integrate Sendmail into Plesk). hehe > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From peter at farrows.org Wed Jun 25 19:04:59 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 25 19:05:18 2008 Subject: HELP!?!?! In-Reply-To: <48623BD4.65ED.00A2.0@plattesheriff.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> Message-ID: <486288CB.4060207@farrows.org> Rob Poe wrote: > I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. > > Ohboy! Qmail. Sigh. > > How do I integrate MailScanner (or can I) into a Plesk / QMail environment. > > (or better yet, how do I integrate Sendmail into Plesk). hehe > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > My advice is to get a different server, unless you enjoy having a difficult time... ( which you may do of course... ;-) ) P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From rpoe at plattesheriff.org Wed Jun 25 19:10:27 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Jun 25 19:10:53 2008 Subject: HELP!?!?! In-Reply-To: <486288CB.4060207@farrows.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> <486288CB.4060207@farrows.org> Message-ID: <486243BD.65ED.00A2.0@plattesheriff.org> >> I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. >> >> Ohboy! Qmail. Sigh. >> >> How do I integrate MailScanner (or can I) into a Plesk / QMail environment. >> >> (or better yet, how do I integrate Sendmail into Plesk). hehe > My advice is to get a different server, unless you enjoy having a > difficult time... ( which you may do of course... ;-) ) I can buy a routable IP stack ($8 / mo) for 8 addresses, and run VMWare on the server, letting the VM Sendmail forward EVERYTHING to the qmail server .. Might be how I end up having to do it.. From peter at farrows.org Wed Jun 25 19:26:53 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Jun 25 19:27:20 2008 Subject: HELP!?!?! In-Reply-To: <486243BD.65ED.00A2.0@plattesheriff.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> <486288CB.4060207@farrows.org> <486243BD.65ED.00A2.0@plattesheriff.org> Message-ID: <48628DED.6030001@farrows.org> Rob Poe wrote: >>> I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. >>> >>> Ohboy! Qmail. Sigh. >>> >>> How do I integrate MailScanner (or can I) into a Plesk / QMail environment. >>> >>> (or better yet, how do I integrate Sendmail into Plesk). hehe >>> > > >> My advice is to get a different server, unless you enjoy having a >> difficult time... ( which you may do of course... ;-) ) >> > > I can buy a routable IP stack ($8 / mo) for 8 addresses, and run VMWare on the server, letting the VM Sendmail forward EVERYTHING to the qmail server .. > > Might be how I end up having to do it.. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > If you can run VMWare you can run any flavour of Linux you like, personally I like Centos/Redhat. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/a4130996/attachment.html From lists at designmedia.com Wed Jun 25 19:28:32 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 25 19:28:50 2008 Subject: Can't install CentOS 5.2 update? References: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> Message-ID: Dave Jones gmail.com> writes: > A more simple method that I use is: > # yum -y update (this will fail with the conflicts but download > the packages into the yum cache for the rpm --force command below) > # yum -y update --exclude=perl*# cd /var/cache/yum/rpmforge/packages > # rpm -Uhv --force perl*# reboot (if needed to get on a new kernel -- > or just restart MailScanner)You don't have to reinstall MailScanner > everytime you get an updated perl module conflict. Hi, Phil's method works as I just tried it and I will try Dave's method next on another test box. Thanks to all for the response. From lists at designmedia.com Wed Jun 25 19:29:56 2008 From: lists at designmedia.com (Henry Kwan) Date: Wed Jun 25 19:35:11 2008 Subject: use_bayes not working References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org> <48622231.70704@marcsnet.com> Message-ID: Marc Lucke marcsnet.com> writes: > > spamassassin broke completely. sa-learn didn't work. Perhaps there's a > Perl version / rpm version conflict? > Perhaps you can try installing MS and SA again? Then perhaps run a debug session to see what outputs at that point? From michael at huntley.net Wed Jun 25 19:35:59 2008 From: michael at huntley.net (Michael Huntley) Date: Wed Jun 25 19:36:12 2008 Subject: HELP!?!?! In-Reply-To: <48623BD4.65ED.00A2.0@plattesheriff.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> Message-ID: <4862900F.6020303@huntley.net> Rob Poe wrote: > I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. > > Ohboy! Qmail. Sigh. > > How do I integrate MailScanner (or can I) into a Plesk / QMail environment. > > (or better yet, how do I integrate Sendmail into Plesk). hehe > > > > Who is the provider? Some providers can image their servers with many OS'. mph From rpoe at plattesheriff.org Wed Jun 25 19:52:04 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Jun 25 19:52:34 2008 Subject: HELP!?!?! In-Reply-To: <4862900F.6020303@huntley.net> References: <48623BD4.65ED.00A2.0@plattesheriff.org> <4862900F.6020303@huntley.net> Message-ID: <48624D7E.65ED.00A2.0@plattesheriff.org> Softlayer. I am also at LayeredTech but never had a control panel. I really like Plesk, except that it uses QMail >>> On 6/25/2008 at 1:35 PM, in message <4862900F.6020303@huntley.net>, Michael Huntley wrote: > Rob Poe wrote: >> I've gotten a new co-located server at a new provider. On it, runs Plesk > 8.4. >> >> Ohboy! Qmail. Sigh. >> >> How do I integrate MailScanner (or can I) into a Plesk / QMail environment. >> >> (or better yet, how do I integrate Sendmail into Plesk). hehe >> >> >> >> > Who is the provider? Some providers can image their servers with many OS'. > > mph From marc at marcsnet.com Wed Jun 25 20:57:27 2008 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jun 25 20:57:53 2008 Subject: use_bayes not working In-Reply-To: References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org> <48622231.70704@marcsnet.com> Message-ID: <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com> First thing I tried when spamassassin broke. > Marc Lucke marcsnet.com> writes: > >> >> spamassassin broke completely. sa-learn didn't work. Perhaps there's a >> Perl version / rpm version conflict? >> > > Perhaps you can try installing MS and SA again? Then perhaps run a debug > session to see what outputs at that point? > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/266d3546/attachment.html From nerijusb at dtiltas.lt Wed Jun 25 23:15:47 2008 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 25 23:20:15 2008 Subject: perl-Test-Simple needed earlier In-Reply-To: References: <4861963F.1070603@ecs.soton.ac.uk> Message-ID: On Wed, 25 Jun 2008 10:27:31 +0100 Anthony Cartmell wrote: > > It has dependencies (Test::Harness, which may in turn have other > > dependencies). How far up the queue does it need to go? > > notice that MailScanner later also looks to see if it's needed. So how > high it needs to be will depend on what else is already installed. But it > should probably (with Test::Harness above it, if that's a dependency) be > nearer the top, perhaps even at the top? I think so too, lots of perl modules need Test::Simple for 'make test' (the ones I remember are Test::Pod and File::Temp?), so IMHO all Test* modules should be at the top. > remember whether "yum install perl-Test-Simple" also installed > perl-Test-Harness, but it may well have done. $ rpm -q --requires perl-Test-Simple perl >= 0:5.004 perl >= 0:5.006 perl = 4:5.8.8-40.fc8 perl(Carp) perl(Config) perl(Exporter) perl(Symbol) perl(Test::Builder) perl(Test::Builder::Module) perl(Test::Builder::Tester) perl(strict) perl(vars) perl-devel perl-Test-Harness doesn't seem to have any deps, except perl: $ rpm -q --requires perl-Test-Harness /usr/bin/perl $ rpm -q --whatprovides "perl(Carp)" perl-5.8.8-40.fc8 $ rpm -q --whatprovides "perl(Config)" perl-5.8.8-40.fc8 $ rpm -q --whatprovides "perl(Exporter)" perl-5.8.8-40.fc8 $ rpm -q --whatprovides "perl(Symbol)" perl-5.8.8-40.fc8 $ rpm -q --whatprovides "perl(Test::Builder)" perl-Test-Simple-0.62-40.fc8 $ rpm -q --whatprovides "perl(Test::Builder::Module)" perl-Test-Simple-0.62-40.fc8 $ rpm -q --whatprovides "perl(Test::Builder::Tester)" perl-Test-Simple-0.62-40.fc8 # rpm -e perl-Test-Harness error: Failed dependencies: perl(Test::Harness) is needed by (installed) perl-ExtUtils-MakeMaker-6.36-26.fc9.i386 So I think the installation could go like this: perl-Test-Harness perl-ExtUtils-MakeMaker perl-Test-Simple Regards, Nerijus From ssilva at sgvwater.com Wed Jun 25 23:33:07 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 25 23:33:35 2008 Subject: Health update In-Reply-To: <48625894.9020703@utwente.nl> References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <48625894.9020703@utwente.nl> Message-ID: on 6-25-2008 7:39 AM Peter Peters spake the following: > Glenn Steen wrote on 13-6-2008 23:20: > >> Same here... Well. Haven't donated any organs (yet), and some of them >> are really shoddy... But I do carry my donor card with me at all >> times... Who knows when time is up?! > > My girlfriend does not feel to good about the idea of them cutting into > me after I am dead. I am still trying to convince her. What is she going to do? Have you freeze-dried and prop you up in the corner? Tell her that it is a way for a part of you to live on after your gone. > > At the meantime I donate blood every 3 to 4 months and will start > donating blood plasm in a short while. I had to stop for a while as my blood pressure is too high for their liking, but not high enough for the doctor to put me on meds. But here is my donor card, and since I will most likely be cremated, my wife doesn't have a problem with it. > > And Julian, I wish you the best of luck. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/3353a5da/signature.bin From ssilva at sgvwater.com Wed Jun 25 23:34:37 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 25 23:35:12 2008 Subject: batch processing tmes In-Reply-To: References: <486008BF.2040400@zuka.net> Message-ID: on 6-24-2008 1:44 AM Martin.Hepworth spake the following: > Dave > > Depends on how many queries you are pushing to zen and whether or not you are paying for this service. > > http://www.spamhaus.org/organization/dnsblusage.html > > > If you go above their limit they serve your queries slowly. > Then...they...stop..................... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/ac91bfab/signature.bin From ssilva at sgvwater.com Wed Jun 25 23:50:02 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 25 23:50:20 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> References: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> Message-ID: on 6-25-2008 7:38 AM Dave Jones spake the following: > A more simple method that I use is: > > # yum -y update (this will fail with the conflicts but download the > packages into the yum cache for the rpm --force command below) > # yum -y update --exclude=perl* > # cd /var/cache/yum/rpmforge/packages > # rpm -Uhv --force perl* This could downgrade a perl module that is needed by mailscanner. You could have no problems, and you could have many. The SAFER method is the first method; rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum yum update perl re-install the current (or your preferred) mailscanner version to get the perl modules re-installed. > # reboot (if needed to get on a new kernel -- or just restart MailScanner) > > You don't have to reinstall MailScanner everytime you get an updated > perl module conflict. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/2ada7cd9/signature.bin From ssilva at sgvwater.com Thu Jun 26 00:18:17 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 26 00:18:39 2008 Subject: HELP!?!?! In-Reply-To: <48623BD4.65ED.00A2.0@plattesheriff.org> References: <48623BD4.65ED.00A2.0@plattesheriff.org> Message-ID: on 6-25-2008 10:36 AM Rob Poe spake the following: > I've gotten a new co-located server at a new provider. On it, runs Plesk 8.4. > > Ohboy! Qmail. Sigh. > > How do I integrate MailScanner (or can I) into a Plesk / QMail environment. > > (or better yet, how do I integrate Sendmail into Plesk). hehe > > > Maybe this will help? http://qms.ausics.net/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080625/75ab725f/signature.bin From marc at marcsnet.com Thu Jun 26 02:41:53 2008 From: marc at marcsnet.com (Marc Lucke) Date: Thu Jun 26 02:42:27 2008 Subject: use_bayes not working In-Reply-To: <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com> References: <00dd01c8d4e7$37c09140$a741b3c0$@com> <4860DFDF.8070701@marcsnet.com> <4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org> <48622231.70704@marcsnet.com> <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com> Message-ID: <4862F3E1.3090108@marcsnet.com> Does anyone know all the places you would need to go to turn bayes off? Perhaps somewhere, somehow, it is just a matter of turning it back on again. Marc Lucke wrote: > First thing I tried when spamassassin broke. > > > > Marc Lucke marcsnet.com> writes: > > > >> > >> spamassassin broke completely. sa-learn didn't work. Perhaps there's a > >> Perl version / rpm version conflict? > >> > > > > Perhaps you can try installing MS and SA again? Then perhaps run a debug > > session to see what outputs at that point? > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > From indunil75 at gmail.com Thu Jun 26 06:18:13 2008 From: indunil75 at gmail.com (Indunil Jayasooriya) Date: Thu Jun 26 06:18:22 2008 Subject: how to block jpg and gif attachements for some users In-Reply-To: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> References: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> Message-ID: <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> Hi, I am running postfix, Spam Assassin, ClamAV, MailScanner on CentOS 5. Now, I need to block jpg and gif attachements for some users . No rescritions for the rest of users . Can mimedefang do it? -- Thank you Indunil Jayasooriya From indunil75 at gmail.com Thu Jun 26 06:19:30 2008 From: indunil75 at gmail.com (Indunil Jayasooriya) Date: Thu Jun 26 06:19:40 2008 Subject: Fwd: how to block jpg and gif attachements for some users In-Reply-To: <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> References: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> Message-ID: <7ed6b0aa0806252219l7d76c18aqb67c684dd4f65c9a@mail.gmail.com> Hi, Pls ignore my last mail. I am running postfix, Spam Assassin, ClamAV, MailScanner on CentOS 5. Now, I need to block jpg and gif attachements for some users . No rescritions for the rest of users . Can MailScanner do it? -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya From hvdkooij at vanderkooij.org Thu Jun 26 09:35:31 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 26 09:35:43 2008 Subject: how to block jpg and gif attachements for some users In-Reply-To: <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> References: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> Message-ID: <486354D3.8050605@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indunil Jayasooriya wrote: | Can mimedefang do it? We don't care ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIY1TRBvzDRVjxmYERAmTKAKCcKICkgL5i2PwhJ4PPG3Ar8IdLeQCdEr40 +bLU1oWrLqWeropo/39zHFw= =cS0u -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Jun 26 09:47:58 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 26 09:48:08 2008 Subject: Fwd: how to block jpg and gif attachements for some users In-Reply-To: <7ed6b0aa0806252219l7d76c18aqb67c684dd4f65c9a@mail.gmail.com> References: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> <7ed6b0aa0806252219l7d76c18aqb67c684dd4f65c9a@mail.gmail.com> Message-ID: <486357BE.1040902@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indunil Jayasooriya wrote: | I am running postfix, Spam Assassin, ClamAV, MailScanner on CentOS 5. | Now, I need to block jpg and gif attachements for some users . No | rescritions for the rest of users . | | Can MailScanner do it? Piece of cake. Create a rules file for the attachments. Then use different files to specify which things yuo do not wish to pass. Allow Filenames = Deny Filenames = Filename Rules = %rules-dir%/filenames.rules To: hugo@vanderkooij %etc-dir%/filename-strict.rules.conf To: hvdkooij@vanderkooij %etc-dir%/filename-strict.rules.conf FromOrTo: default %etc-dir%/filename.rules.conf I guess you should be able to take it from there and bring it home Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIY1e8BvzDRVjxmYERAphoAKCzkBnHfB7iirAX3ssg3esTpHQVygCfcQtw 3wqS7P+sl3Uz3BQJR/LmPWU= =eCJh -----END PGP SIGNATURE----- From indunil75 at gmail.com Thu Jun 26 09:50:17 2008 From: indunil75 at gmail.com (Indunil Jayasooriya) Date: Thu Jun 26 09:50:27 2008 Subject: how to block jpg and gif attachements for some users In-Reply-To: <486354D3.8050605@vanderkooij.org> References: <7ed6b0aa0806252048i762c38fdxc2f392cbbd29508d@mail.gmail.com> <7ed6b0aa0806252218r1bc2c026m303e0a6ae185d596@mail.gmail.com> <486354D3.8050605@vanderkooij.org> Message-ID: <7ed6b0aa0806260150t4163513cl96e0d0ff0c2b4794@mail.gmail.com> > | Can mimedefang do it? > > We don't care ;-) Actually forgive me. it was a mistake. Can MailScanner do it? -- Thank you Indunil Jayasooriya From list-mailscanner at linguaphone.com Thu Jun 26 13:29:24 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 26 13:29:38 2008 Subject: problems installing on fedora core 9 Message-ID: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> I am trying to install MailScanner on fedora core 9. I ran the installation and one of the critical modules didnt compile so mailscanner didnt install. I did a bit of searching and found that CPAN doesnt get installed by default and thought I would install that and update and then try again. However the RPM wont install :- Transaction Check Error: file /usr/lib/perl5/5.10.0/i386-linux-thread-multi/IO.pm from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/lib/perl5/5.10.0/i386-linux-thread-multi/IO/Socket.pm from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/IO/IO.so from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-IO-1.2301-1.noarch file /usr/lib/perl5/5.10.0/File/Temp.pm from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-File-Temp-0.19-1.noarch file /usr/share/man/man3/File::Temp.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-File-Temp-0.19-1.noarch file /usr/lib/perl5/5.10.0/i386-linux-thread-multi/MIME/Base64.pm from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-MIME-Base64-3.07-1.i386 file /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/MIME/Base64/Base64.so from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-MIME-Base64-3.07-1.i386 file /usr/share/man/man3/MIME::Base64.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-MIME-Base64-3.07-1.i386 file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of perl-5.10.0-27.fc9.i386 conflicts with file from package perl-MIME-Base64-3.07-1.i386 Is this due to mailscanner installing some modules? How can I fix this? Thanks Gareth From davejones70 at gmail.com Thu Jun 26 14:43:02 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Jun 26 14:43:12 2008 Subject: Can't install CentOS 5.2 update? Message-ID: <67a55ed50806260643s590e6158o3c5bca187a017e11@mail.gmail.com> >> A more simple method that I use is: >> >> # yum -y update (this will fail with the conflicts but download the >> packages into the yum cache for the rpm --force command below) >> # yum -y update --exclude=perl* >> # cd /var/cache/yum/rpmforge/packages >> # rpm -Uhv --force perl* >This could downgrade a perl module that is needed by mailscanner. You could >have no problems, and you could have many. It will not downgrade with the "-U" option. The rpm command should only upgrade existing modules using the latest version in that directory if you have multiple versions of the same rpm package. The yum output proves this by skipping older versions. This is validated by running another "yum update" and it shows everything is up to date. If you think this "perl*" is not safe, then you could manually run the rpm --force on the latest version of the perl module that is conflicting. I used to do this but found that rpm was smart enough, so I took the easy "perl* way. All of this would still be much faster, easier, and less risky than reinstalling MailScanner every few months. I will try to figure out how to post this to the wiki if others think this procedure is useful (and safe). I have been following this procedure for over a year on about a dozen MailScanner instances with no problems. > >The SAFER method is the first method; >rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl-bignum > >yum update perl > >re-install the current (or your preferred) mailscanner version to get the perl >modules re-installed. >> # reboot (if needed to get on a new kernel -- or just restart MailScanner) >> >> You don't have to reinstall MailScanner everytime you get an updated >> perl module conflict. >> -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/bd5314e9/attachment.html From gilbert.dubois at dgfip.finances.gouv.fr Thu Jun 26 15:21:35 2008 From: gilbert.dubois at dgfip.finances.gouv.fr (Gilbert Dubois) Date: Thu Jun 26 15:21:40 2008 Subject: Mailscanner 4.68 don't run on Debian 4.0 (i686 SMP) Message-ID: <4863A5EF.8020909@dgfip.finances.gouv.fr> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: gilbert_dubois.vcf Type: text/x-vcard Size: 147 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/73bb04a4/gilbert_dubois.vcf From lszabo at ntlworld.com Thu Jun 26 15:45:37 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Thu Jun 26 15:45:52 2008 Subject: ISP 1u rack mount space need for volunteer thing Message-ID: <4863AB91.3040609@ntlworld.com> Hello guys! I need your help to find "cheapest/best" ISP for me in England/London middle Country somewhere. So I'm going to do spam/virus filtering on my server as a volunteer cos I need IT reference from costumers. (it is a long shot plan) I'm going to do this support for costumers as a free thing no charge at all. I built up a 1 unit server to do this thing. I'm a foreigner (Hungarian) and I had trouble to get IT job around in England. The last few years I tried everything what I could but nothing. To be honest I've had enough to send my CV to agencies and no answer at all or some one says "I'll call you back" and then nothing. Unfortunately my 12 years experience in IT worth them nothing at all. Some one always had a reason why I'm not the appropriate person to fill that position. So.... If you have any idea what to do, how to do "contract, support, sale price with adverts on my site, etc..." don't hesitate to contact me. I'm interested in every aspect of it. Most of you guys work at ISP so you must know something. Anyway the best price what I found is around ?50 a month 1 unit case 100Mb 1 fix ip address in London. (?600 a year) But I'm not a rich man cos I work as a cleaner and you know....family, kids, etc... " Bloody experienced IT cleaner 8-) " However, thanks guys for your patient and suggestion. Send me a private letter please. Laszlo Tel.: 0777-2015-322 E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) Norwich/Norfolk PS: I know that there is no best and cheap together. Reliable and cheap that is what I need. From uxbod at splatnix.net Thu Jun 26 16:26:50 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 26 16:27:27 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: <4863AB91.3040609@ntlworld.com> Message-ID: <8794096.30571214494010053.JavaMail.root@office.splatnix.net> Instead of co-lo rent a VM somewhere its cheaper. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Laszlo Szabo" wrote: > Hello guys! > > I need your help to find "cheapest/best" ISP for me in England/London > > middle Country somewhere. > > So I'm going to do spam/virus filtering on my server as a volunteer > cos > I need IT reference from costumers. (it is a long shot plan) > I'm going to do this support for costumers as a free thing no charge > at > all. I built up a 1 unit server to do this thing. > > I'm a foreigner (Hungarian) and I had trouble to get IT job around in > > England. The last few years I tried everything what I could but > nothing. > To be honest I've had enough to send my CV to agencies and no answer > at > all or some one says "I'll call you back" and then nothing. > Unfortunately my 12 years experience in IT worth them nothing at all. > Some one always had a reason why I'm not the appropriate person to > fill > that position. > > So.... > If you have any idea what to do, how to do "contract, support, sale > price with adverts on my site, etc..." don't hesitate to contact me. > I'm interested in every aspect of it. > > Most of you guys work at ISP so you must know something. > > Anyway the best price what I found is around ?50 a month 1 unit case > > 100Mb 1 fix ip address in London. (?600 a year) > But I'm not a rich man cos I work as a cleaner and you know....family, > > kids, etc... " Bloody experienced IT cleaner 8-) " > > However, thanks guys for your patient and suggestion. > Send me a private letter please. > > Laszlo > > Tel.: 0777-2015-322 > E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) > Norwich/Norfolk > > PS: I know that there is no best and cheap together. Reliable and > cheap > that is what I need. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Jun 26 16:30:13 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 26 16:30:30 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: <4863AB91.3040609@ntlworld.com> Message-ID: Laszlo What's your experience...if it's lot of Unix a certain ISP close to MailScanner is look for a senior unix person. Based in Ireland not UK, but a very nice part of Ireland.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Laszlo Szabo > Sent: 26 June 2008 15:46 > To: MailScanner discussion > Subject: ISP 1u rack mount space need for volunteer thing > > Hello guys! > > I need your help to find "cheapest/best" ISP for me in > England/London middle Country somewhere. > > So I'm going to do spam/virus filtering on my server as a > volunteer cos I need IT reference from costumers. (it is a > long shot plan) I'm going to do this support for costumers as > a free thing no charge at all. I built up a 1 unit server to > do this thing. > > I'm a foreigner (Hungarian) and I had trouble to get IT job > around in England. The last few years I tried everything what > I could but nothing. > To be honest I've had enough to send my CV to agencies and no > answer at all or some one says "I'll call you back" and then nothing. > Unfortunately my 12 years experience in IT worth them nothing at all. > Some one always had a reason why I'm not the appropriate > person to fill that position. > > So.... > If you have any idea what to do, how to do "contract, > support, sale price with adverts on my site, etc..." don't > hesitate to contact me. > I'm interested in every aspect of it. > > Most of you guys work at ISP so you must know something. > > Anyway the best price what I found is around ?50 a month 1 > unit case 100Mb 1 fix ip address in London. (?600 a year) But > I'm not a rich man cos I work as a cleaner and you > know....family, kids, etc... " Bloody experienced IT cleaner 8-) " > > However, thanks guys for your patient and suggestion. > Send me a private letter please. > > Laszlo > > Tel.: 0777-2015-322 > E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) Norwich/Norfolk > > PS: I know that there is no best and cheap together. Reliable > and cheap that is what I need. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From list-mailscanner at linguaphone.com Thu Jun 26 14:21:19 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 26 16:31:23 2008 Subject: problems installing on fedora core 9 In-Reply-To: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1214486478.29256.4.camel@gblades-suse.linguaphone-intranet.co.uk> On Thu, 2008-06-26 at 13:29, Gareth wrote: > I am trying to install MailScanner on fedora core 9. I ran the > installation and one of the critical modules didnt compile so > mailscanner didnt install. > > I did a bit of searching and found that CPAN doesnt get installed by > default and thought I would install that and update and then try again. > However the RPM wont install :- I removed the conflicting rpm modules and then was able to upgrade ok and install CPAN. I'll try installing mailscanner again now. From list-mailscanner at linguaphone.com Thu Jun 26 15:57:42 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 26 16:31:24 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: <4863AB91.3040609@ntlworld.com> References: <4863AB91.3040609@ntlworld.com> Message-ID: <1214492262.29257.6.camel@gblades-suse.linguaphone-intranet.co.uk> http://www.newnet.co.uk/colocation/index.php Maybe a bit cheaper. On Thu, 2008-06-26 at 15:45, Laszlo Szabo wrote: > Hello guys! > > I need your help to find "cheapest/best" ISP for me in England/London > middle Country somewhere. > > So I'm going to do spam/virus filtering on my server as a volunteer cos > I need IT reference from costumers. (it is a long shot plan) > I'm going to do this support for costumers as a free thing no charge at > all. I built up a 1 unit server to do this thing. > > I'm a foreigner (Hungarian) and I had trouble to get IT job around in > England. The last few years I tried everything what I could but nothing. > To be honest I've had enough to send my CV to agencies and no answer at > all or some one says "I'll call you back" and then nothing. > Unfortunately my 12 years experience in IT worth them nothing at all. > Some one always had a reason why I'm not the appropriate person to fill > that position. > > So.... > If you have any idea what to do, how to do "contract, support, sale > price with adverts on my site, etc..." don't hesitate to contact me. > I'm interested in every aspect of it. > > Most of you guys work at ISP so you must know something. > > Anyway the best price what I found is around ?50 a month 1 unit case > 100Mb 1 fix ip address in London. (?600 a year) > But I'm not a rich man cos I work as a cleaner and you know....family, > kids, etc... " Bloody experienced IT cleaner 8-) " > > However, thanks guys for your patient and suggestion. > Send me a private letter please. > > Laszlo > > Tel.: 0777-2015-322 > E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) > Norwich/Norfolk > > PS: I know that there is no best and cheap together. Reliable and cheap > that is what I need. From Denis.Beauchemin at USherbrooke.ca Thu Jun 26 16:31:49 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 26 16:32:18 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806260643s590e6158o3c5bca187a017e11@mail.gmail.com> References: <67a55ed50806260643s590e6158o3c5bca187a017e11@mail.gmail.com> Message-ID: <4863B665.8040709@USherbrooke.ca> Dave Jones a ?crit : > >> A more simple method that I use is: > >> > >> # yum -y update (this will fail with the conflicts but download the > >> packages into the yum cache for the rpm --force command below) > >> # yum -y update --exclude=perl* > >> # cd /var/cache/yum/rpmforge/packages > >> # rpm -Uhv --force perl* > >This could downgrade a perl module that is needed by mailscanner. You > could > >have no problems, and you could have many. > > It will not downgrade with the "-U" option. The rpm command should only > upgrade existing modules using the latest version in that directory if > you have > multiple versions of the same rpm package. The yum output proves this by > skipping older versions. This is validated by running another "yum > update" > and it shows everything is up to date. > > If you think this "perl*" is not safe, then you could manually run the > rpm --force > on the latest version of the perl module that is conflicting. I used > to do this but > found that rpm was smart enough, so I took the easy "perl* way. All > of this > would still be much faster, easier, and less risky than reinstalling > MailScanner > every few months. > > I will try to figure out how to post this to the wiki if others think > this procedure > is useful (and safe). I have been following this procedure for over a > year on > about a dozen MailScanner instances with no problems. I tried this on a RHEL 5.2 server (same as CentOS 5.2) and it didn't work... MS refused to start... so reinstalling MS (or at just the RPMs we removed in the first place) is the best way to go. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From lszabo at ntlworld.com Thu Jun 26 16:55:07 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Thu Jun 26 16:55:18 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: References: Message-ID: <4863BBDB.4000106@ntlworld.com> Hi Martin! I have 12 years experience in IT support. I'm still doing support thing on Linux/Windows for my former employer in Hungary spam filtering on Fedora Linux and Exchange 2003 support. (Wester Union Bank) I already made this sort list about me but of course there is no everything on it. My line is: Electronic skilled worker. (design, make and troubleshot micro electronic staff, 3 years school) *Exams:* Microsoft MCP Windows 2000 professional since 2002 and MCP Windows 2003 server managing and maintaining since 2007. 5 Microsoft preinstall specialist and Cisco CCNA first/second semester. (City College Norwich) *Courses: *Windows NT4 network design/managing, SQL 2000 design, SQL 2000 programming, SQL 2005 setup/managing. *Experience SW:* *Novell Netware* 3.11, 3.12, 4.11 Intranetware NDS design, 5.0, 6.5. *Windows *NT 4, 2000, 2003, 2008 Active directory, RAS server, DHCP server, ipsec, group-policy. ISA server IPSEC site to site VPN(key auth), Proxy server setup managing 2000/2004/2006. (cluster too) SQL 2000, 2005 maintenance setup. (cluster too) Exchange server 5.5, 2000, 2003, 2007 setup, maintenance, upgrade, clustering. *Linux *RedHat, SUSE, CentOS: Sendmail, dhcp, squid proxy, iptables, samba, apache, vnc, webmail. setup, upgrade, maintenance. *Experience HW: *Intel xeon server building, raid controllers, mylex, adaptec, dat tape. HP/Compaq server maintenance. HP laser printer repair. (4l,5l,6l, etc..) Router cisco, adsl/broadband, firewall setup, WIFI link up to 1-10Miles(I used to work at WIFI ISP (with Mikrotik router) ) So thanks for your interest! I do appreciate it. Let me know if you are interested in me. Laszlo Martin.Hepworth wrote: > Laszlo > > What's your experience...if it's lot of Unix a certain ISP close to MailScanner is look for a senior unix person. > > Based in Ireland not UK, but a very nice part of Ireland.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Laszlo Szabo >> Sent: 26 June 2008 15:46 >> To: MailScanner discussion >> Subject: ISP 1u rack mount space need for volunteer thing >> >> Hello guys! >> >> I need your help to find "cheapest/best" ISP for me in >> England/London middle Country somewhere. >> >> So I'm going to do spam/virus filtering on my server as a >> volunteer cos I need IT reference from costumers. (it is a >> long shot plan) I'm going to do this support for costumers as >> a free thing no charge at all. I built up a 1 unit server to >> do this thing. >> >> I'm a foreigner (Hungarian) and I had trouble to get IT job >> around in England. The last few years I tried everything what >> I could but nothing. >> To be honest I've had enough to send my CV to agencies and no >> answer at all or some one says "I'll call you back" and then nothing. >> Unfortunately my 12 years experience in IT worth them nothing at all. >> Some one always had a reason why I'm not the appropriate >> person to fill that position. >> >> So.... >> If you have any idea what to do, how to do "contract, >> support, sale price with adverts on my site, etc..." don't >> hesitate to contact me. >> I'm interested in every aspect of it. >> >> Most of you guys work at ISP so you must know something. >> >> Anyway the best price what I found is around ?50 a month 1 >> unit case 100Mb 1 fix ip address in London. (?600 a year) But >> I'm not a rich man cos I work as a cleaner and you >> know....family, kids, etc... " Bloody experienced IT cleaner 8-) " >> >> However, thanks guys for your patient and suggestion. >> Send me a private letter please. >> >> Laszlo >> >> Tel.: 0777-2015-322 >> E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) Norwich/Norfolk >> >> PS: I know that there is no best and cheap together. Reliable >> and cheap that is what I need. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > From uxbod at splatnix.net Thu Jun 26 16:56:36 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 26 16:56:59 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: Message-ID: <27372326.30601214495796156.JavaMail.root@office.splatnix.net> me goes and has a quick look ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Martin.Hepworth" wrote: > Laszlo > > What's your experience...if it's lot of Unix a certain ISP close to > MailScanner is look for a senior unix person. > > Based in Ireland not UK, but a very nice part of Ireland.. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From henker at evendi.de Thu Jun 26 18:26:53 2008 From: henker at evendi.de (Steffan Henke) Date: Thu Jun 26 18:27:12 2008 Subject: SpamAssassin 3.2.5 woes Message-ID: Hello, today I updated SA from 3.2.4 to 3.2.5. I noticed all emails scored "0" in MailScanner, so updated that one from 4.67.6-1 to 4.70.7-1 as well. Makes no difference, all emails scanned in MS still have a Spam score of 0... As a downgrade from SA 3.2.5 to 3.2.4 as well as the MS downgrade still is not working, I'm kinda stuck. The last lines of output of a MailScanner --debug --debug-sa are: 19:24:45 [15116] dbg: rules: running full tests; score so far=0 19:24:45 [15116] dbg: rules: compiled full tests 19:24:45 [15116] dbg: rules: running meta tests; score so far=0 19:24:45 [15116] dbg: rules: compiled meta tests 19:24:45 [15116] dbg: check: is spam? score=0 required=5.5 19:24:45 [15116] dbg: check: tests= 19:24:45 [15116] dbg: check: subtests= 19:24:45 Building a message batch to scan... - so no test comes in at all... Does this sound familiar to anybody ?? Regards, Steffan From Denis.Beauchemin at USherbrooke.ca Thu Jun 26 18:39:16 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 26 18:39:32 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: <4863D444.50308@USherbrooke.ca> Steffan Henke a ?crit : > > Hello, > > today I updated SA from 3.2.4 to 3.2.5. I noticed all emails scored "0" > in MailScanner, so updated that one from 4.67.6-1 to 4.70.7-1 as well. > Makes no difference, all emails scanned in MS still have a Spam score > of 0... > As a downgrade from SA 3.2.5 to 3.2.4 as well as the MS downgrade > still is not working, I'm kinda stuck. > > The last lines of output of a MailScanner --debug --debug-sa are: > > 19:24:45 [15116] dbg: rules: running full tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled full tests > 19:24:45 [15116] dbg: rules: running meta tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled meta tests > 19:24:45 [15116] dbg: check: is spam? score=0 required=5.5 > 19:24:45 [15116] dbg: check: tests= > 19:24:45 [15116] dbg: check: subtests= > 19:24:45 Building a message batch to scan... > > - so no test comes in at all... > > Does this sound familiar to anybody ?? > > Regards, > > Steffan > Steffan, What does "spamassassin --lint" and "spamassassin --lint -D < some-file" say? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From stef at aoc-uk.com Thu Jun 26 18:46:35 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jun 26 18:46:49 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: <200806261746.m5QHkeuh032024@safir.blacknight.ie> Steffan Henke wrote: > Hello, > > today I updated SA from 3.2.4 to 3.2.5. I noticed all emails > scored "0" > in MailScanner, so updated that one from 4.67.6-1 to 4.70.7-1 as well. > Makes no difference, all emails scanned in MS still have a > Spam score of 0... > As a downgrade from SA 3.2.5 to 3.2.4 as well as the MS > downgrade still is not working, I'm kinda stuck. > > The last lines of output of a MailScanner --debug --debug-sa are: > > 19:24:45 [15116] dbg: rules: running full tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled full tests > 19:24:45 [15116] dbg: rules: running meta tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled meta tests > 19:24:45 [15116] dbg: check: is spam? score=0 required=5.5 > 19:24:45 [15116] dbg: check: tests= > 19:24:45 [15116] dbg: check: subtests= > 19:24:45 Building a message batch to scan... > > - so no test comes in at all... > > Does this sound familiar to anybody ?? Have you done what I did and forgotten to run sa-update? Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From henker at evendi.de Thu Jun 26 19:47:38 2008 From: henker at evendi.de (Steffan Henke) Date: Thu Jun 26 19:47:44 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <4863D444.50308@USherbrooke.ca> References: <4863D444.50308@USherbrooke.ca> Message-ID: On Thu, 26 Jun 2008, Denis Beauchemin wrote: > What does "spamassassin --lint" and "spamassassin --lint -D < some-file" say? Hello, ah, I forgot to mention, sorry. SA itself (not called via MS) is working and spamass-milter is (fortunately) rejecting Spam before MS gets it: [27134] dbg: rules: compiled meta tests [27134] dbg: check: is spam? score=1.663 required=5.5 [27134] dbg: check: tests=BAYES_00,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [27134] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID However, SA called via MS always returns a score of 0... Regards, Steffan From henker at evendi.de Thu Jun 26 19:49:25 2008 From: henker at evendi.de (Steffan Henke) Date: Thu Jun 26 19:49:32 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <200806261746.m5QHkeuh032024@safir.blacknight.ie> References: <200806261746.m5QHkeuh032024@safir.blacknight.ie> Message-ID: On Thu, 26 Jun 2008, Stef Morrell wrote: > Have you done what I did and forgotten to run sa-update? Stef, thank you for your suggestion - I have called sa-update and ran a sa-compile as well. All traces of the SA 3.2.5 installation are gone as well, so everything is 3.2.4. Regards, Steffan From lszabo at ntlworld.com Thu Jun 26 20:29:23 2008 From: lszabo at ntlworld.com (Laszlo Szabo) Date: Thu Jun 26 20:29:38 2008 Subject: ISP 1u rack mount space need for volunteer thing In-Reply-To: <1214492262.29257.6.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4863AB91.3040609@ntlworld.com> <1214492262.29257.6.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4863EE13.8040008@ntlworld.com> Looks good, I'll send a letter to them to make me a price quote. Cheers mate! Gareth wrote: > http://www.newnet.co.uk/colocation/index.php > Maybe a bit cheaper. > > On Thu, 2008-06-26 at 15:45, Laszlo Szabo wrote: > >> Hello guys! >> >> I need your help to find "cheapest/best" ISP for me in England/London >> middle Country somewhere. >> >> So I'm going to do spam/virus filtering on my server as a volunteer cos >> I need IT reference from costumers. (it is a long shot plan) >> I'm going to do this support for costumers as a free thing no charge at >> all. I built up a 1 unit server to do this thing. >> >> I'm a foreigner (Hungarian) and I had trouble to get IT job around in >> England. The last few years I tried everything what I could but nothing. >> To be honest I've had enough to send my CV to agencies and no answer at >> all or some one says "I'll call you back" and then nothing. >> Unfortunately my 12 years experience in IT worth them nothing at all. >> Some one always had a reason why I'm not the appropriate person to fill >> that position. >> >> So.... >> If you have any idea what to do, how to do "contract, support, sale >> price with adverts on my site, etc..." don't hesitate to contact me. >> I'm interested in every aspect of it. >> >> Most of you guys work at ISP so you must know something. >> >> Anyway the best price what I found is around ?50 a month 1 unit case >> 100Mb 1 fix ip address in London. (?600 a year) >> But I'm not a rich man cos I work as a cleaner and you know....family, >> kids, etc... " Bloody experienced IT cleaner 8-) " >> >> However, thanks guys for your patient and suggestion. >> Send me a private letter please. >> >> Laszlo >> >> Tel.: 0777-2015-322 >> E:mail: lszabo@ntlworld.com "Don't send me spam!" :-) >> Norwich/Norfolk >> >> PS: I know that there is no best and cheap together. Reliable and cheap >> that is what I need. >> > > From test at remedial-teacher.nl Thu Jun 26 20:44:50 2008 From: test at remedial-teacher.nl (Test) Date: Thu Jun 26 20:47:19 2008 Subject: Releasing mail with original subject (mailwatch) Message-ID: <20080626214353.1291.EE63E960@remedial-teacher.nl> Is it possible to release mail from the mailwatch quarantine with the original subject intact ? -- Test From alex at rtpty.com Thu Jun 26 21:11:03 2008 From: alex at rtpty.com (Alex Neuman) Date: Thu Jun 26 21:11:15 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> Message-ID: Then *this* should go on the wiki... :D On Jun 25, 2008, at 5:50 PM, Scott Silva wrote: > rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat perl- > bignum > > yum update perl > > re-install the current (or your preferred) mailscanner version to > get the perl modules re-installed. From lists at designmedia.com Thu Jun 26 22:50:14 2008 From: lists at designmedia.com (Henry Kwan) Date: Thu Jun 26 22:50:36 2008 Subject: Can't install CentOS 5.2 update? References: <7EF0EE5CB3B263488C8C18823239BEBA03CF5E@HC-MBX02.herefordshire.gov.uk> Message-ID: Randal, Phil herefordshire.gov.uk> writes: > Don't panic: > > First off, make sure you have the latest MailScanner to hand to > reinstall. > > service MailScanner stop > service MailScanner startin > > rpm -e perl-IO > rpm -e perl-Math-BigInt > rpm -e perl-Math-BigRat > rpm -e perl-bignum > > (and any other perl modules it complains about) > > yum update perl > > ... Reinstall MailScanner > > service MailScanner restart > > yum upgrade Hmmm... Took another look at the test box install log and noticed that once the upgrade happened, there was a failure at perl-Storable. ---snip--- t/weak................Weak references are not implemented in the version of perl at t/weak.t line 28 BEGIN failed--compilation aborted at t/weak.t line 33. t/weak................dubious Test returned status 255 (wstat 65280, 0xff00) Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/weak.t 255 65280 ?? ?? % ?? 1 test skipped. Failed 1/32 test scripts, 96.88% okay. 0/2190 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.96991 (%build) ---snip--- But I guess it's not a big deal since perl-Storable was previously installed already. Also, cpan was borked and would not update itself (install Bundle::CPAN). But both items were resolved when I reinstalled Scalar-List-Utils-1.19. Weird. From ssilva at sgvwater.com Fri Jun 27 00:52:11 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 00:52:38 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03CF5E@HC-MBX02.herefordshire.gov.uk> Message-ID: on 6-26-2008 2:50 PM Henry Kwan spake the following: > Randal, Phil herefordshire.gov.uk> writes: > >> Don't panic: >> >> First off, make sure you have the latest MailScanner to hand to >> reinstall. >> >> service MailScanner stop >> service MailScanner startin >> >> rpm -e perl-IO >> rpm -e perl-Math-BigInt >> rpm -e perl-Math-BigRat >> rpm -e perl-bignum >> >> (and any other perl modules it complains about) >> >> yum update perl >> >> ... Reinstall MailScanner >> >> service MailScanner restart >> >> yum upgrade > > Hmmm... Took another look at the test box install log and noticed that once the > upgrade happened, there was a failure at perl-Storable. > > ---snip--- > t/weak................Weak references are not implemented in the version of perl > at t/weak.t line 28 > BEGIN failed--compilation aborted at t/weak.t line 33. > t/weak................dubious > Test returned status 255 (wstat 65280, 0xff00) > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > t/weak.t 255 65280 ?? ?? % ?? > 1 test skipped. > Failed 1/32 test scripts, 96.88% okay. 0/2190 subtests failed, 100.00% okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.96991 (%build) > ---snip--- > > But I guess it's not a big deal since perl-Storable was previously installed > already. Also, cpan was borked and would not update itself (install > Bundle::CPAN). But both items were resolved when I reinstalled > Scalar-List-Utils-1.19. > > Weird. > You really should avoid CPAN with a rpm based distro. You will break something sooner or later. I wish upstream would break that instead of some of the other things they break (like kernels)! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/4714444a/signature.bin From ssilva at sgvwater.com Fri Jun 27 00:52:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 00:55:18 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <67a55ed50806250738p37640624h2c4e44dc52f3099f@mail.gmail.com> Message-ID: on 6-26-2008 1:11 PM Alex Neuman spake the following: > Then *this* should go on the wiki... :D > > On Jun 25, 2008, at 5:50 PM, Scott Silva wrote: > >> rpm -e perl-IO perl-File-Temp perl-Math-BigInt perl-Math-BigRat >> perl-bignum >> >> yum update perl >> >> re-install the current (or your preferred) mailscanner version to get >> the perl modules re-installed. > I'll see if I have time tomorrow. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/dab33050/signature.bin From ssilva at sgvwater.com Fri Jun 27 00:55:09 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 01:00:11 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806260643s590e6158o3c5bca187a017e11@mail.gmail.com> References: <67a55ed50806260643s590e6158o3c5bca187a017e11@mail.gmail.com> Message-ID: on 6-26-2008 6:43 AM Dave Jones spake the following: > >> A more simple method that I use is: > >> > >> # yum -y update (this will fail with the conflicts but download the > >> packages into the yum cache for the rpm --force command below) > >> # yum -y update --exclude=perl* > >> # cd /var/cache/yum/rpmforge/packages > >> # rpm -Uhv --force perl* > >This could downgrade a perl module that is needed by mailscanner. You > could > >have no problems, and you could have many. > > It will not downgrade with the "-U" option. The rpm command should only > upgrade existing modules using the latest version in that directory if > you have > multiple versions of the same rpm package. The yum output proves this by > skipping older versions. This is validated by running another "yum update" > and it shows everything is up to date. > > If you think this "perl*" is not safe, then you could manually run the > rpm --force > on the latest version of the perl module that is conflicting. I used to > do this but > found that rpm was smart enough, so I took the easy "perl* way. All of this > would still be much faster, easier, and less risky than reinstalling > MailScanner > every few months. > But so much changes in MailScanner every few months that it is usually worth it for either features or fixes. Julian can really churn out the code. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/7c385f7b/signature.bin From ssilva at sgvwater.com Fri Jun 27 00:58:26 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 01:05:10 2008 Subject: problems installing on fedora core 9 In-Reply-To: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: on 6-26-2008 5:29 AM Gareth spake the following: > I am trying to install MailScanner on fedora core 9. I ran the > installation and one of the critical modules didnt compile so > mailscanner didnt install. > > I did a bit of searching and found that CPAN doesnt get installed by > default and thought I would install that and update and then try again. > However the RPM wont install :- > <> > > Is this due to mailscanner installing some modules? > How can I fix this? > > Thanks > Gareth > Fedora is a very fast moving target. But I am not going to start the debate all over again of Fedora VS RHEL (or CentOS). That horse was beat to death a long time ago. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080626/1ba5a2b8/signature.bin From martinh at solidstatelogic.com Fri Jun 27 09:14:58 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 27 09:15:11 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: Message-ID: Steffan Run mailscaner in debug mode and see what's going on... MailScanner -debug -debug-sa How did you install spamassassin??? RPM? Jules's handy installer, CPAN?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steffan Henke > Sent: 26 June 2008 18:27 > To: mailscanner@lists.mailscanner.info > Subject: SpamAssassin 3.2.5 woes > > > Hello, > > today I updated SA from 3.2.4 to 3.2.5. I noticed all emails > scored "0" > in MailScanner, so updated that one from 4.67.6-1 to 4.70.7-1 as well. > Makes no difference, all emails scanned in MS still have a > Spam score of 0... > As a downgrade from SA 3.2.5 to 3.2.4 as well as the MS > downgrade still is not working, I'm kinda stuck. > > The last lines of output of a MailScanner --debug --debug-sa are: > > 19:24:45 [15116] dbg: rules: running full tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled full tests > 19:24:45 [15116] dbg: rules: running meta tests; score so far=0 > 19:24:45 [15116] dbg: rules: compiled meta tests > 19:24:45 [15116] dbg: check: is spam? score=0 required=5.5 > 19:24:45 [15116] dbg: check: tests= > 19:24:45 [15116] dbg: check: subtests= > 19:24:45 Building a message batch to scan... > > - so no test comes in at all... > > Does this sound familiar to anybody ?? > > Regards, > > Steffan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ajcartmell at fonant.com Fri Jun 27 09:54:02 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Jun 27 09:54:17 2008 Subject: problems installing on fedora core 9 In-Reply-To: References: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: > Fedora is a very fast moving target. Good point. Don't use Fedora if you don't want to upgrade your OS every 18 months or so, and if you have no need for up-to-date versions of common software packages. (Some people think that something that has new releases on such a frequent basis cannot be stable enough for production use. I, however, have been using RedHat Linux, and then Fedora, in production environments for many years, without any problems with the software.) > But so much changes in MailScanner every few months that it is > usually worth it for either features or fixes. Julian can really churn > out the code. Another good point. Try to keep fully up-to-date with MailScanner, preferably updating it at least every other month. This way you'll always have the best version of the code, with the most recent stable releases of ClamAV, spamassassin, etc. (Some people think that something that has new releases on such a frequent basis cannot be stable enough for production use. I, however, have been using MailScanner in a production environment for many years, with only a few very minor problems with the software.) YMMV, however, so feel free to use whichever version of MailScanner (or OS distro) that happens to suit your requirements. ;) Cheers! Anthony -- www.fonant.com - Quality web sites From henker at evendi.de Fri Jun 27 10:16:25 2008 From: henker at evendi.de (Steffan Henke) Date: Fri Jun 27 10:16:30 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: On Fri, 27 Jun 2008, Martin.Hepworth wrote: > Steffan > > Run mailscaner in debug mode and see what's going on... > > MailScanner -debug -debug-sa > > How did you install spamassassin??? RPM? Jules's handy installer, CPAN?? Martin, I've built SA using rpmbuild -tb Mail-SpamAssassin-3.2.4.tar.gz and installed the two rpms after that - that way has worked for ages. The whole debug output: In Debugging mode, not forking... ************************************************************************ In MailScanner.conf, your "%org-name%" or "Mail Header" setting contains spaces and/or other illegal characters. Including any spaces will break all your mail system (but do not worry, MailScanner will fix this for you on the fly). Otherwise, it should only contain characters from the set a-z, A-Z, 0-9, "-" and "_". While theoretically some other characters are allowed, some commercial mail systems fail to handle them correctly. This is clearly noted in the MailScanner.conf file, immediately above the %org-name% setting. Please read the documentation! ************************************************************************ Trying to setlogsock(unix) 11:09:52 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 11:09:53 [19482] dbg: logger: adding facilities: all 11:09:53 [19482] dbg: logger: logging level is DBG 11:09:53 [19482] dbg: generic: SpamAssassin version 3.2.4 11:09:53 [19482] dbg: config: score set 0 chosen. 11:09:53 [19482] dbg: util: running in taint mode? no 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 11:09:53 [19482] dbg: ignore: test message to precompile patterns and load modules 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/init.pre 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v310.pre 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v312.pre 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v320.pre 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" for default rules dir 11:09:53 [19482] dbg: config: read file /usr/share/spamassassin/72_removed.cf 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" for site rules dir 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/custom.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/kauftipp.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/local.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/pdfinfo.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/popcorn.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/sagrey.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/stocks.cf 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/weeds.cf 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC 11:09:53 [19482] dbg: config: fixed relative path: /etc/mail/spamassassin/PDFInfo.pm 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::PDFInfo from /etc/mail/spamassassin/PDFInfo.pm 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC 11:09:53 [19482] dbg: dcc: network tests on, registering DCC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC 11:09:53 [19482] dbg: razor2: razor2 is available, version 2.84 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC 11:09:53 [19482] dbg: reporter: network tests on, attempting SpamCop 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Rule2XSBody from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::ASN from @INC 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC 11:09:53 [19482] dbg: config: fixed relative path: /etc/mail/spamassassin/sagrey.pm 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::SAGrey from /etc/mail/spamassassin/sagrey.pm 11:09:53 [19482] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING 11:09:53 [19482] dbg: rules: VIRUS_WARNING123 merged duplicates: VIRUS_WARNING37 11:09:53 [19482] dbg: rules: VIRUS_WARNING103 merged duplicates: VIRUS_WARNING52 11:09:53 [19482] dbg: conf: finish parsing 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb3813f4) implements 'finish_parsing_end', priority 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements 'finish_parsing_end', priority 0 11:09:53 [19482] dbg: replacetags: replacing tags 11:09:53 [19482] dbg: replacetags: done replacing tags 11:09:53 [19482] dbg: zoom: loading compiled ruleset from /var/lib/compiled/3.002004 11:09:53 [19482] dbg: zoom: no compiled ruleset found for Mail::SpamAssassin::CompiledRegexps::body_0 11:09:53 [19482] dbg: bayes: using username: root 11:09:53 [19482] dbg: bayes: database connection established 11:09:53 [19482] dbg: bayes: found bayes db version 3 11:09:53 [19482] dbg: bayes: Using userid: 2 11:09:53 [19482] dbg: config: score set 3 chosen. 11:09:53 [19482] dbg: message: main message type: text/plain 11:09:53 [19482] dbg: message: ---- MIME PARSER START ---- 11:09:53 [19482] dbg: message: parsing normal part 11:09:53 [19482] dbg: message: ---- MIME PARSER END ---- 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xb9ac10c) implements 'check_start', priority 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements 'check_start', priority 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xb372e68) implements 'check_main', priority 0 11:09:53 [19482] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Trusted: 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Untrusted: 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Internal: 11:09:53 [19482] dbg: metadata: X-Spam-Relays-External: 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) implements 'extract_metadata', priority 0 11:09:53 [19482] dbg: metadata: X-Relay-Countries: 11:09:53 [19482] dbg: message: no encoding detected 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) implements 'parsed_metadata', priority 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb34da88) implements 'parsed_metadata', priority 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::ASN=HASH(0xb373030) implements 'parsed_metadata', priority 0 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 11:09:53 [19482] dbg: dns: name server: 127.0.0.1, LocalAddr: 0.0.0.0 11:09:53 [19482] dbg: dns: dns_available set to yes in config file, skipping test 11:09:53 [19482] dbg: uridnsbl: domains to query: 11:09:53 [19482] dbg: asn: no asn_lookup configured, skipping ASN lookups 11:09:53 [19482] dbg: check: running tests for priority: 0 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements 'check_rules_at_priority', priority 0 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled one_line_body tests 11:09:53 [19482] dbg: plugin: Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements 'run_body_fast_scan', priority 0 11:09:53 [19482] dbg: rules: running head tests; score so far=0 11:09:53 [19482] dbg: rules: compiled head tests 11:09:53 [19482] dbg: rules: running body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled body tests 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 11:09:53 [19482] dbg: rules: compiled uri tests 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 11:09:53 [19482] dbg: rules: compiled rawbody tests 11:09:53 [19482] dbg: rules: running full tests; score so far=0 11:09:53 [19482] dbg: rules: compiled full tests 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 11:09:53 [19482] dbg: rules: compiled meta tests 11:09:53 [19482] dbg: check: running tests for priority: 500 11:09:53 [19482] dbg: dns: harvest_dnsbl_queries 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled one_line_body tests 11:09:53 [19482] dbg: rules: running head tests; score so far=0 11:09:53 [19482] dbg: rules: compiled head tests 11:09:53 [19482] dbg: rules: running body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled body tests 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 11:09:53 [19482] dbg: rules: compiled uri tests 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 11:09:53 [19482] dbg: rules: compiled rawbody tests 11:09:53 [19482] dbg: rules: running full tests; score so far=0 11:09:53 [19482] dbg: rules: compiled full tests 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 11:09:53 [19482] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' 11:09:53 [19482] dbg: rules: compiled meta tests 11:09:53 [19482] dbg: check: running tests for priority: 1001 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled one_line_body tests 11:09:53 [19482] dbg: rules: running head tests; score so far=0 11:09:53 [19482] dbg: rules: compiled head tests 11:09:53 [19482] dbg: SAGrey: message score does not indicate spam ... ignoring 11:09:53 [19482] dbg: rules: running body tests; score so far=0 11:09:53 [19482] dbg: rules: compiled body tests 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 11:09:53 [19482] dbg: rules: compiled uri tests 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 11:09:53 [19482] dbg: rules: compiled rawbody tests 11:09:53 [19482] dbg: rules: running full tests; score so far=0 11:09:53 [19482] dbg: rules: compiled full tests 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 11:09:53 [19482] dbg: rules: compiled meta tests 11:09:53 [19482] dbg: check: is spam? score=0 required=5.5 11:09:53 [19482] dbg: check: tests= 11:09:53 [19482] dbg: check: subtests= 11:09:53 Building a message batch to scan... I have temporarily removed KAM.cf and noticed that, when enabled, Botnet.cf is the only test in "tests=" . However, I have removed that plugin temporarily as well. Regards, Steffan From list-mailscanner at linguaphone.com Fri Jun 27 11:08:36 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Fri Jun 27 11:08:50 2008 Subject: problems installing on fedora core 9 In-Reply-To: References: <1214483364.29249.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1214561316.32581.2.camel@gblades-suse.linguaphone-intranet.co.uk> On Fri, 2008-06-27 at 09:54, Anthony Cartmell wrote: > > Fedora is a very fast moving target. > > Good point. Don't use Fedora if you don't want to upgrade your OS every 18 > months or so, and if you have no need for up-to-date versions of common > software packages. > > (Some people think that something that has new releases on such a frequent > basis cannot be stable enough for production use. I, however, have been > using RedHat Linux, and then Fedora, in production environments for many > years, without any problems with the software.) Its just my home server so not really a production server. The old one is running redhat 9 so was well overdue for an upgrade :) From gordon at itnt.co.za Fri Jun 27 13:17:47 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Fri Jun 27 13:18:09 2008 Subject: exim delivery to mailscanner not completing Message-ID: ITNT BannerI have a problem where mail coming from exim servers is not being delivered to our mailscanner servers (4x). We get ghost logs; sendmail[4616]: m5RB5Dp4004616: from=, size=507197, class=0, nrcpts=2, proto=ESMTP, daemon=MTA, relay=secure11.ia-dns.com [72.9.151.158] showing mail coming in , but then nothing from here.... Is anyone else experiencing this? I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd 0.93 Regards Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn Confidentiality: This e-mail including any attachments is intended for the above named addressee(s) only and contains confidential information. If you have received this email in error you must take no action based on its contents, nor must you reproduce or show the e-mail or any attachments or any part thereof or communicate the contents to anyone; please reply to the sender of this e-mail informing them of the error. Viruses: We recommend that in keeping with good computing practice the recipient should ensure that e-mails received are virus free before opening. From J.Ede at birchenallhowden.co.uk Fri Jun 27 13:25:59 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jun 27 13:26:25 2008 Subject: Signature being attached to all html email? Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566B8E65A@server02.bhl.local> I've setup the inline image in signatures, but noticed that it seems to be attaching the image file to all html format emails and not just the ones configured with an image in the signature. Is this expected behaviour? If so I guess solution is just to use rulesets on image filename and on the attach option? Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080627/126eb964/attachment.html From martinh at solidstatelogic.com Fri Jun 27 13:53:30 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 27 13:53:41 2008 Subject: exim delivery to mailscanner not completing In-Reply-To: Message-ID: <9259679f4b615e4b8fe8c5a6780af976@solidstatelogic.com> Gordon Just test you a test email...guess who runs exim ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gordon Colyn > Sent: 27 June 2008 13:18 > To: MailScanner discussion > Subject: exim delivery to mailscanner not completing > > ITNT BannerI have a problem where mail coming from exim > servers is not being delivered to our mailscanner servers (4x). > > We get ghost logs; > > sendmail[4616]: m5RB5Dp4004616: from=, > size=507197, class=0, nrcpts=2, proto=ESMTP, daemon=MTA, > relay=secure11.ia-dns.com [72.9.151.158] > > showing mail coming in , but then nothing from here.... > > Is anyone else experiencing this? > > I am running Mailscanner 4.69.9, sendmail 8.14.1, > spamassassin 3.2.5, clamd > 0.93 > > > Regards > Gordon Colyn > Office : 086 123 ITNT (4868) > Cell : 083 296 7534 > Fax : 086 520 0885 > InTheNet Technologies > www.itnt.co.za > MSN:gordoncolyn@hotmail.com > SKYPE:gordoncolyn > > Confidentiality: This e-mail including any attachments is > intended for the > above named addressee(s) only and contains confidential > information. If you > have received this email in error you must take no action > based on its > contents, nor must you reproduce or show the e-mail or any > attachments or > any part thereof or communicate the contents to anyone; > please reply to the > sender of this e-mail informing them of the error. > > Viruses: We recommend that in keeping with good computing > practice the > recipient should ensure that e-mails received are virus free > before opening. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Jun 27 13:59:27 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 27 13:59:57 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: Message-ID: <312815cddcbc29458ab9b5a435190251@solidstatelogic.com> Steffan Well I'd fix the %org-name% issues while you're fixing other stuff.. What does "MailScanner -v" give, could be there's a bad perl module somewhere. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steffan Henke > Sent: 27 June 2008 10:16 > To: MailScanner discussion > Subject: RE: SpamAssassin 3.2.5 woes > > On Fri, 27 Jun 2008, Martin.Hepworth wrote: > > > Steffan > > > > Run mailscaner in debug mode and see what's going on... > > > > MailScanner -debug -debug-sa > > > > How did you install spamassassin??? RPM? Jules's handy > installer, CPAN?? > > Martin, > > I've built SA using rpmbuild -tb > Mail-SpamAssassin-3.2.4.tar.gz and installed the two rpms > after that - that way has worked for ages. > The whole debug output: > > In Debugging mode, not forking... > > ************************************************************** > ********** > In MailScanner.conf, your "%org-name%" or "Mail Header" > setting contains spaces and/or other illegal characters. > > Including any spaces will break all your mail system (but do > not worry, MailScanner will fix this for you on the fly). > > Otherwise, it should only contain characters from the set > a-z, A-Z, 0-9, "-" and "_". While theoretically some other > characters are allowed, some commercial mail systems fail to > handle them correctly. > > This is clearly noted in the MailScanner.conf file, > immediately above the %org-name% setting. Please read the > documentation! > ************************************************************** > ********** > > Trying to setlogsock(unix) > 11:09:52 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > 11:09:53 [19482] dbg: logger: adding facilities: all > 11:09:53 [19482] dbg: logger: logging level is DBG > 11:09:53 [19482] dbg: generic: SpamAssassin version 3.2.4 > 11:09:53 [19482] dbg: config: score set 0 chosen. > 11:09:53 [19482] dbg: util: running in taint mode? no > 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes > 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 > 11:09:53 [19482] dbg: ignore: test message to precompile > patterns and load modules > 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" > for site rules pre files > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/init.pre > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/v310.pre > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/v312.pre > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/v320.pre > 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" > for sys rules pre files > 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" > for default rules dir > 11:09:53 [19482] dbg: config: read file > /usr/share/spamassassin/72_removed.cf > 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" > for site rules dir > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/bogus-virus-warnings.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/custom.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/kauftipp.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/local.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/pdfinfo.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/popcorn.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/sagrey.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/stocks.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/weeds.cf > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Hashcash > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SPF from @INC > 11:09:53 [19482] dbg: config: fixed relative path: > /etc/mail/spamassassin/PDFInfo.pm > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::PDFInfo > from /etc/mail/spamassassin/PDFInfo.pm > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::DCC from @INC > 11:09:53 [19482] dbg: dcc: network tests on, registering DCC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 > from @INC > 11:09:53 [19482] dbg: razor2: razor2 is available, version 2.84 > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop > from @INC > 11:09:53 [19482] dbg: reporter: network tests on, attempting SpamCop > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AWL from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::DKIM from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Check from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDetail from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Bayes from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::BodyEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::DNSEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HeaderEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WLBLEval > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::VBounce > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Rule2XSBody from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ASN from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ImageInfo from @INC > 11:09:53 [19482] dbg: config: fixed relative path: > /etc/mail/spamassassin/sagrey.pm > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SAGrey > from /etc/mail/spamassassin/sagrey.pm > 11:09:53 [19482] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: > BROKEN_RATWARE_BOM DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE > FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 > HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE > URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST > URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP > XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 > XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING > 11:09:53 [19482] dbg: rules: VIRUS_WARNING123 merged duplicates: > VIRUS_WARNING37 > 11:09:53 [19482] dbg: rules: VIRUS_WARNING103 merged duplicates: > VIRUS_WARNING52 > 11:09:53 [19482] dbg: conf: finish parsing > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb3813f4) > implements 'finish_parsing_end', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) > implements 'finish_parsing_end', priority 0 > 11:09:53 [19482] dbg: replacetags: replacing tags > 11:09:53 [19482] dbg: replacetags: done replacing tags > 11:09:53 [19482] dbg: zoom: loading compiled ruleset from > /var/lib/compiled/3.002004 > 11:09:53 [19482] dbg: zoom: no compiled ruleset found for > Mail::SpamAssassin::CompiledRegexps::body_0 > 11:09:53 [19482] dbg: bayes: using username: root > 11:09:53 [19482] dbg: bayes: database connection established > 11:09:53 [19482] dbg: bayes: found bayes db version 3 > 11:09:53 [19482] dbg: bayes: Using userid: 2 > 11:09:53 [19482] dbg: config: score set 3 chosen. > 11:09:53 [19482] dbg: message: main message type: text/plain > 11:09:53 [19482] dbg: message: ---- MIME PARSER START ---- > 11:09:53 [19482] dbg: message: parsing normal part > 11:09:53 [19482] dbg: message: ---- MIME PARSER END ---- > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::DNSEval=HASH(0xb9ac10c) > implements 'check_start', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) > implements 'check_start', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Check=HASH(0xb372e68) implements > 'check_main', priority 0 > 11:09:53 [19482] dbg: conf: trusted_networks are not > configured; it is recommended that you configure > trusted_networks manually > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Trusted: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Untrusted: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Internal: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-External: > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) > implements 'extract_metadata', priority 0 > 11:09:53 [19482] dbg: metadata: X-Relay-Countries: > 11:09:53 [19482] dbg: message: no encoding detected > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) > implements 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb34da88) > implements 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::ASN=HASH(0xb373030) implements > 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes > 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 > 11:09:53 [19482] dbg: dns: name server: 127.0.0.1, LocalAddr: 0.0.0.0 > 11:09:53 [19482] dbg: dns: dns_available set to yes in config > file, skipping test > 11:09:53 [19482] dbg: uridnsbl: domains to query: > 11:09:53 [19482] dbg: asn: no asn_lookup configured, skipping > ASN lookups > 11:09:53 [19482] dbg: check: running tests for priority: 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) > implements 'check_rules_at_priority', priority 0 > 11:09:53 [19482] dbg: rules: running one_line_body tests; > score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) > implements 'run_body_fast_scan', priority 0 > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: running tests for priority: 500 > 11:09:53 [19482] dbg: dns: harvest_dnsbl_queries > 11:09:53 [19482] dbg: rules: running one_line_body tests; > score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC > has undefined dependency 'VIRUS_WARNING_MYDOOM4' > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: running tests for priority: 1001 > 11:09:53 [19482] dbg: rules: running one_line_body tests; > score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: SAGrey: message score does not indicate > spam ... > ignoring > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: is spam? score=0 required=5.5 > 11:09:53 [19482] dbg: check: tests= > 11:09:53 [19482] dbg: check: subtests= > 11:09:53 Building a message batch to scan... > > I have temporarily removed KAM.cf and noticed that, when > enabled, Botnet.cf is the only test in "tests=" . However, I > have removed that plugin temporarily as well. > > > Regards, > > Steffan > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From richard.frovarp at sendit.nodak.edu Fri Jun 27 14:11:44 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Jun 27 14:11:59 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: <4864E710.1070102@sendit.nodak.edu> Steffan Henke wrote: > On Fri, 27 Jun 2008, Martin.Hepworth wrote: > > Martin, > > I've built SA using rpmbuild -tb Mail-SpamAssassin-3.2.4.tar.gz and > installed the two rpms after that - that way has worked for ages. > The whole debug output: > Did you run sa-update? You're now having issue with 3.2.4 as well? Did you switch back after having 3.2.5 problems? From davejones70 at gmail.com Fri Jun 27 14:14:49 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Jun 27 14:14:58 2008 Subject: Can't install CentOS 5.2 update? Message-ID: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> >Dave Jones a ?crit : >> >> A more simple method that I use is: >> >> >> >> # yum -y update (this will fail with the conflicts but download the >> >> packages into the yum cache for the rpm --force command below) >> >> # yum -y update --exclude=perl* >> >> # cd /var/cache/yum/rpmforge/packages >> >> # rpm -Uhv --force perl* >> >This could downgrade a perl module that is needed by mailscanner. You >> could >> >have no problems, and you could have many. >> >> It will not downgrade with the "-U" option. The rpm command should only >> upgrade existing modules using the latest version in that directory if >> you have >> multiple versions of the same rpm package. The yum output proves this by >> skipping older versions. This is validated by running another "yum >> update" >> and it shows everything is up to date. >> >> If you think this "perl*" is not safe, then you could manually run the >> rpm --force >> on the latest version of the perl module that is conflicting. I used >> to do this but >> found that rpm was smart enough, so I took the easy "perl* way. All >> of this >> would still be much faster, easier, and less risky than reinstalling >> MailScanner >> every few months. >> >> I will try to figure out how to post this to the wiki if others think >> this procedure >> is useful (and safe). I have been following this procedure for over a >> year on >> about a dozen MailScanner instances with no problems. > >I tried this on a RHEL 5.2 server (same as CentOS 5.2) and it didn't >work... MS refused to start... so reinstalling MS (or at just the RPMs >we removed in the first place) is the best way to go. > Of course this will depend on how you originally installed the perl modules in conflict. If you installed them via CPAN or from source RPMs, then the rpm --force _could_ downgrade packages from another source. As long as you installed them originally from rpmforge, then forcing the rpmforge packages is safe. BTW, RHEL servers are going to get their perl modules from RHN and not from rpmforge. You need to use rpmforge very carefully with a RHEL server using RHN and you really need to know what you are doing with package management and repo priorities (rpmforge and others are always lower than RHN) or you can end up with many conflicts. So the package management on RHEL will not be the same as CentOS with respect to rpmforge and other repos that overlap packages with the RHN. I know the MailScanner RPM install needs to be generic enough for multiple RPM-based distros, but it would be nice if the installer could somehow detect if a package is available from a repo and use that rather than having to force a compile of perl modules from a source RPM. I think the source of all these conflicts comes from the MailScanner install.sh is forcing some perl packages that exist in repos. >Denis -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080627/266f9e17/attachment.html From amoore at dekalbmemorial.com Fri Jun 27 14:27:24 2008 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri Jun 27 14:27:42 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: <60D398EB2DB948409CA1F50D8AF1225703C83A58@exch1.dekalbmemorial.local> > > I've built SA using rpmbuild -tb Mail-SpamAssassin-3.2.4.tar.gz and > > installed the two rpms after that - that way has worked for ages. > > The whole debug output: > > > Did you run sa-update? You're now having issue with 3.2.4 as > well? Did you switch back after having 3.2.5 problems? Have you checked file permissions for SpamAssassin for the user that MailScanner is running as? -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, Indiana Phone: 260.920.2808 E-Mail: amoore@dekalbmemorial.com From shuttlebox at gmail.com Fri Jun 27 14:33:47 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 27 14:33:56 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> Message-ID: <625385e30806270633g45fe3b3ew94020a7b03404477@mail.gmail.com> On Fri, Jun 27, 2008 at 3:14 PM, Dave Jones wrote: > I know the MailScanner RPM install needs to be generic enough for multiple > RPM-based distros, but it would be nice if the installer could somehow > detect if a package is available from a repo and use that rather than having > to force a compile of perl modules from a source RPM. I think the source of > all these conflicts comes from the MailScanner install.sh is forcing some > perl > packages that exist in repos. In my opinion I think Julian should only publish the tar based MailScanner, that's the code and we, as a community, can do whatever we like with it. If there's a need to package specifically for RHEL then someone will/should pick that up. It's not right that Julian should have to make some "one-size-fits-all" package for the "most common" platform. Lots of problems/work for something that has little or nothing to do with MailScanner itself. If there's so many that uses RPM-based distros that there's a need for one or more RPM-based editions of MailScanner then the community should step up and fill that need. Look at ClamAV, they only publish the source but links to many third-party sources of binaries. /peter (who packages MailScanner for Solaris) -- Dave Barry - "Camping is nature's way of promoting the motel business." From henker at evendi.de Fri Jun 27 15:27:09 2008 From: henker at evendi.de (Steffan Henke) Date: Fri Jun 27 15:27:24 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <312815cddcbc29458ab9b5a435190251@solidstatelogic.com> References: <312815cddcbc29458ab9b5a435190251@solidstatelogic.com> Message-ID: Martin, I changed the %org-name% for one test run, which resulted in no changes. The problem is, I have several users who filter for the X-MailScanner Header, which contains a "." - so I would like to correct that once I have MS up and running again... MailScanner -v looks good to me: This is CentOS release 4.5 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.67.6 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.03 Carp 2.008 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.21 bignum 1.84 Business::ISBN 1.14 Business::ISBN::Data 1.08 Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.07 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.22 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.09 IO::Zlib 2.23 IP::Country 0.22 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 3.10 Test::Harness 1.17 Test::Manifest 1.95 Text::Balanced 1.30 URI 0.7203 version 0.66 YAML Regards, Steffan On Fri, 27 Jun 2008, Martin.Hepworth wrote: > Steffan > > Well I'd fix the %org-name% issues while you're fixing other stuff.. > > What does > > "MailScanner -v" give, could be there's a bad perl module somewhere. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Steffan Henke >> Sent: 27 June 2008 10:16 >> To: MailScanner discussion >> Subject: RE: SpamAssassin 3.2.5 woes >> >> On Fri, 27 Jun 2008, Martin.Hepworth wrote: >> >>> Steffan >>> >>> Run mailscaner in debug mode and see what's going on... >>> >>> MailScanner -debug -debug-sa >>> >>> How did you install spamassassin??? RPM? Jules's handy >> installer, CPAN?? >> >> Martin, >> >> I've built SA using rpmbuild -tb >> Mail-SpamAssassin-3.2.4.tar.gz and installed the two rpms >> after that - that way has worked for ages. >> The whole debug output: >> >> In Debugging mode, not forking... >> >> ************************************************************** >> ********** >> In MailScanner.conf, your "%org-name%" or "Mail Header" >> setting contains spaces and/or other illegal characters. >> >> Including any spaces will break all your mail system (but do >> not worry, MailScanner will fix this for you on the fly). >> >> Otherwise, it should only contain characters from the set >> a-z, A-Z, 0-9, "-" and "_". While theoretically some other >> characters are allowed, some commercial mail systems fail to >> handle them correctly. >> >> This is clearly noted in the MailScanner.conf file, >> immediately above the %org-name% setting. Please read the >> documentation! >> ************************************************************** >> ********** >> >> Trying to setlogsock(unix) >> 11:09:52 SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> 11:09:53 [19482] dbg: logger: adding facilities: all >> 11:09:53 [19482] dbg: logger: logging level is DBG >> 11:09:53 [19482] dbg: generic: SpamAssassin version 3.2.4 >> 11:09:53 [19482] dbg: config: score set 0 chosen. >> 11:09:53 [19482] dbg: util: running in taint mode? no >> 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes >> 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 >> 11:09:53 [19482] dbg: ignore: test message to precompile >> patterns and load modules >> 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" >> for site rules pre files >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/init.pre >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/v310.pre >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/v312.pre >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/v320.pre >> 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" >> for sys rules pre files >> 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" >> for default rules dir >> 11:09:53 [19482] dbg: config: read file >> /usr/share/spamassassin/72_removed.cf >> 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" >> for site rules dir >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/bogus-virus-warnings.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/custom.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/kauftipp.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/local.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/mailscanner.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/pdfinfo.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/popcorn.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/sagrey.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/stocks.cf >> 11:09:53 [19482] dbg: config: read file >> /etc/mail/spamassassin/weeds.cf >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Hashcash >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SPF from @INC >> 11:09:53 [19482] dbg: config: fixed relative path: >> /etc/mail/spamassassin/PDFInfo.pm >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::PDFInfo >> from /etc/mail/spamassassin/PDFInfo.pm >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::DCC from @INC >> 11:09:53 [19482] dbg: dcc: network tests on, registering DCC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 >> from @INC >> 11:09:53 [19482] dbg: razor2: razor2 is available, version 2.84 >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop >> from @INC >> 11:09:53 [19482] dbg: reporter: network tests on, attempting SpamCop >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AWL from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::DKIM from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Check from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDetail from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Bayes from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::BodyEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::DNSEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HTMLEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::HeaderEval from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayEval from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WLBLEval >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::VBounce >> from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Rule2XSBody from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ASN from @INC >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ImageInfo from @INC >> 11:09:53 [19482] dbg: config: fixed relative path: >> /etc/mail/spamassassin/sagrey.pm >> 11:09:53 [19482] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SAGrey >> from /etc/mail/spamassassin/sagrey.pm >> 11:09:53 [19482] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >> BROKEN_RATWARE_BOM DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE >> FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 >> HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE >> URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST >> URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP >> XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 >> XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING >> 11:09:53 [19482] dbg: rules: VIRUS_WARNING123 merged duplicates: >> VIRUS_WARNING37 >> 11:09:53 [19482] dbg: rules: VIRUS_WARNING103 merged duplicates: >> VIRUS_WARNING52 >> 11:09:53 [19482] dbg: conf: finish parsing >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb3813f4) >> implements 'finish_parsing_end', priority 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) >> implements 'finish_parsing_end', priority 0 >> 11:09:53 [19482] dbg: replacetags: replacing tags >> 11:09:53 [19482] dbg: replacetags: done replacing tags >> 11:09:53 [19482] dbg: zoom: loading compiled ruleset from >> /var/lib/compiled/3.002004 >> 11:09:53 [19482] dbg: zoom: no compiled ruleset found for >> Mail::SpamAssassin::CompiledRegexps::body_0 >> 11:09:53 [19482] dbg: bayes: using username: root >> 11:09:53 [19482] dbg: bayes: database connection established >> 11:09:53 [19482] dbg: bayes: found bayes db version 3 >> 11:09:53 [19482] dbg: bayes: Using userid: 2 >> 11:09:53 [19482] dbg: config: score set 3 chosen. >> 11:09:53 [19482] dbg: message: main message type: text/plain >> 11:09:53 [19482] dbg: message: ---- MIME PARSER START ---- >> 11:09:53 [19482] dbg: message: parsing normal part >> 11:09:53 [19482] dbg: message: ---- MIME PARSER END ---- >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xb9ac10c) >> implements 'check_start', priority 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) >> implements 'check_start', priority 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::Check=HASH(0xb372e68) implements >> 'check_main', priority 0 >> 11:09:53 [19482] dbg: conf: trusted_networks are not >> configured; it is recommended that you configure >> trusted_networks manually >> 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Trusted: >> 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Untrusted: >> 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Internal: >> 11:09:53 [19482] dbg: metadata: X-Spam-Relays-External: >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) >> implements 'extract_metadata', priority 0 >> 11:09:53 [19482] dbg: metadata: X-Relay-Countries: >> 11:09:53 [19482] dbg: message: no encoding detected >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) >> implements 'parsed_metadata', priority 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb34da88) >> implements 'parsed_metadata', priority 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::ASN=HASH(0xb373030) implements >> 'parsed_metadata', priority 0 >> 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes >> 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 >> 11:09:53 [19482] dbg: dns: name server: 127.0.0.1, LocalAddr: 0.0.0.0 >> 11:09:53 [19482] dbg: dns: dns_available set to yes in config >> file, skipping test >> 11:09:53 [19482] dbg: uridnsbl: domains to query: >> 11:09:53 [19482] dbg: asn: no asn_lookup configured, skipping >> ASN lookups >> 11:09:53 [19482] dbg: check: running tests for priority: 0 >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) >> implements 'check_rules_at_priority', priority 0 >> 11:09:53 [19482] dbg: rules: running one_line_body tests; >> score so far=0 >> 11:09:53 [19482] dbg: rules: compiled one_line_body tests >> 11:09:53 [19482] dbg: plugin: >> Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) >> implements 'run_body_fast_scan', priority 0 >> 11:09:53 [19482] dbg: rules: running head tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled head tests >> 11:09:53 [19482] dbg: rules: running body tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled body tests >> 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled uri tests >> 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled rawbody tests >> 11:09:53 [19482] dbg: rules: running full tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled full tests >> 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled meta tests >> 11:09:53 [19482] dbg: check: running tests for priority: 500 >> 11:09:53 [19482] dbg: dns: harvest_dnsbl_queries >> 11:09:53 [19482] dbg: rules: running one_line_body tests; >> score so far=0 >> 11:09:53 [19482] dbg: rules: compiled one_line_body tests >> 11:09:53 [19482] dbg: rules: running head tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled head tests >> 11:09:53 [19482] dbg: rules: running body tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled body tests >> 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled uri tests >> 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled rawbody tests >> 11:09:53 [19482] dbg: rules: running full tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled full tests >> 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 >> 11:09:53 [19482] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC >> has undefined dependency 'VIRUS_WARNING_MYDOOM4' >> 11:09:53 [19482] dbg: rules: compiled meta tests >> 11:09:53 [19482] dbg: check: running tests for priority: 1001 >> 11:09:53 [19482] dbg: rules: running one_line_body tests; >> score so far=0 >> 11:09:53 [19482] dbg: rules: compiled one_line_body tests >> 11:09:53 [19482] dbg: rules: running head tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled head tests >> 11:09:53 [19482] dbg: SAGrey: message score does not indicate >> spam ... >> ignoring >> 11:09:53 [19482] dbg: rules: running body tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled body tests >> 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled uri tests >> 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled rawbody tests >> 11:09:53 [19482] dbg: rules: running full tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled full tests >> 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 >> 11:09:53 [19482] dbg: rules: compiled meta tests >> 11:09:53 [19482] dbg: check: is spam? score=0 required=5.5 >> 11:09:53 [19482] dbg: check: tests= >> 11:09:53 [19482] dbg: check: subtests= >> 11:09:53 Building a message batch to scan... >> >> I have temporarily removed KAM.cf and noticed that, when >> enabled, Botnet.cf is the only test in "tests=" . However, I >> have removed that plugin temporarily as well. >> >> >> Regards, >> >> Steffan >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- No part of this message can be made available on any web page, message board or newsgroup without the permission of the sender. From henker at evendi.de Fri Jun 27 15:31:22 2008 From: henker at evendi.de (Steffan Henke) Date: Fri Jun 27 15:31:37 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <4864E710.1070102@sendit.nodak.edu> References: <4864E710.1070102@sendit.nodak.edu> Message-ID: On Fri, 27 Jun 2008, Richard Frovarp wrote: > Did you run sa-update? You're now having issue with 3.2.4 as well? Did you > switch back after having 3.2.5 problems? Richard, yes to all three questions ! Basically, what I did was upgrade SA 3.2.4 to 3.2.5 - issues started, so I upgraded MS 4.67.6 to 4.70.7-1 - still issues. Downgraded SA to 3.2.4 - still issues. Downgraded MS to 4.67.6 - still issues. So I'm pretty stuck atm :( Regards, Steffan From henker at evendi.de Fri Jun 27 15:33:56 2008 From: henker at evendi.de (Steffan Henke) Date: Fri Jun 27 15:34:09 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <60D398EB2DB948409CA1F50D8AF1225703C83A58@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF1225703C83A58@exch1.dekalbmemorial.local> Message-ID: On Fri, 27 Jun 2008, Aaron K. Moore wrote: > Have you checked file permissions for SpamAssassin for the user that > MailScanner is running as? Aaron, yes, I have checked the permissions of the working dirs as well as of the quarantine dirs - everything looks good as far as I can see... Regards, Steffan From gordon at itnt.co.za Fri Jun 27 16:26:47 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Fri Jun 27 16:27:17 2008 Subject: Problems with certain mails being handled by mailscanner - mails just disappear Message-ID: <624BEEF973FF4380AF5E7A04E69C0571@gordon> ITNT BannerWhat is the command I can run to scan an email on my server to try and work out why my mailscanner is not handling certain mails with attachments? i.e. MailScanner --debug --lint < test.eml I have 4 servers, 3 of which get emails which just disappear. There is no specific file type or filename that causes this, ,mailscanner just seems to wither not handle the emails or they just disappear so I want to try and do a scan of an email to see if I can pick up what the problem is by looking at the output. Thanks Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn Confidentiality: This e-mail including any attachments is intended for the above named addressee(s) only and contains confidential information. If you have received this email in error you must take no action based on its contents, nor must you reproduce or show the e-mail or any attachments or any part thereof or communicate the contents to anyone; please reply to the sender of this e-mail informing them of the error. Viruses: We recommend that in keeping with good computing practice the recipient should ensure that e-mails received are virus free before opening. From edward.prendergast at netring.co.uk Fri Jun 27 16:55:06 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Fri Jun 27 16:55:18 2008 Subject: Problems with certain mails being handled by mailscanner - mails just disappear In-Reply-To: <624BEEF973FF4380AF5E7A04E69C0571@gordon> References: <624BEEF973FF4380AF5E7A04E69C0571@gordon> Message-ID: <48650D5A.1020005@netring.co.uk> Gordon Colyn wrote: > ITNT BannerWhat is the command I can run to scan an email on my server to > try and work out why my mailscanner is not handling certain mails with > attachments? > > i.e. MailScanner --debug --lint < test.eml > > I have 4 servers, 3 of which get emails which just disappear. There is no > specific file type or filename that causes this, ,mailscanner just seems to > wither not handle the emails or they just disappear so I want to try and do > a scan of an email to see if I can pick up what the problem is by looking at > the output. > What MTA, version of MailScanner? If you try running MailScanner in debug mode (stop MailScanner, start a single process by running MailScanner --debug) you may see more verbose errors. Anything strange in the log? -Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From ms-list at alexb.ch Fri Jun 27 16:58:31 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jun 27 16:58:45 2008 Subject: Openrbl.org is back Message-ID: <48650E27.3050801@alexb.ch> Subject says it all http://openrbl.org/client/ have a good weekend Alex From alex at rtpty.com Fri Jun 27 17:05:42 2008 From: alex at rtpty.com (Alex Neuman) Date: Fri Jun 27 17:05:57 2008 Subject: Openrbl.org is back In-Reply-To: <48650E27.3050801@alexb.ch> References: <48650E27.3050801@alexb.ch> Message-ID: Woohoo! ... I think :-S On Jun 27, 2008, at 10:58 AM, Alex Broens wrote: > Subject says it all > > http://openrbl.org/client/ > > have a good weekend > > Alex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gordon at itnt.co.za Fri Jun 27 18:39:39 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Fri Jun 27 18:40:00 2008 Subject: Problems with certain mails being handled by mailscanner - mails just disappear References: <624BEEF973FF4380AF5E7A04E69C0571@gordon> <48650D5A.1020005@netring.co.uk> Message-ID: Have the following; Mailscanner 4.70.7, sendmail 8.14.1, spamassassin 3.2.5, clamd 0.93 All i see in the logs is the mail gets to my server but then nothing after that.... sendmail[4616]: m5RB5Dp4004616: from=, size=507197, class=0, nrcpts=2, proto=ESMTP, daemon=MTA, relay=secure11.ia-dns.com [72.9.151.158] mail just disappears.... I have an example of the mail which has 2 .mht files inside a zip file. If i email it to myself then it just disappears. I have saved it on the server and want to run mailscanner against manually it to try and figure out why it is just disappearing. ----- Original Message ----- From: "Edward Prendergast" To: "MailScanner discussion" Sent: Friday, June 27, 2008 5:55 PM Subject: Re: Problems with certain mails being handled by mailscanner - mails just disappear Gordon Colyn wrote: > ITNT BannerWhat is the command I can run to scan an email on my server to > try and work out why my mailscanner is not handling certain mails with > attachments? > > i.e. MailScanner --debug --lint < test.eml > > I have 4 servers, 3 of which get emails which just disappear. There is no > specific file type or filename that causes this, ,mailscanner just seems > to > wither not handle the emails or they just disappear so I want to try and > do > a scan of an email to see if I can pick up what the problem is by looking > at > the output. > What MTA, version of MailScanner? If you try running MailScanner in debug mode (stop MailScanner, start a single process by running MailScanner --debug) you may see more verbose errors. Anything strange in the log? -Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Fri Jun 27 18:45:29 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 27 18:45:40 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: <4864E710.1070102@sendit.nodak.edu> Message-ID: <48652739.9060903@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steffan Henke wrote: | On Fri, 27 Jun 2008, Richard Frovarp wrote: | |> Did you run sa-update? You're now having issue with 3.2.4 as well? Did |> you switch back after having 3.2.5 problems? | | Richard, | | yes to all three questions ! Basically, what I did was | | upgrade SA 3.2.4 to 3.2.5 - issues started, so I upgraded | MS 4.67.6 to 4.70.7-1 - still issues. | Downgraded SA to 3.2.4 - still issues. | Downgraded MS to 4.67.6 - still issues. | | So I'm pretty stuck atm :( My guess: You allready had a problem by the time you started to do the first upgrade. It seems you got most of the obvious things covered. So it is either a rather silly thing which is just too obvious to check. Or a rather complicated one that just waited for you to touch your configuration and mess us things. Did you upgrade anything else lately? Something not even perlish perhaps? The fact that I can still read the mailinglist means that one can even update SA to 3.2.5 without a lot of other updates as still held back on the perl updates for Centos 5. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIZSc0BvzDRVjxmYERAh1EAJ4swPgINjBnrTTLH9KMGTtpmEB/DQCgjt8H 2L9xyJapnAESqxnTtaTJRuY= =VfHT -----END PGP SIGNATURE----- From henker at evendi.de Fri Jun 27 19:09:53 2008 From: henker at evendi.de (Henker) Date: Fri Jun 27 19:10:07 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: <48652739.9060903@vanderkooij.org> References: <4864E710.1070102@sendit.nodak.edu> <48652739.9060903@vanderkooij.org> Message-ID: On Fri, 27 Jun 2008, Hugo van der Kooij wrote: > Did you upgrade anything else lately? Something not even perlish > perhaps? The fact that I can still read the mailinglist means that one > can even update SA to 3.2.5 without a lot of other updates as still held > back on the perl updates for Centos 5. Hugo, over the last two days, those are the latest rpms that got installed/upgraded: perl-Digest-SHA1-2.07-5 Fri 27 Jun 2008 12:43:17 PM perl-IO-Zlib-1.04-4.2.el4 Fri 27 Jun 2008 10:06:17 AM perl-Archive-Tar-1.30-1.el4 Fri 27 Jun 2008 10:06:17 AM mailscanner-4.67.6-1 Thu 26 Jun 2008 05:52:48 PM perl-IO-1.2301-1 Thu 26 Jun 2008 05:48:58 PM perl-TimeDate-1.16-3 Thu 26 Jun 2008 05:47:15 PM perl-MIME-Base64-3.07-1 Thu 26 Jun 2008 05:46:43 PM spamassassin-3.2.4-1 Thu 26 Jun 2008 04:36:16 PM perl-Mail-SpamAssassin-3.2.4-1 Thu 26 Jun 2008 04:36:16 PM perl-OLE-Storage_Lite-0.16-1 Thu 26 Jun 2008 03:49:38 PM I still have no clue what borked, apart from the fact that SA 3.2.5 didn't work... Regards, Steffan From jra at baylink.com Fri Jun 27 19:39:53 2008 From: jra at baylink.com (Jay R. Ashworth) Date: Fri Jun 27 19:40:06 2008 Subject: filename.rules.conf - .bmp Message-ID: <20080627183953.GK22330@cgi.jachomes.com> My boss has just nattered at me because he tried to send along to a third party a .bmp file sent to *him* by his attorney. Brushing aside for the moment all the obvious questions like "why would an attorney be sending out a .bmp file?", we're left with "if MailScanner is intercepting this filetype on the way *out* of our mail system, why isn't it intercepting it on the way *in*, too?" Is that really direction sensitive? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) From ssilva at sgvwater.com Fri Jun 27 19:45:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 19:46:15 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> Message-ID: <> > Of course this will depend on how you originally installed the perl > modules in conflict. If you installed them via CPAN or from source RPMs, > then the rpm --force _could_ downgrade packages from another source. > As long as you installed them originally from rpmforge, then forcing > the rpmforge packages is safe. > > BTW, RHEL servers are going to get their perl modules from RHN and not > from rpmforge. You need to use rpmforge very carefully with a RHEL > server using RHN and you really need to know what you are doing > with package management and repo priorities (rpmforge and others are > always lower than RHN) or you can end up with many conflicts. > So the package management on RHEL will not be the same as > CentOS with respect to rpmforge and other repos that overlap > packages with the RHN. > > I know the MailScanner RPM install needs to be generic enough for multiple > RPM-based distros, but it would be nice if the installer could somehow > detect if a package is available from a repo and use that rather than having > to force a compile of perl modules from a source RPM. I think the source of > all these conflicts comes from the MailScanner install.sh is forcing > some perl > packages that exist in repos. > I think that Hugo V. was experimenting with setting up a repo for mailscanner with a dummy package that had all the requires, but I haven't heard any more about it. It worked pretty well until rpmforge released an incompatible perl module. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080627/dca8af23/signature.bin From hvdkooij at vanderkooij.org Fri Jun 27 20:38:24 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 27 20:38:33 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> Message-ID: <486541B0.30200@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: | I think that Hugo V. was experimenting with setting up a repo for | mailscanner with a dummy package that had all the requires, but I | haven't heard any more about it. | It worked pretty well until rpmforge released an incompatible perl module. The surname is definitly not V. Alphabetically my surname starts with a K. Once this whole moving business is done and everything is more or less in place again I will see if I can setup a more up-to-date repo. Perhaps even manage to keep it up-to-date. Hugo van der Kooij. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIZUGuBvzDRVjxmYERAp45AKCVyOg2zeeGMUdc3je8xAcFMPPqhwCgrlEQ wXaz2flQVfp757JbTHKmyvU= =PcLT -----END PGP SIGNATURE----- From Kevin_Miller at ci.juneau.ak.us Fri Jun 27 21:27:34 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 27 21:27:53 2008 Subject: filename.rules.conf - .bmp In-Reply-To: <20080627183953.GK22330@cgi.jachomes.com> References: <20080627183953.GK22330@cgi.jachomes.com> Message-ID: Jay R. Ashworth wrote: > My boss has just nattered at me because he tried to send along to a > third party a .bmp file sent to *him* by his attorney. > > Brushing aside for the moment all the obvious questions like "why > would > an attorney be sending out a .bmp file?", we're left with "if > MailScanner is intercepting this filetype on the way *out* of our > mail system, why isn't it intercepting it on the way *in*, too?" > > Is that really direction sensitive? I don't think it normally cares, but you can configure direction specific rule sets. Maybe your predecessor got it backwards or whitelisted it for inbound? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Fri Jun 27 21:45:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 27 21:46:16 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: on 6-27-2008 2:16 AM Steffan Henke spake the following: > On Fri, 27 Jun 2008, Martin.Hepworth wrote: > >> Steffan >> >> Run mailscaner in debug mode and see what's going on... >> >> MailScanner -debug -debug-sa >> >> How did you install spamassassin??? RPM? Jules's handy installer, CPAN?? > > Martin, > > I've built SA using rpmbuild -tb Mail-SpamAssassin-3.2.4.tar.gz and > installed the two rpms after that - that way has worked for ages. > The whole debug output: > > In Debugging mode, not forking... > > ************************************************************************ > In MailScanner.conf, your "%org-name%" or "Mail Header" setting > contains spaces and/or other illegal characters. > > Including any spaces will break all your mail system (but do not worry, > MailScanner will fix this for you on the fly). > > Otherwise, it should only contain characters from the set a-z, A-Z, > 0-9, "-" and "_". While theoretically some other characters are allowed, > some commercial mail systems fail to handle them correctly. > > This is clearly noted in the MailScanner.conf file, immediately above > the %org-name% setting. Please read the documentation! > ************************************************************************ > > Trying to setlogsock(unix) > 11:09:52 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > 11:09:53 [19482] dbg: logger: adding facilities: all > 11:09:53 [19482] dbg: logger: logging level is DBG > 11:09:53 [19482] dbg: generic: SpamAssassin version 3.2.4 > 11:09:53 [19482] dbg: config: score set 0 chosen. > 11:09:53 [19482] dbg: util: running in taint mode? no > 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes > 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 > 11:09:53 [19482] dbg: ignore: test message to precompile patterns and > load modules > 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" for site > rules pre files > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/init.pre > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v310.pre > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v312.pre > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/v320.pre > 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" for sys > rules pre files > 11:09:53 [19482] dbg: config: using "/usr/share/spamassassin" for > default rules dir > 11:09:53 [19482] dbg: config: read file > /usr/share/spamassassin/72_removed.cf > 11:09:53 [19482] dbg: config: using "/etc/mail/spamassassin" for site > rules dir > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/bogus-virus-warnings.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/custom.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/kauftipp.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/local.cf > 11:09:53 [19482] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/pdfinfo.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/popcorn.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/sagrey.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/stocks.cf > 11:09:53 [19482] dbg: config: read file /etc/mail/spamassassin/weeds.cf > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Hashcash from @INC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF > from @INC > 11:09:53 [19482] dbg: config: fixed relative path: > /etc/mail/spamassassin/PDFInfo.pm > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::PDFInfo from /etc/mail/spamassassin/PDFInfo.pm > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC > from @INC > 11:09:53 [19482] dbg: dcc: network tests on, registering DCC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 > from @INC > 11:09:53 [19482] dbg: razor2: razor2 is available, version 2.84 > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop from @INC > 11:09:53 [19482] dbg: reporter: network tests on, attempting SpamCop > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM > from @INC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDetail from @INC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::BodyEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::DNSEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HeaderEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WLBLEval from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::VBounce from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Rule2XSBody from @INC > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::ASN > from @INC > 11:09:53 [19482] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ImageInfo from @INC > 11:09:53 [19482] dbg: config: fixed relative path: > /etc/mail/spamassassin/sagrey.pm > 11:09:53 [19482] dbg: plugin: loading Mail::SpamAssassin::Plugin::SAGrey > from /etc/mail/spamassassin/sagrey.pm > 11:09:53 [19482] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: > BROKEN_RATWARE_BOM DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE > FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND > STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN > URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL > URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 > XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING > 11:09:53 [19482] dbg: rules: VIRUS_WARNING123 merged duplicates: > VIRUS_WARNING37 > 11:09:53 [19482] dbg: rules: VIRUS_WARNING103 merged duplicates: > VIRUS_WARNING52 > 11:09:53 [19482] dbg: conf: finish parsing > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb3813f4) implements > 'finish_parsing_end', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements > 'finish_parsing_end', priority 0 > 11:09:53 [19482] dbg: replacetags: replacing tags > 11:09:53 [19482] dbg: replacetags: done replacing tags > 11:09:53 [19482] dbg: zoom: loading compiled ruleset from > /var/lib/compiled/3.002004 > 11:09:53 [19482] dbg: zoom: no compiled ruleset found for > Mail::SpamAssassin::CompiledRegexps::body_0 > 11:09:53 [19482] dbg: bayes: using username: root > 11:09:53 [19482] dbg: bayes: database connection established > 11:09:53 [19482] dbg: bayes: found bayes db version 3 > 11:09:53 [19482] dbg: bayes: Using userid: 2 > 11:09:53 [19482] dbg: config: score set 3 chosen. > 11:09:53 [19482] dbg: message: main message type: text/plain > 11:09:53 [19482] dbg: message: ---- MIME PARSER START ---- > 11:09:53 [19482] dbg: message: parsing normal part > 11:09:53 [19482] dbg: message: ---- MIME PARSER END ---- > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::DNSEval=HASH(0xb9ac10c) implements > 'check_start', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements > 'check_start', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Check=HASH(0xb372e68) implements > 'check_main', priority 0 > 11:09:53 [19482] dbg: conf: trusted_networks are not configured; it is > recommended that you configure trusted_networks manually > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Trusted: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Untrusted: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-Internal: > 11:09:53 [19482] dbg: metadata: X-Spam-Relays-External: > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) implements > 'extract_metadata', priority 0 > 11:09:53 [19482] dbg: metadata: X-Relay-Countries: > 11:09:53 [19482] dbg: message: no encoding detected > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb050b6c) implements > 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb34da88) implements > 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::ASN=HASH(0xb373030) implements > 'parsed_metadata', priority 0 > 11:09:53 [19482] dbg: dns: is Net::DNS::Resolver available? yes > 11:09:53 [19482] dbg: dns: Net::DNS version: 0.63 > 11:09:53 [19482] dbg: dns: name server: 127.0.0.1, LocalAddr: 0.0.0.0 > 11:09:53 [19482] dbg: dns: dns_available set to yes in config file, > skipping test > 11:09:53 [19482] dbg: uridnsbl: domains to query: > 11:09:53 [19482] dbg: asn: no asn_lookup configured, skipping ASN lookups > 11:09:53 [19482] dbg: check: running tests for priority: 0 > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements > 'check_rules_at_priority', priority 0 > 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: plugin: > Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0xb372fe8) implements > 'run_body_fast_scan', priority 0 > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: running tests for priority: 500 > 11:09:53 [19482] dbg: dns: harvest_dnsbl_queries > 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has > undefined dependency 'VIRUS_WARNING_MYDOOM4' > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: running tests for priority: 1001 > 11:09:53 [19482] dbg: rules: running one_line_body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled one_line_body tests > 11:09:53 [19482] dbg: rules: running head tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled head tests > 11:09:53 [19482] dbg: SAGrey: message score does not indicate spam ... > ignoring > 11:09:53 [19482] dbg: rules: running body tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled body tests > 11:09:53 [19482] dbg: rules: running uri tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled uri tests > 11:09:53 [19482] dbg: rules: running rawbody tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled rawbody tests > 11:09:53 [19482] dbg: rules: running full tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled full tests > 11:09:53 [19482] dbg: rules: running meta tests; score so far=0 > 11:09:53 [19482] dbg: rules: compiled meta tests > 11:09:53 [19482] dbg: check: is spam? score=0 required=5.5 > 11:09:53 [19482] dbg: check: tests= > 11:09:53 [19482] dbg: check: subtests= > 11:09:53 Building a message batch to scan... > > I have temporarily removed KAM.cf and noticed that, when enabled, > Botnet.cf is the only test in "tests=" . However, I have removed that > plugin temporarily as well. > > > Regards, > > Steffan > > I wonder if there is some difference in the included rpm.spec file that caused the 3.24 and 3.25 spamassassin to build with different paths for files? If you are going to build rpms from tarballs, it is better to stick with one known spec file and only modify the path to the tarball. It can eliminate some hard to track down problems. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080627/ed061255/signature.bin From henker at evendi.de Fri Jun 27 22:03:37 2008 From: henker at evendi.de (Henker) Date: Fri Jun 27 22:03:48 2008 Subject: SpamAssassin 3.2.5 woes In-Reply-To: References: Message-ID: On Fri, 27 Jun 2008, Scott Silva wrote: > I wonder if there is some difference in the included rpm.spec file that > caused the 3.24 and 3.25 spamassassin to build with different paths for > files? Scott, I have a second system with an equal setup and once I noticed SA 3.2.5 did not work, I downgraded 3.2.4 w/o messing with MS at all. That system is working again as before so I guess something must have gone wrong during the up- and downgrade of MS :( Regards, Steffan From MailScanner at ecs.soton.ac.uk Sat Jun 28 12:07:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 28 12:07:52 2008 Subject: Health update In-Reply-To: References: <4852BC3D.3050802@ecs.soton.ac.uk> <200806132114.m5DLE4gQ018541@mxt.1bigthink.com> <223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com> <48625894.9020703@utwente.nl> Message-ID: <48661B72.3030207@ecs.soton.ac.uk> Scott Silva wrote: > on 6-25-2008 7:39 AM Peter Peters spake the following: >> Glenn Steen wrote on 13-6-2008 23:20: >> >>> Same here... Well. Haven't donated any organs (yet), and some of them >>> are really shoddy... But I do carry my donor card with me at all >>> times... Who knows when time is up?! >> >> My girlfriend does not feel to good about the idea of them cutting into >> me after I am dead. I am still trying to convince her. > > What is she going to do? Have you freeze-dried and prop you up in the > corner? > > Tell her that it is a way for a part of you to live on after your gone. > >> >> At the meantime I donate blood every 3 to 4 months and will start >> donating blood plasm in a short while. > > I had to stop for a while as my blood pressure is too high for their > liking, but not high enough for the doctor to put me on meds. But here > is my donor card, and since I will most likely be cremated, my wife > doesn't have a problem with it. I don't know if anyone here understands blood pressure figures, but here's a couple to make you laugh. I normally have very low blood pressure, and have to live on beta-blockers as well, which lower it further. Up and walking around the house, some paramedics once measured me (and checked it as they didn't believe it) at 64/45. The last time I had an endoscopy, it dropped to 65/39. That had them a little worried, to put it mildly, but I had warned them in advance that this does tend to happen. I've now had 31 endoscopies, and I know exactly how my body reacts to them, i.e. not kindly :-) At 64/45 most people are deeply unconscious, and will stand a good chance of not surviving. Bodies eh?! :-) >> >> And Julian, I wish you the best of luck. >> Thank you so much, to all of you! You guys really make a difference. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 28 12:59:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 28 13:00:10 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> Message-ID: <486627B7.3020300@ecs.soton.ac.uk> Hugo van der Kooij wrote: > Once this whole moving business is done and everything is more or less > in place again I will see if I can setup a more up-to-date repo. Perhaps > even manage to keep it up-to-date. Are you interested in me hosting a VM for you to put it on? Or maybe my good friends in Ireland would be willing to set up a second login account for you and host it there with most of the others? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy at snowkitty.org Sat Jun 28 13:07:54 2008 From: andy at snowkitty.org (Andy Peterson) Date: Sat Jun 28 13:08:21 2008 Subject: Spamassassin autolearn? In-Reply-To: <486627B7.3020300@ecs.soton.ac.uk> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> <486627B7.3020300@ecs.soton.ac.uk> Message-ID: <4866299A.80800@snowkitty.org> Hi all. I've been running MailScanner for a few days now, and I must say that I'm very satisfied with it. It's running very smoothly for me, however, I've encountered one problem, and that's spamassassin's bayes autolearn isn't working. It appears that spamassassin is using only rules, even though bayes_auto_learn should be enabled (I've fed sa-learn with >200 spam and ham messages). Yet, it refuse to autolearn which force me to learn the tokens manually on every message, which is a bit of a pain. Anybody else who've run into the same kind of problem? Any solution for this? It's probably a simple configuration error from my part. / Andy -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x83619EDC.asc Type: application/pgp-keys Size: 1696 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080628/6ed9f75f/0x83619EDC.bin From hvdkooij at vanderkooij.org Sat Jun 28 14:17:23 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 28 14:17:33 2008 Subject: Can't install CentOS 5.2 update? In-Reply-To: <486627B7.3020300@ecs.soton.ac.uk> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> <486627B7.3020300@ecs.soton.ac.uk> Message-ID: <486639E3.30804@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | | | Hugo van der Kooij wrote: |> Once this whole moving business is done and everything is more or less |> in place again I will see if I can setup a more up-to-date repo. Perhaps |> even manage to keep it up-to-date. | Are you interested in me hosting a VM for you to put it on? Or maybe my | good friends in Ireland would be willing to set up a second login | account for you and host it there with most of the others? I have two system hosted myself. So that is not the issue. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIZjnhBvzDRVjxmYERAn0EAJ900N3Zxsb/lbDM2tzWwVt+aS7hRgCfTHsO StU+EE+i22QkRsA/DtgKI1s= =kOkZ -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Jun 28 14:20:45 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 28 14:20:54 2008 Subject: Spamassassin autolearn? In-Reply-To: <4866299A.80800@snowkitty.org> References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com> <486627B7.3020300@ecs.soton.ac.uk> <4866299A.80800@snowkitty.org> Message-ID: <48663AAD.2030908@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy Peterson wrote: | Hi all. | | I've been running MailScanner for a few days now, and I must say that | I'm very satisfied with it. It's running very smoothly for me, however, | I've encountered one problem, and that's spamassassin's bayes autolearn | isn't working. It appears that spamassassin is using only rules, even | though bayes_auto_learn should be enabled (I've fed sa-learn with >200 | spam and ham messages). Yet, it refuse to autolearn which force me to | learn the tokens manually on every message, which is a bit of a pain. How do you learn those messages exactly? And do you train the actual database that MS is using? Please read other threads about things to check with bayesian databases. ~ (I do hope you understand the concepts of threads in mailinglists.) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIZjqsBvzDRVjxmYERAlLSAJ99QohxqYM/3whJx5W0TF+e8299GwCdFfWz pAQ+FGq+0hQUpY4RdArrN5E= =zxRd -----END PGP SIGNATURE----- From marc at marcsnet.com Sat Jun 28 14:41:55 2008 From: marc at marcsnet.com (Marc Lucke) Date: Sat Jun 28 14:42:34 2008 Subject: BAYES_99 Message-ID: <48663FA3.2070508@marcsnet.com> Is scoring 3.50 when I've instructed 5.0 in my /etc/MailScanner/spam.assassin.prefs.conf file. Before I completely rebuilt MailScanner & used the clamav/spamassasin package on the mailscanner.info site, spamassassin couldn't be coaxed into using bayesian filtering at all. I would expect this behavior if I didn't have a spam.assassin.prefs.conf file in the right place. Frustrating. From hvdkooij at vanderkooij.org Sat Jun 28 15:19:27 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 28 15:19:36 2008 Subject: Simple suggestion to fix the IO conflict Message-ID: <4866486F.8040209@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jules, Here is a silly idea to prevent one to use the aweful --force option to bypass: Transaction Check Error: ~ file /usr/share/man/man3/IO.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Dir.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::File.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Handle.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Pipe.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Poll.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Seekable.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Select.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Socket.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Socket::INET.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf ~ file /usr/share/man/man3/IO::Socket::UNIX.3pm.gz from install of perl-5.8.8-10.el5_2.3 conflicts with file from package perl-IO-1.2301-1.el5.rf Why not exclude these manual pages from the package or install them in a subpackage instead? That would take care of the conflict and not --force every yum user to do the wrong thing over and over again. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIZkhtBvzDRVjxmYERAuUeAKCY03l3MDgOohaB7AV8p8W+i0MZnwCeOhOV 2UDrsIdXwN7NnedQ6Vx6Jfo= =ENBy -----END PGP SIGNATURE----- From lists at designmedia.com Sun Jun 29 06:58:43 2008 From: lists at designmedia.com (Henry Kwan) Date: Sun Jun 29 06:59:00 2008 Subject: BAYES_99 References: <48663FA3.2070508@marcsnet.com> Message-ID: Marc Lucke marcsnet.com> writes: > > Is scoring 3.50 when I've instructed 5.0 in my > /etc/MailScanner/spam.assassin.prefs.conf file. > Perhaps there's a typo somewhere? I had that problem with some of my scoring mods and didn't realize it until I ran a --lint -D and dug through the output. From gordon at itnt.co.za Sun Jun 29 16:07:49 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Sun Jun 29 16:08:34 2008 Subject: Problems with certain mails being handled by mailscanner -mails just disappear References: <624BEEF973FF4380AF5E7A04E69C0571@gordon><48650D5A.1020005@netring.co.uk> Message-ID: <93044C7D89BA44F9A376D9C30AF30019@gordon> I have rolled back to version 4.63.8 and no longer have this problem. It is related somehow to the latest version. Gordon ----- Original Message ----- From: "Gordon Colyn" To: "MailScanner discussion" Sent: Friday, June 27, 2008 7:39 PM Subject: Re: Problems with certain mails being handled by mailscanner -mails just disappear Have the following; Mailscanner 4.70.7, sendmail 8.14.1, spamassassin 3.2.5, clamd 0.93 All i see in the logs is the mail gets to my server but then nothing after that.... sendmail[4616]: m5RB5Dp4004616: from=, size=507197, class=0, nrcpts=2, proto=ESMTP, daemon=MTA, relay=secure11.ia-dns.com [72.9.151.158] mail just disappears.... I have an example of the mail which has 2 .mht files inside a zip file. If i email it to myself then it just disappears. I have saved it on the server and want to run mailscanner against manually it to try and figure out why it is just disappearing. ----- Original Message ----- From: "Edward Prendergast" To: "MailScanner discussion" Sent: Friday, June 27, 2008 5:55 PM Subject: Re: Problems with certain mails being handled by mailscanner - mails just disappear Gordon Colyn wrote: > ITNT BannerWhat is the command I can run to scan an email on my server to > try and work out why my mailscanner is not handling certain mails with > attachments? > > i.e. MailScanner --debug --lint < test.eml > > I have 4 servers, 3 of which get emails which just disappear. There is no > specific file type or filename that causes this, ,mailscanner just seems > to > wither not handle the emails or they just disappear so I want to try and > do > a scan of an email to see if I can pick up what the problem is by looking > at > the output. > What MTA, version of MailScanner? If you try running MailScanner in debug mode (stop MailScanner, start a single process by running MailScanner --debug) you may see more verbose errors. Anything strange in the log? -Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Mon Jun 30 08:07:19 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jun 30 08:07:30 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! Message-ID: <48688627.3080900@alexb.ch> On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum upgrade" MailScanner refused to start due to **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! a "cpan upgrade IO" fixed it BUT as others have stated, if we start seeing frequent module version issues, Julian's "easy & safe" package becomes questionable. comments? Alex From hvdkooij at vanderkooij.org Mon Jun 30 08:35:44 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 30 08:35:53 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: <48688627.3080900@alexb.ch> References: <48688627.3080900@alexb.ch> Message-ID: <48688CD0.4000808@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: | On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum | upgrade" MailScanner refused to start due to | | **** ERROR: You must upgrade your perl IO module to at least | **** ERROR: version 1.2301 or MailScanner will not work! | | a "cpan upgrade IO" fixed it BUT as others have stated, if we start | seeing frequent module version issues, Julian's "easy & safe" package | becomes questionable. The issue has been the topic of multiple threads. But Julian provides a more up-to-date perl-IO package. It just needs a bit of work to resolve conflicts with perl itself. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIaIzPBvzDRVjxmYERAq1BAKC4+uHzGkHVOiluyVkCrovRSUIbFACfZ7AM n3hxndM1nec1YIIaDSBGWBg= =su6R -----END PGP SIGNATURE----- From ms-list at alexb.ch Mon Jun 30 08:56:54 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jun 30 08:57:09 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: <48688CD0.4000808@vanderkooij.org> References: <48688627.3080900@alexb.ch> <48688CD0.4000808@vanderkooij.org> Message-ID: <486891C6.9090409@alexb.ch> On 6/30/2008 9:35 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Broens wrote: > | On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum > | upgrade" MailScanner refused to start due to > | > | **** ERROR: You must upgrade your perl IO module to at least > | **** ERROR: version 1.2301 or MailScanner will not work! > | > | a "cpan upgrade IO" fixed it BUT as others have stated, if we start > | seeing frequent module version issues, Julian's "easy & safe" package > | becomes questionable. > > The issue has been the topic of multiple threads. But Julian provides a > more up-to-date perl-IO package. It just needs a bit of work to resolve > conflicts with perl itself. Yep - was following that Centos 5.2 thread, but hadn't read it also affected Centos 4.x. Its the "more up-to-date" thing that is scary. IMO, if its a crrticial requirement, it should be installed in/under MS' own path and code should point "require" to that path. Other software apps do that and it works well. If not a version critical requirement, why replace it in the first place? Alex From uxbod at splatnix.net Mon Jun 30 09:37:27 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jun 30 09:37:46 2008 Subject: CentOS 5.2 Upgrade Message-ID: <18465431.81214815047138.JavaMail.root@office.splatnix.net> All went pretty smoothly. I upgrade MS @ the same time and the only things I need to fix were IO and perform a force install from CPAN on Scalar::Util as I got the XS error again. Apart from that all good :) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joost at waversveld.nl Mon Jun 30 12:47:34 2008 From: joost at waversveld.nl (Joost Waversveld) Date: Mon Jun 30 12:47:47 2008 Subject: Health update In-Reply-To: <4852BC3D.3050802@ecs.soton.ac.uk> References: <4852BC3D.3050802@ecs.soton.ac.uk> Message-ID: <4868C7D6.7060603@waversveld.nl> Maybe a little late, but better late then never.... Wish you all the best... Take your time to recover well... Joost waversveld Julian Field wrote: > Folks, > > Just wanted to let you know that, as soon as I send back the consent > forms, I am officially on the waiting list for a liver transplant. > No holidays or anything now until I get my call... > > Fortunately, I have grown a new vein in the last few months that means > I will just need a new liver and not a small bowel as well, which > significantly improves my survival chances. This is very good news :-) > > Wish me luck! > > Jules > From alex at rtpty.com Mon Jun 30 12:20:47 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jun 30 12:53:04 2008 Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!! In-Reply-To: <48688CD0.4000808@vanderkooij.org> References: <48688627.3080900@alexb.ch> <48688CD0.4000808@vanderkooij.org> Message-ID: What's the general experience with, say, RPMPAN? Sent from my iPhone On Jun 30, 2008, at 2:35 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Broens wrote: > | On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum > | upgrade" MailScanner refused to start due to > | > | **** ERROR: You must upgrade your perl IO module to at least > | **** ERROR: version 1.2301 or MailScanner will not work! > | > | a "cpan upgrade IO" fixed it BUT as others have stated, if we start > | seeing frequent module version issues, Julian's "easy & safe" > package > | becomes questionable. > > The issue has been the topic of multiple threads. But Julian > provides a > more up-to-date perl-IO package. It just needs a bit of work to > resolve > conflicts with perl itself. > > Hugo. > > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIaIzPBvzDRVjxmYERAq1BAKC4+uHzGkHVOiluyVkCrovRSUIbFACfZ7AM > n3hxndM1nec1YIIaDSBGWBg= > =su6R > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jonas at vrt.dk Mon Jun 30 13:44:45 2008 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Jun 30 13:45:00 2008 Subject: Question about white and blacklisting in Mailscanner Message-ID: <000e01c8daaf$1337b8d0$39a72a70$@dk> Hi all (Jules) For some time i have been wondering if what I want to do is possible with MailScanner. I use the mailwatch database for white and blacklisting. For those not using mailwatch this means I set Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Which makes mailscanner do a lookup to check if a mail is white or blacklisted. Now what has always wondered me is why both white and blacklisted mail are STILL processed through spamassin regardless of their status. My logic is: If something is blacklisted I do not want to waste resources on scanning it, since it won't be delivered anyway. The reverse can be true for some locations I guess, ie. Not wanting to scan white listed mails. At the very least I think it would make sense to make it an option, so those with plenty of resources to spare can keep stats etc accurate by still scanning the mails. So my question is: Can I make mailscanner 4.70.7-1 do this, or is it not possible do save cpu/ram/network in this way with the current code? I guess maybe Jules is the best to answer, but I'm sure somebody else might know as well. Best regards Jonas A. Larsen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080630/3da8bdbd/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 30 14:40:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 30 14:40:34 2008 Subject: Signature being attached to all html email? In-Reply-To: References: Message-ID: <4868E23F.40708@ecs.soton.ac.uk> Jason Ede wrote: > > I?ve setup the inline image in signatures, but noticed that it seems > to be attaching the image file to all html format emails and not just > the ones configured with an image in the signature. > Yes, it doesn't parse the HTML to try to work out if you actually used the image or not. > > Is this expected behaviour? If so I guess solution is just to use > rulesets on image filename and on the attach option? > Yes, and yes. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 30 16:03:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 30 16:03:48 2008 Subject: Problems with certain mails being handled by mailscanner - mails just disappear In-Reply-To: References: Message-ID: <4868F5C2.4050300@ecs.soton.ac.uk> Gordon Colyn wrote: > ITNT BannerWhat is the command I can run to scan an email on my server to > try and work out why my mailscanner is not handling certain mails with > attachments? > > i.e. MailScanner --debug --lint < test.eml > You can't do that, but if you can get the message in your MTA's queue file format then you can tell MailScanner to just scan a particular message id in a particular queue directory, with all the debug output switched on, and it will do that. Run MailScanner --help to see all the delightful command-line switches you have available. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maggih at mmedia.is Mon Jun 30 17:18:29 2008 From: maggih at mmedia.is (Magnus Axelsson) Date: Mon Jun 30 17:21:02 2008 Subject: alternate quarantine message Message-ID: <009701c8dacc$f640bb00$05289b0a@ITNET.IS> Hi all. I wonder if someone could tell me if the following is indeed possible. I run a mail server which relays outgoing mail from a few hundred different domains through two mailscanner machines. Spam is eliminated if it get's spam score over 7.0, all confirmed virus messages are deleted, and "suspicious" files are quarantined and the recipient gets a message saying something like "the attachement was quarantined by X company's virus filtering. Please call xxxx or send mail to xxx@company.com...." etcetera. now, the company recently merged with another ISP, whose customer base is not supposed to be acutely aware of the merger, they are in effect still customers of the former company which is still a seperate company in name. their outgoing mailservers are to be merged with our servers, and thus their mail to be routed the same way through the same mailscanner machines. the problem I have is that if their outgoing attachments are filtered, the recipient is NOT supposed to get a quarantine message from MY company. However the requirement is that we use the same outgoing mailscanners. The former scanners for that company did not send any reports at all, and those machines are to be outmoded. personally I wanted a seperate machine for this purpose, but administratively I'm not being allowed this option. So I wonder, can Mailscanner be tweaked so as to issue a different quarantine message to recipient depending on the sender's domain? sincerely Magn?s H?kon Axelsson Reykjavik, Iceland -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080630/ad92c3ea/attachment.html From alex at rtpty.com Mon Jun 30 17:52:48 2008 From: alex at rtpty.com (Alex Neuman) Date: Mon Jun 30 17:53:08 2008 Subject: alternate quarantine message In-Reply-To: <009701c8dacc$f640bb00$05289b0a@ITNET.IS> References: <009701c8dacc$f640bb00$05289b0a@ITNET.IS> Message-ID: I don't see why not. You should already be familiar with rulesets. Splitting destination addresses seems necessary in order to avoid messages to clients on both ISP A and B using the wrong rules. This would have to be done at the MTA. Sent from my iPhone On Jun 30, 2008, at 11:18 AM, "Magnus Axelsson" wrote: > > Hi all. > > I wonder if someone could tell me if the following is indeed possible. > > I run a mail server which relays outgoing mail from a few hundred > different domains through two mailscanner machines. Spam is > eliminated if it get's spam score over 7.0, all confirmed virus > messages are deleted, and "suspicious" files are quarantined and the > recipient gets a message saying something like "the attachement was > quarantined by X company's virus filtering. Please call xxxx or send > mail to xxx@company.com...." etcetera. > > now, the company recently merged with another ISP, whose customer > base is not supposed to be acutely aware of the merger, they are in > effect still customers of the former company which is still a > seperate company in name. their outgoing mailservers are to be > merged with our servers, and thus their mail to be routed the same > way through the same mailscanner machines. > > the problem I have is that if their outgoing attachments are > filtered, the recipient is NOT supposed to get a quarantine message > from MY company. However the requirement is that we use the same > outgoing mailscanners. The former scanners for that company did not > send any reports at all, and those machines are to be outmoded. > > personally I wanted a seperate machine for this purpose, but > administratively I'm not being allowed this option. > > So I wonder, can Mailscanner be tweaked so as to issue a different > quarantine message to recipient depending on the sender's domain? > > > > sincerely > Magn?s H?kon Axelsson > Reykjavik, Iceland > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080630/783f5a33/attachment.html From list-mailscanner at linguaphone.com Mon Jun 30 14:52:42 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Jun 30 22:27:44 2008 Subject: Question about white and blacklisting in Mailscanner In-Reply-To: <000e01c8daaf$1337b8d0$39a72a70$@dk> References: <000e01c8daaf$1337b8d0$39a72a70$@dk> Message-ID: <1214833961.7345.4.camel@gblades-suse.linguaphone-intranet.co.uk> I think the logical thing to do would be to use a customfunction (like SQLWhitelist is for example) which returns false if the whitelist or blacklist address match. This would require :- 1) A check to make sure the Is Definetly Spam check is made even if spam checking is disabled for that mail. 2) The mailwatch authors to add an additional customfunction which can be used to disable spamassassin checks of the address matches a whitelist or blacklist. On Mon, 2008-06-30 at 13:44, Jonas Akrouh Larsen wrote: > Hi all (Jules) > > > > For some time i have been wondering if what I want to do is possible > with MailScanner. > > > > I use the mailwatch database for white and blacklisting. > > > > For those not using mailwatch this means I set > > Is Definitely Not Spam = &SQLWhitelist > > Is Definitely Spam = &SQLBlacklist > > > > Which makes mailscanner do a lookup to check if a mail is white or > blacklisted. > > > > Now what has always wondered me is why both white and blacklisted mail > are STILL processed through spamassin regardless of their status. > > > > My logic is: If something is blacklisted I do not want to waste > resources on scanning it, since it won?t be delivered anyway. > > > > The reverse can be true for some locations I guess, ie. Not wanting to > scan white listed mails. > > > > At the very least I think it would make sense to make it an option, so > those with plenty of resources to spare can keep stats etc accurate by > still scanning the mails. > > > > > > So my question is: Can I make mailscanner 4.70.7-1 do this, or is it > not possible do save cpu/ram/network in this way with the current > code? > > > > I guess maybe Jules is the best to answer, but I?m sure somebody else > might know as well. > > > > Best regards > > Jonas A. Larsen > > > > > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mark at msapiro.net Mon Jun 30 22:40:22 2008 From: mark at msapiro.net (Mark Sapiro) Date: Mon Jun 30 22:40:33 2008 Subject: Message body lost when zip file quarrantined. Message-ID: MailScanner-4.70.7-1 I'm sorry if this is a well known issue or a FAQ. I tried googling the list archives and didn't see anything that seemed relevant. The issue is this: MailScanner is scanning a message with an attached .zip archive which contains a number of .bat and .bat.bak files, other files and even another zip archive which contains a single .bat file. Mailscanner detects all the .bat and .bat.bak files in the zip files, sends a notice appropriately, and delivers the message with the attachment removed. All well and good. The problems are: 1) not only the original .zip is quarantined, but so also are the individual .bat, .bat.bak and .zip files extracted from the original .zip (other files in the .zip with OK names are not). This is not a major issue, but makes looking in the quarantine difficult as one doesn't know what files were separately attached and what files were just in the .zip. 2) The more serious issue is the original message body is also removed from the delivered message, and it is not stored anywhere. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan